Yes, I just enabled it: protocol bgp { ... ipv4{ import keep fitlered; import limit 250 action restart; import filter filter_rpki; table t_0002_as2; } }
RPKI is working because if I check the syslog I find the invalid printed prefixes, but 'show route all filtered' doesn't show anything. Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka <maria.mate...@nic.cz> ha scritto: > And do you have > import keep filtered; > in your config? > Maria > > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote: > > Hi, > > In my route server bird.conf I did this: > > define FILTERED_RPKI_INVALID = (1,1101,13); > > > > filter filter_rpki{ > > if roa_check(..)=ROA_INVALID then > > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;} > > } > > > > But when I do 'show route all filtered' I get nothing, I also tried with > > 'show route bgp_large_community ~ [(1,1101,13)]' and I have the same > result. > > Because I would like to have some statistics about > > VALID/INVALID/UNKOWN prefixes and I saw that I could use the 'show route > > stats' command. > > > > Thanks, > > > > Fabiano > > > > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay > > <ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>> ha scritto: > > > > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote: > > > Thanks! > > > But can I also use birdc to check rejected prefixes? > > > > If you add a community, it will be visible with `show route all > > filtered` > > > > > Anyway why do you suggest to use bgp_path.last_noaggregated? > > > > Because you don’t want to check ROA against another ASN in the > > aggregated path. > > > > -- > > Alarig > > >