On Tue, Mar 27, 2007 at 10:21:35PM +0200, Thomas beta wrote:
> Hello everyone,
>
> I am testing some things with OpenBGPD and did run into following problem:
>
> Test setup:
> I have 3 cisco routers and 1 openbgp box.
>
> The scenario;
> - Cisco1 and Cisco2 are transit providers, Cisco3 is a customer transit
> customer
> - OpenBGP is the main router
> - There is a link between cisco3 and cisco2 (cisco3 is announces own
> network, cisco 2 everything),
>
> I did connect all cisco's to a interface on the openbgp box (AS65000).
> In the BGP config i made 1 group: transits.
> I will call the peer with the "customer" cisco3 (AS65001)
>
> What the setup should do:
> - cisco1 and cisco2 are announcing some routes to the openbgp box
> - the openbgp box announces a own /24
> - cisco3 is announcecing a /24, the openbgp box should reannounce this
> prefix
> - the openbgp box should send everything to the cisco3.
>
> Filters (on the openbgp box):
> - on all peers is a announce all
> - there is an incoming filter on the interface to the cisco3: deny
> from cisco3, allow from cisco3 prefix XX.XX.XX.XX/24
> - there is an outgoing filter on the group transits: deny to transits,
> allow to group transit prefix {OWN-PREFIX, CISCO3-PREFIX}
>
> Everything works OK, i see the re-announcement of the /24 from cisco3
> on the cisco1 and cisco2.
>
> Now, if the link between the openbgp box and cisco3 fails, i still
> will be announcing the /24 of cisco3 (i receive the prefix also from
> cisco2). I cannot put a prefix filter on the incoming from the
> transits, otherwise i will loose contact to the network of cisco3
> when the link is down.
>
> This could be solved with a outgoing AS filter (in cisco it looks
> like: ip as-path access-list 10 permit ^(65000_)*(65001_)+$ )
> I tried a lot of things with the filter syntax in openbgp but i was
> not able to create something that is working like that.
>
> Questions:
> - is this possible with openbgp?
> - can i make filters like: allow from cisco3 source-as 65001 and
> transit-as 65000? (is something like AND possible?)
>
Currently it is not possible to express filters with more then one AS
match. As usual I started with some code to fix this but I detest the
result. This is one of the three top things on my bgpd todolist so I hope
this problem will be solved in the not so far future.
--
:wq Claudio
