What is myas set to? Chris
On Mon, 22 Jan 2018, Piotr Marciniak wrote: > Hello Chris, > > Thank you for your config. Looks much better. Still I have know error... > > bird> conf check > Reading configuration from /etc/bird/bird.conf > /etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535) > > ...but not in main section of filter. It is only here now: > > #Remove IXP related communities > #(...) > bgp_community.delete([(myas,*)]); > > Only this one line. Once commented - no errors in filter reported. Is there > any fix for it? > > Rgrds, > > Peter > > -----Oryginalna wiadomość----- From: Chris Caputo > Sent: Monday, January 22, 2018 2:25 PM > To: Piotr Marciniak > Cc: [email protected] > Subject: Re: Community for small IX - problem with 4B ASN > > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work > > with other rouers? > > 2. Can we use instead private ASn just for community filters? Are they > > processed corretly by other Internet routers of our peers? > > 1. Yes. > > 2. I don't recommend it. > > To see the communities supported by the SIX route servers, refer to: > > https://www.seattleix.net/route-servers#communities > > Below is how we do it with bird 1.6.3. Not sure about 2.0+. > > I hope this helps and feedback from the community is welcome. > > Chris > > --- > > define myas = SET TO IXP ASN; > define peerPrepend1 = 65001; > define peerPrepend2 = 65002; > define peerPrepend3 = 65003; > > # BGP output filter (based on communities) > # Returning false means don't propagate route to peeras. > # Returning true means do propagate route to peeras. > function bgp_out_comm(int peeras) > { > if ! (source = RTS_BGP ) then return false; > > if (myas,0,peeras) ~ bgp_large_community then return false; > if (myas,1,peeras) ~ bgp_large_community then return true; > if (myas,0,0) ~ bgp_large_community then return false; > > if peeras > 65535 then > { > if (ro,0,peeras) ~ bgp_ext_community then return false; > if (ro,myas,peeras) ~ bgp_ext_community then return true; > if ((ro,0,myas) ~ bgp_ext_community) then return false; > } else { > if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) > then return false; > if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ > bgp_ext_community) then return true; > if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then > return false; > } > return true; > } > > function bgp_out(int peeras) > { > if !bgp_out_comm(peeras) then return false; > > # Prepends > if peeras > 65535 then > { > if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || > ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { > bgp_path.prepend(bgp_path.first); > } > if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || > ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > } > if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || > ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > } > } else { > if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) > ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) > then { > bgp_path.prepend(bgp_path.first); > } > if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) > ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) > then { > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > } > if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) > ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) > then { > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > bgp_path.prepend(bgp_path.first); > } > } > > # Remove IXP related communities > bgp_community.delete([(0,*)]); > bgp_community.delete([(myas,*)]); > bgp_community.delete([(peerPrepend1,*)]); > bgp_community.delete([(peerPrepend2,*)]); > bgp_community.delete([(peerPrepend3,*)]); > bgp_ext_community.delete([(ro,0,*)]); > bgp_ext_community.delete([(ro,myas,*)]); > bgp_ext_community.delete([(ro,peerPrepend1,*)]); > bgp_ext_community.delete([(ro,peerPrepend2,*)]); > bgp_ext_community.delete([(ro,peerPrepend2,*)]); > bgp_large_community.delete([(myas,*,*)]); > > return true; > } > > On Mon, 22 Jan 2018, Piotr Marciniak wrote: > > Dear Advisors ;], > > > > Thank you for all posts. But still I do not know how to make Bird working > > with > > 4B communities and if I may do this - whether it will be accepted for our > > peers? In short - I do not know how to adapt to 4B communities following > > examples: > > > > https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_multiple_RIBs > > https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_single_RIB > > > > Is there any way to enable 4B communities in bird.conf? > > > > I do not have any problem with 4B ASn. I set bgp peering sessions from Bird > > with 4B ASn. Even our IX has AS205082. > > > > This is why I put 2 questions: > > > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work > > with other rouers? > > 2. Can we use instead private ASn just for community filters? Are they > > processed corretly by other Internet routers of our peers? > > > > Please - do not explain me theoretical difference between 16 and 32 bits. > > Question is simple - can I use 4B communities for filters? If not - what > > 16bit > > "fake ASn" I can use instead safely? > > > > Best wishes, > > > > Piotr Marciniak > > > > > > -----Oryginalna wiadomość----- From: Paweł Nastachowski > > Sent: Monday, January 22, 2018 1:12 PM > > To: Piotr Marciniak > > Cc: [email protected] > > Subject: Re: Community for small IX - problem with 4B ASN > > > > Hi Piotr, > > > > I should use extended community for 4B ASN, because normal community is too > > small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”. > > > > Regards, > > Pawel > > > > -----Wiadomość oryginalna----- > > Od: Bird-users <[email protected]> w imieniu użytkownika Piotr > > Marciniak <[email protected]> > > Data: poniedziałek, 22 stycznia 2018 11:15 > > Do: "[email protected]" <[email protected]> > > Temat: Community for small IX - problem with 4B ASN > > > > Hello, > > > > I've spent a while on below docs and faced a problem with 4B ASN we use. > > Bird reports an error 'when 'myas' is 4B => so above 65535. > > See some testing example below: > > > > bird> configure > > Reading configuration from /etc/bird/bird.conf > > /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535) > > > > The only way this config reports no error is to set here private ASn - > > fe. > > 65250. But it will never match our real ASn. > > > > Two questions: > > > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work > > with other rouers? > > 2. Can we use instead private ASn just for community filters? Are they > > processed corretly by other Internet routers of our peers? > > > > Or maybe there is another work around? > > > > Best wishes, > > > > Peter > > > > > > -----Oryginalna wiadomość----- > > From: Piotr Marciniak > > Sent: Friday, December 29, 2017 5:01 PM > > To: Ondrej Zajicek > > Cc: [email protected] > > Subject: Re: Community for small IX > > > > > > There are some examples in BIRD wiki, mainly: > > > > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fmultiple-5FRIBs&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=2UgZOD_Fkqt6ZgVqlXm_vXRiY1LP_MTlkWo-TGVqAtE&e= > > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fsingle-5FRIB&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=KjVYea-iJRNl8BxFQFgkEeHLWFK8qwenAm_GRJDH4Q4&e= > > > > -- > > Elen sila lumenn' omentielvo > > > > Ondrej 'Santiago' Zajicek (email: [email protected]) > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) > > "To err is human -- to blame it on a computer is even more so." > > > > > > > > This email is from Equinix (EMEA) B.V. or one of its associated companies in > > the territory from where this email has been sent. This email, and any files > > transmitted with it, contains information which is confidential, is solely > > for > > the use of the intended recipient and may be legally privileged. If you have > > received this email in error, please notify the sender and delete this email > > immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA > > Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889. > >
