Hello,
We're using BIRD 1.6.4 as Route Server.
Recently we have implemented ROA prefix validation but we have hit the issue
with prefixes that are aggregated only.
What do I mean: When the prefix is aggregate and has something like 1234 { 10,
20 } in AS_PATH in last asn, bgp_path.last value returns zero ( 0 ). As result
of this we just discarding such prefixes.
Our approach is the following:
1) We're using static RoA tables with prefixes for example:
roa table r1234 {
roa 10.10.10.0/24 max 32 as 1234;
roa 10.10.11.0/24 max 32 as 1234;
roa 10.10.12.0/24 max 32 as 1234;
}
2) Then create a different function for each member like this and applying it
on each protocol BGP as latest function:
function AS1234_roa() {
if roa_check(r1234, net, bgp_path.last) = ROA_INVALID then {
print "ROA check failed: invalid prefix - ", net, " origin ASN ", bgp_path.last
, " - AS-PATH", bgp_path , " via ", proto; return false;
}
if roa_check(r1234, net, bgp_path.last) = ROA_UNKNOWN then {
print "ROA check failed: unallowed prefix - ", net, " origin ASN ",
bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false;
}
return true;
}
Could someone BIRD developer to suggest some solution for this issue?
Thanks in advance!
Best~
--
---
Javor Kliachev
Senior Engineer IP Services
office: +359 2 974 33 11
mobile: +359 885 98 84 95
[ http://www.neterra.net/ | www.neterra.net ] [
https://bg.linkedin.com/pub/javor-kliachev/11/b46/843 | ]
