On 2008-09-24, tico <[EMAIL PROTECTED]> wrote: > Reading the FILTERS section of bgpd.conf lead me to believe that simply > adding > "allow from any inet6 prefixlen 12 - 48" > would allow the IPv6 prefixes that my neighbor was announcing to me be > added from the RIB into the FIB, however this was not the case. After > trying to specify each rule as explicitly pertaining to "inet" or > "inet6" I found that bgpd would only match the announced IPv6 prefixes > to my "allow" line when I qualified each "deny" line with a prefixlen, > regardless of the CIDR mask appended to the address. > Specifically, the "deny from any prefix 0.0.0.0/0" line in the sample > config would always match *all* IPv6 prefixes (but not clobber any of my > IPv4 prefixes, which were merged into the FIB just fine), even if I > inserted the "inet" parameter into the rule. > > I ended up with the following minimum FILTER config, which works just fine:
Can you make it easier for us and show the config which you expected to work, which doesn't work? Thanks. > If this (having to always specify a prefixlen even if a CIDR mask is > present) is the desired behavior I think that's expected, the network/cidr identifies the part of address space involved, prefixlen identifies the length of the prefix. Say you want to filter on RIR minimums, you might want to use lines like this, deny ... prefix xx.0.0.0/8 prefixlen >= 24 deny ... prefix yy.0.0.0/8 prefixlen >= 21 deny ... prefix zz.0.0.0/8 prefixlen >= 16
