[prev in list] [next in list] [prev in thread] [next in thread]
List: bird-users
Subject: Re: Filters giving odd errors
From: Skyler_Mäntysaari <sm () samip ! fi>
Date: 2020-08-15 15:36:05
Message-ID: c98834b1-c4d5-5026-d697-20c399768a49 () samip ! fi
[Download RAW message or body]
I think it had something to do with missing RPKI, even though it was in
filters and other things related to that.
Now I'm not getting that error anymore anywhere after You fixed the
template. :)
On 15/08/2020 0.16, Brooks Swinnerton wrote:
> I think Maria means sharing the smallest possible configuration that
> still reproduces the problem. If the problem is a result of the
> filters, then keeping those in place to help debug.
>
> I'd also be happy to try and debug your configuration as a whole (I
> wrote https://github.com/neptune-networks/peering
> <https://github.com/neptune-networks/peering> so I'm a bit familiar
> with what the generator is intended to do). If you do decide to share
> the full config, please don't post it in the contents of the email as
> it can get truncated and the line numbers will be mixed up. Perhaps a
> Gist or pastebin would help here.
>
> Regarding:
>
> > P.S I need to find a guide on how to do bird2 and RPKI as well.
>
> I've written about this in
> https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/
> <https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/>,
> which was in part the inspiration for the repository you're using to
> generate your BIRD configuration. Hope that helps.
>
> On Fri, Aug 14, 2020 at 3:44 PM Skyler Mäntysaari <sm@samip.fi
> <mailto:sm@samip.fi>> wrote:
>
> I'm using version 2.0.7, running on Ubuntu 20.04.
>
> Do you mean minimal config regarding the filters or the whole thing?
>
> On Fri, Aug 14, 2020, at 02:15, Maria Matejka wrote:
> > I'm unable to reproduce the reported behavior. Could you please
> > try to
> > reduce your config to a minimum config that would reproduce this
> > behavior? What version are you using?
> >
> > Thanks,
> > Maria
> >
> > On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:
> > > Line 360 is the prefix_is_bogon if statement.
> > >
> > > The bogon lists can be seen from:
> > >
> > https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84
> > <https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84>
> >
> > >
> > > -----------------------------------------------------------
> > > if prefix_is_bogon() then
> > > reject "prefix is bogon - REJECTING ", net;
> > > -----------------------------------------------------------
> > > function prefix_is_bogon() {
> > > if net.type = NET_IP4 then
> > > if net ~ BOGONS_4 then return true;
> > > if net.type = NET_IP6 then
> > > if net ~ BOGONS_6 then return true;
> > > return false;
> > > }
> > > -----------------------------------------------------------
> > >
> > > P.S Please do not reply to me directly, but to the list.
> > >
> > > On 13/08/2020 18.41, Maria Matějka wrote:
> > > > Hello!
> > > > The error message tells you that you are passing something
> > strange to
> > > > the condition on line 360. What do you have on line 360?
> > > > Maria
> > > >
> > > > On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari"
> > > > <sm@samip.fi <mailto:sm@samip.fi>> wrote:
> > > >
> > > > Hi there,
> > > >
> > > > I'm using the template from
> > > >
> > https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf
> > <https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf>
> >
> > > > for my filters, and I'm getting argument related errors in
> > logs.
> > > >
> > > > What's the issue with those filters?
> > > >
> > > > P.S I need to find a guide on how to do bird2 and RPKI as
> > well.
> > > >
> > > > Logs:
> > > >
> > ------------------------------------------------------------------------
> > > > 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
> > instruction
> > > > FI_CONDITION must be of type T_BOOL, got 0x00
> > > > 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
> > instruction
> > > > FI_CONDITION must be of type T_BOOL, got 0x00
> > > > 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
> > instruction
> > > > FI_CONDITION must be of type T_BOOL, got 0x00
> > > > 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
> > instruction
> > > > FI_CONDITION must be of type T_BOOL, got 0x00
> > > > 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
> > instruction
> > > > FI_CONDITION must be of type T_BOOL, got 0x00
> > > > 2020-08-13 17:37:47 <ERR> ...
> > > >
> > ------------------------------------------------------------------------
> > > > Bird config, the filter functions:
> > > >
> > ------------------------------------------------------------------------
> > > > # --- Filters (technically functions) ---
> > > > function default_import() {
> > > > if bgp_path.len > 32 then
> > > > reject "AS_PATH len [", bgp_path.len ,"] longer than
> > 32 - REJECTING
> > > > ", net;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > if is_own_prefix() then
> > > > reject "prefix is our own - REJECTING ", net;
> > > >
> > > > if is_own_internal_prefix() then {
> > > > if !prefix_is_in_global_whitelist() then
> > > > reject "prefix is our own and internal - REJECTING
> > ", net;
> > > > }
> > > >
> > > > if prefix_is_bogon() then
> > > > reject "prefix is bogon - REJECTING ", net;
> > > >
> > > > if net.type = NET_IP4 then
> > > > if !is_prefix_length_valid(8, 24) then
> > > > reject "prefix len [", net.len, "] not in 8-24 -
> > REJECTING ", net;
> > > >
> > > > if net.type = NET_IP6 then
> > > > if !is_prefix_length_valid(12, 56) then
> > > > reject "prefix len [", net.len, "] not in 12-56 -
> > REJECTING ", net;
> > > >
> > > > #perform_rpki_validation();
> > > >
> > > > if route_is_rpki_invalid() then
> > > > reject "RPKI, route is INVALID - REJECTING ", net;
> > > >
> > > > add_region_community();
> > > > add_site_community();
> > > > honor_graceful_shutdown();
> > > >
> > > > accept;
> > > > }
> > > >
> > > > function peer_import() {
> > > > scrub_communities_in();
> > > > add_peer_community();
> > > > default_import();
> > > > }
> > > >
> > > > function peer_export() {
> > > > strip_private_asns();
> > > > add_global_prepends();
> > > >
> > > > if is_own_prefix() then accept;
> > > >
> > > > if route_is_rpki_invalid() then
> > > > reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> > > >
> > > > if is_own_internal_prefix() then {
> > > > if !prefix_is_in_global_whitelist() then
> > > > reject "prefix is our own and internal - NOT
> > ANNOUNCING ", net;
> > > > }
> > > >
> > > > if net.type = NET_IP4 then
> > > > if !is_prefix_length_valid(8, 24) then
> > > > reject "prefix len [", net.len, "] not in 8-24 -
> > REJECTING ", net;
> > > >
> > > > if net.type = NET_IP6 then
> > > > if !is_prefix_length_valid(12, 48) then
> > > > reject "prefix len [", net.len, "] not in 12-48 -
> > REJECTING ", net;
> > > >
> > > > if prefix_is_bogon() then
> > > > reject "prefix is bogon - NOT ANNOUNCING ", net;
> > > >
> > > > if as_path_contains_invalid_asn() then
> > > > reject "AS_PATH [", bgp_path ,"] contains invalid
> > ASN - REJECTING
> > > > ", net;
> > > >
> > > > if should_not_export_to_site() then
> > > > reject "NO_EXPORT community in place for site - NOT
> > ANNOUNCING ", net;
> > > >
> > > > if should_not_export_to_region() then
> > > > reject "NO_EXPORT community in place for region -
> > NOT ANNOUNCING ",
> > > > net;
> > > >
> > > > if should_not_export_to_peers() then
> > > > reject "NO_EXPORT community in place for peers - NOT
> > ANNOUNCING ", net;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > if was_learned_from_customer() then accept;
> > > >
> > > > reject;
> > > > }
> > > >
> > > > function upstream_import() {
> > > > scrub_communities_in();
> > > > add_upstream_community();
> > > > default_import();
> > > > }
> > > >
> > > > function upstream_export() {
> > > > strip_private_asns();
> > > > add_global_prepends();
> > > >
> > > > if is_own_prefix() then accept;
> > > >
> > > > if route_is_rpki_invalid() then
> > > > reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> > > >
> > > > if is_own_internal_prefix() then {
> > > > if !prefix_is_in_global_whitelist() then
> > > > reject "prefix is our own and internal - NOT
> > ANNOUNCING ", net;
> > > > }
> > > >
> > > > if net.type = NET_IP4 then
> > > > if !is_prefix_length_valid(8, 24) then
> > > > reject "prefix len [", net.len, "] not in 8-24 -
> > REJECTING ", net;
> > > >
> > > > if net.type = NET_IP6 then
> > > > if !is_prefix_length_valid(12, 48) then
> > > > reject "prefix len [", net.len, "] not in 12-48 -
> > REJECTING ", net;
> > > >
> > > > if prefix_is_bogon() then
> > > > reject "prefix is bogon - NOT ANNOUNCING ", net;
> > > >
> > > > if as_path_contains_invalid_asn() then
> > > > reject "AS_PATH [", bgp_path ,"] contains invalid
> > ASN - REJECTING
> > > > ", net;
> > > >
> > > > if should_not_export_to_site() then
> > > > reject "NO_EXPORT community in place for site - NOT
> > ANNOUNCING ", net;
> > > >
> > > > if should_not_export_to_region() then
> > > > reject "NO_EXPORT community in place for region -
> > NOT ANNOUNCING ",
> > > > net;
> > > >
> > > > if should_not_export_to_upstreams() then
> > > > reject "NO_EXPORT community in place for upstreams -
> > NOT ANNOUNCING
> > > > ", net;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > if was_learned_from_customer() then accept;
> > > >
> > > > reject;
> > > > }
> > > >
> > > > function customer_import() {
> > > > scrub_communities_in();
> > > > add_customer_community();
> > > > default_import();
> > > > }
> > > >
> > > > function customer_export() {
> > > > strip_private_asns();
> > > > add_global_prepends();
> > > >
> > > > if is_own_prefix() then accept;
> > > >
> > > > if route_is_rpki_invalid() then
> > > > reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> > > >
> > > > if is_own_internal_prefix() then {
> > > > if !prefix_is_in_global_whitelist() then
> > > > reject "prefix is our own and internal - NOT
> > ANNOUNCING ", net;
> > > > }
> > > >
> > > > if net.type = NET_IP4 then
> > > > if !is_prefix_length_valid(8, 24) then
> > > > reject "prefix len [", net.len, "] not in 8-24 -
> > REJECTING ", net;
> > > >
> > > > if net.type = NET_IP6 then
> > > > if !is_prefix_length_valid(12, 48) then
> > > > reject "prefix len [", net.len, "] not in 12-48 -
> > REJECTING ", net;
> > > >
> > > > if prefix_is_bogon() then
> > > > reject "prefix is bogon - NOT ANNOUNCING ", net;
> > > >
> > > > if as_path_contains_invalid_asn() then
> > > > reject "AS_PATH [", bgp_path ,"] contains invalid
> > ASN - REJECTING
> > > > ", net;
> > > >
> > > > if should_not_export_to_site() then
> > > > reject "NO_EXPORT community in place for site - NOT
> > ANNOUNCING ", net;
> > > >
> > > > if should_not_export_to_region() then
> > > > reject "NO_EXPORT community in place for region -
> > NOT ANNOUNCING ",
> > > > net;
> > > >
> > > > if should_not_export_to_customers() then
> > > > reject "NO_EXPORT community in place for customers -
> > NOT ANNOUNCING
> > > > ", net;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > if was_learned_from_peer() then accept;
> > > > if was_learned_from_private_peer() then accept;
> > > > if was_learned_from_upstream() then accept;
> > > > if was_learned_from_customer() then accept;
> > > >
> > > > reject;
> > > > }
> > > >
> > > > function core_import() {
> > > > if prefix_is_bogon() then reject;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > honor_graceful_shutdown();
> > > > accept;
> > > > }
> > > >
> > > > function core_export() {
> > > > if prefix_is_bogon() then reject;
> > > >
> > > > if prefix_is_in_global_blacklist() then
> > > > reject "prefix is in global blacklist - REJECTING ",
> > net;
> > > >
> > > > if is_own_prefix() then accept;
> > > > if is_own_internal_prefix() then accept;
> > > > if was_learned_from_peer() then accept;
> > > > if was_learned_from_private_peer() then accept;
> > > > if was_learned_from_upstream() then accept;
> > > > if was_learned_from_customer() then accept;
> > > >
> > > > reject;
> > > > }
> > > >
> > ------------------------------------------------------------------------
> > > > --
> > > > This email has been checked for viruses by Avast antivirus
> > software.
> > > > https://www.avast.com/antivirus <https://www.avast.com/antivirus>
> > > >
> > > >
> > > > --
> > > > Sent from my Android device with K-9 Mail. Please excuse my
> > brevity.
> > >
> > >
> > >
> > ------------------------------------------------------------------------
> > > Avast logo
> > >
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>>
> >
> > >
> > >
> > > This email has been checked for viruses by Avast antivirus
> > software.
> > > www.avast.com <http://www.avast.com>
> > >
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>>
> >
> > >
> > >
> > >
> > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> >
>
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I think it had something to do with missing RPKI, even though it
was in filters and other things related to that.<br>
Now I'm not getting that error anymore anywhere after You fixed
the template. :)<br>
</p>
<div class="moz-cite-prefix">On 15/08/2020 0.16, Brooks Swinnerton
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOeUg=qets0WeQLThjQST-m2CO8WGASEBWqWQmFDqWK2Ut=VdQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">I think Maria means sharing the smallest possible
configuration that still reproduces the problem. If the problem
is a result of the filters, then keeping those in place to help
debug.
<div><br>
</div>
<div>I'd also be happy to try and debug your configuration as a
whole (I wrote <a
href="https://github.com/neptune-networks/peering"
moz-do-not-send="true">https://github.com/neptune-networks/peering</a>
so I'm a bit familiar with what the generator is intended to
do). If you do decide to share the full config, please don't
post it in the contents of the email as it can get truncated
and the line numbers will be mixed up. Perhaps a Gist or
pastebin would help here.</div>
<div><br>
</div>
<div>Regarding:</div>
<div><br>
</div>
<div>> P.S I need to find a guide on how to do bird2 and RPKI
as well.</div>
<div><br>
</div>
<div>I've written about this in <a
href="https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/"
moz-do-not-send="true">https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/</a>,
which was in part the inspiration for the repository you're
using to generate your BIRD configuration. Hope that helps.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Aug 14, 2020 at 3:44
PM Skyler Mäntysaari <<a href="mailto:sm@samip.fi"
moz-do-not-send="true">sm@samip.fi</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>I'm using version 2.0.7, running on Ubuntu 20.04.<br>
<br>
Do you mean minimal config regarding the filters or the
whole thing?<br>
</div>
<div><br>
</div>
<div>On Fri, Aug 14, 2020, at 02:15, Maria Matejka wrote:<br>
</div>
<blockquote type="cite" id="gmail-m_-5649347784351056764qt">
<div>I'm unable to reproduce the reported behavior. Could
you please try to <br>
</div>
<div>reduce your config to a minimum config that would
reproduce this <br>
</div>
<div>behavior? What version are you using?<br>
</div>
<div><br>
</div>
<div>Thanks,<br>
</div>
<div>Maria<br>
</div>
<div><br>
</div>
<div>On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:<br>
</div>
<div>> Line 360 is the prefix_is_bogon if statement.<br>
</div>
<div>> <br>
</div>
<div>> The bogon lists can be seen from: <br>
</div>
<div>> <a
href="https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84"
target="_blank" \
moz-do-not-send="true">https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84</a><br>
</div>
<div>> <br>
</div>
<div>>
-----------------------------------------------------------<br>
</div>
<div>> if prefix_is_bogon() then<br>
</div>
<div>> reject "prefix is bogon - REJECTING ", net;<br>
</div>
<div>>
-----------------------------------------------------------<br>
</div>
<div>> function prefix_is_bogon() {<br>
</div>
<div>> if net.type = NET_IP4 then<br>
</div>
<div>> if net ~ BOGONS_4 then return true;<br>
</div>
<div>> if net.type = NET_IP6 then<br>
</div>
<div>> if net ~ BOGONS_6 then return true;<br>
</div>
<div>> return false;<br>
</div>
<div>> }<br>
</div>
<div>>
-----------------------------------------------------------<br>
</div>
<div>> <br>
</div>
<div>> P.S Please do not reply to me directly, but to
the list.<br>
</div>
<div>> <br>
</div>
<div>> On 13/08/2020 18.41, Maria Matějka wrote:<br>
</div>
<div>>> Hello!<br>
</div>
<div>>> The error message tells you that you are
passing something strange to <br>
</div>
<div>>> the condition on line 360. What do you have
on line 360?<br>
</div>
<div>>> Maria<br>
</div>
<div>>><br>
</div>
<div>>> On August 13, 2020 4:46:12 PM GMT+02:00,
"Skyler Mäntysaari" <br>
</div>
<div>>> <<a href="mailto:sm@samip.fi"
target="_blank" moz-do-not-send="true">sm@samip.fi</a>>
wrote:<br>
</div>
<div>>><br>
</div>
<div>>> Hi there,<br>
</div>
<div>>><br>
</div>
<div>>> I'm using the template from<br>
</div>
<div>>> <a
href="https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf"
target="_blank" \
moz-do-not-send="true">https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf</a> \
<br> </div>
<div>>> for my filters, and I'm getting argument
related errors in logs.<br>
</div>
<div>>><br>
</div>
<div>>> What's the issue with those filters?<br>
</div>
<div>>><br>
</div>
<div>>> P.S I need to find a guide on how to do
bird2 and RPKI as well.<br>
</div>
<div>>><br>
</div>
<div>>> Logs:<br>
</div>
<div>>>
------------------------------------------------------------------------<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> filters,
line 360: Argument 1 of instruction<br>
</div>
<div>>> FI_CONDITION must be of type T_BOOL, got
0x00<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> filters,
line 360: Argument 1 of instruction<br>
</div>
<div>>> FI_CONDITION must be of type T_BOOL, got
0x00<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> filters,
line 360: Argument 1 of instruction<br>
</div>
<div>>> FI_CONDITION must be of type T_BOOL, got
0x00<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> filters,
line 360: Argument 1 of instruction<br>
</div>
<div>>> FI_CONDITION must be of type T_BOOL, got
0x00<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> filters,
line 360: Argument 1 of instruction<br>
</div>
<div>>> FI_CONDITION must be of type T_BOOL, got
0x00<br>
</div>
<div>>> 2020-08-13 17:37:47 <ERR> ...<br>
</div>
<div>>>
------------------------------------------------------------------------<br>
</div>
<div>>> Bird config, the filter functions:<br>
</div>
<div>>>
------------------------------------------------------------------------<br>
</div>
<div>>> # --- Filters (technically functions)
---<br>
</div>
<div>>> function default_import() {<br>
</div>
<div>>> if bgp_path.len > 32 then<br>
</div>
<div>>> reject "AS_PATH len [",
bgp_path.len ,"] longer than 32 - REJECTING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_prefix() then<br>
</div>
<div>>> reject "prefix is our own -
REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_internal_prefix() then {<br>
</div>
<div>>> if
!prefix_is_in_global_whitelist() then<br>
</div>
<div>>> reject "prefix is our own and
internal - REJECTING ", net;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_bogon() then<br>
</div>
<div>>> reject "prefix is bogon -
REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP4 then<br>
</div>
<div>>> if !is_prefix_length_valid(8, 24)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 8-24 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP6 then<br>
</div>
<div>>> if !is_prefix_length_valid(12, 56)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 12-56 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> #perform_rpki_validation();<br>
</div>
<div>>><br>
</div>
<div>>> if route_is_rpki_invalid() then<br>
</div>
<div>>> reject "RPKI, route is INVALID -
REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> add_region_community();<br>
</div>
<div>>> add_site_community();<br>
</div>
<div>>> honor_graceful_shutdown();<br>
</div>
<div>>><br>
</div>
<div>>> accept;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function peer_import() {<br>
</div>
<div>>> scrub_communities_in();<br>
</div>
<div>>> add_peer_community();<br>
</div>
<div>>> default_import();<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function peer_export() {<br>
</div>
<div>>> strip_private_asns();<br>
</div>
<div>>> add_global_prepends();<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_prefix() then accept;<br>
</div>
<div>>><br>
</div>
<div>>> if route_is_rpki_invalid() then<br>
</div>
<div>>> reject "RPKI, route is INVALID -
NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_internal_prefix() then {<br>
</div>
<div>>> if
!prefix_is_in_global_whitelist() then<br>
</div>
<div>>> reject "prefix is our own and
internal - NOT ANNOUNCING ", net;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP4 then<br>
</div>
<div>>> if !is_prefix_length_valid(8, 24)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 8-24 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP6 then<br>
</div>
<div>>> if !is_prefix_length_valid(12, 48)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 12-48 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_bogon() then<br>
</div>
<div>>> reject "prefix is bogon - NOT
ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if as_path_contains_invalid_asn()
then<br>
</div>
<div>>> reject "AS_PATH [", bgp_path ,"]
contains invalid ASN - REJECTING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_site() then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for site - NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_region()
then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for region - NOT ANNOUNCING ",<br>
</div>
<div>>> net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_peers() then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for peers - NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if was_learned_from_customer() then
accept;<br>
</div>
<div>>><br>
</div>
<div>>> reject;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function upstream_import() {<br>
</div>
<div>>> scrub_communities_in();<br>
</div>
<div>>> add_upstream_community();<br>
</div>
<div>>> default_import();<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function upstream_export() {<br>
</div>
<div>>> strip_private_asns();<br>
</div>
<div>>> add_global_prepends();<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_prefix() then accept;<br>
</div>
<div>>><br>
</div>
<div>>> if route_is_rpki_invalid() then<br>
</div>
<div>>> reject "RPKI, route is INVALID -
NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_internal_prefix() then {<br>
</div>
<div>>> if
!prefix_is_in_global_whitelist() then<br>
</div>
<div>>> reject "prefix is our own and
internal - NOT ANNOUNCING ", net;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP4 then<br>
</div>
<div>>> if !is_prefix_length_valid(8, 24)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 8-24 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP6 then<br>
</div>
<div>>> if !is_prefix_length_valid(12, 48)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 12-48 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_bogon() then<br>
</div>
<div>>> reject "prefix is bogon - NOT
ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if as_path_contains_invalid_asn()
then<br>
</div>
<div>>> reject "AS_PATH [", bgp_path ,"]
contains invalid ASN - REJECTING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_site() then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for site - NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_region()
then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for region - NOT ANNOUNCING ",<br>
</div>
<div>>> net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_upstreams()
then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for upstreams - NOT ANNOUNCING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if was_learned_from_customer() then
accept;<br>
</div>
<div>>><br>
</div>
<div>>> reject;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function customer_import() {<br>
</div>
<div>>> scrub_communities_in();<br>
</div>
<div>>> add_customer_community();<br>
</div>
<div>>> default_import();<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function customer_export() {<br>
</div>
<div>>> strip_private_asns();<br>
</div>
<div>>> add_global_prepends();<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_prefix() then accept;<br>
</div>
<div>>><br>
</div>
<div>>> if route_is_rpki_invalid() then<br>
</div>
<div>>> reject "RPKI, route is INVALID -
NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_internal_prefix() then {<br>
</div>
<div>>> if
!prefix_is_in_global_whitelist() then<br>
</div>
<div>>> reject "prefix is our own and
internal - NOT ANNOUNCING ", net;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP4 then<br>
</div>
<div>>> if !is_prefix_length_valid(8, 24)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 8-24 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if net.type = NET_IP6 then<br>
</div>
<div>>> if !is_prefix_length_valid(12, 48)
then<br>
</div>
<div>>> reject "prefix len [", net.len,
"] not in 12-48 - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_bogon() then<br>
</div>
<div>>> reject "prefix is bogon - NOT
ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if as_path_contains_invalid_asn()
then<br>
</div>
<div>>> reject "AS_PATH [", bgp_path ,"]
contains invalid ASN - REJECTING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_site() then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for site - NOT ANNOUNCING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_region()
then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for region - NOT ANNOUNCING ",<br>
</div>
<div>>> net;<br>
</div>
<div>>><br>
</div>
<div>>> if should_not_export_to_customers()
then<br>
</div>
<div>>> reject "NO_EXPORT community in
place for customers - NOT ANNOUNCING<br>
</div>
<div>>> ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if was_learned_from_peer() then
accept;<br>
</div>
<div>>> if was_learned_from_private_peer()
then accept;<br>
</div>
<div>>> if was_learned_from_upstream() then
accept;<br>
</div>
<div>>> if was_learned_from_customer() then
accept;<br>
</div>
<div>>><br>
</div>
<div>>> reject;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function core_import() {<br>
</div>
<div>>> if prefix_is_bogon() then reject;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> honor_graceful_shutdown();<br>
</div>
<div>>> accept;<br>
</div>
<div>>> }<br>
</div>
<div>>><br>
</div>
<div>>> function core_export() {<br>
</div>
<div>>> if prefix_is_bogon() then reject;<br>
</div>
<div>>><br>
</div>
<div>>> if prefix_is_in_global_blacklist()
then<br>
</div>
<div>>> reject "prefix is in global
blacklist - REJECTING ", net;<br>
</div>
<div>>><br>
</div>
<div>>> if is_own_prefix() then accept;<br>
</div>
<div>>> if is_own_internal_prefix() then
accept;<br>
</div>
<div>>> if was_learned_from_peer() then
accept;<br>
</div>
<div>>> if was_learned_from_private_peer()
then accept;<br>
</div>
<div>>> if was_learned_from_upstream() then
accept;<br>
</div>
<div>>> if was_learned_from_customer() then
accept;<br>
</div>
<div>>><br>
</div>
<div>>> reject;<br>
</div>
<div>>> }<br>
</div>
<div>>>
------------------------------------------------------------------------<br>
</div>
<div>>> -- <br>
</div>
<div>>> This email has been checked for viruses
by Avast antivirus software.<br>
</div>
<div>>> <a
href="https://www.avast.com/antivirus" target="_blank"
moz-do-not-send="true">https://www.avast.com/antivirus</a><br>
</div>
<div>>><br>
</div>
<div>>><br>
</div>
<div>>> -- <br>
</div>
<div>>> Sent from my Android device with K-9 Mail.
Please excuse my brevity. <br>
</div>
<div>> <br>
</div>
<div>> <br>
</div>
<div>>
------------------------------------------------------------------------<br>
</div>
<div>> Avast logo <br>
</div>
<div>> <<a
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
target="_blank" moz-do-not-send="true">https://www.avast.com/sig-email?utm_medium=em \
ail&utm_source=link&utm_campaign=sig-email&utm_content=emailclient</a>> \
<br> </div>
<div>><br>
</div>
<div>> <br>
</div>
<div>> This email has been checked for viruses by Avast
antivirus software.<br>
</div>
<div>> <a href="http://www.avast.com" target="_blank"
moz-do-not-send="true">www.avast.com</a> <br>
</div>
<div>> <<a
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
target="_blank" moz-do-not-send="true">https://www.avast.com/sig-email?utm_medium=em \
ail&utm_source=link&utm_campaign=sig-email&utm_content=emailclient</a>> \
<br> </div>
<div>> <br>
</div>
<div>> <br>
</div>
<div>> <br>
</div>
<div>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2><br>
</div>
<div><br>
</div>
</blockquote>
<div><br>
</div>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic