The bird filter engine is clearly more complex and diverse. I have now solved the problem (at least partially) with the following filters: ``` redistribute ip fd5c:3e37:2666:ea00::/56 eq 56 allow redistribute local deny redistribute deny
in ip fd5c:3e37:2666:ea00::/56 deny in ip fd5c:3e37:2666::/48 le 56 allow in ip fd5c:3e37:2666::/48 deny in ip fd92:58b6:2b2::/48 le 48 allow in ip fd92:58b6:2b2::/48 deny in ip fd08:8441:e254::/48 le 64 allow in ip fd08:8441:e254::/48 deny in ip fd40:aa42:4f39::/48 le 64 allow in ip fd40:aa42:4f39::/48 deny in ip fd96:cd8b:f25d::/48 le 64 allow in ip fd96:cd8b:f25d::/48 deny in ip fda2:a9b0:a02b::/48 le 64 allow in ip fda2:a9b0:a02b::/48 deny in ip fdae:d3e4:83e4::/48 le 64 allow in ip fdae:d3e4:83e4::/48 deny in ip fdc2:9471:e3ba::/48 le 64 allow in ip fdc2:9471:e3ba::/48 deny in ip fdd2:cbf2:61bd::/48 le 64 allow in ip fdd2:cbf2:61bd::/48 deny in ip fdf1:1dc1:f54d::/48 le 64 allow in ip fdf1:1dc1:f54d::/48 deny in ip fd96:21ef:a9ba::/48 le 64 allow in ip fd96:21ef:a9ba::/48 deny in ip fdd4:975c:1440::/48 le 64 allow in ip fdd4:975c:1440::/48 deny in ip fda7:3ae7:e04d::/64 le 64 allow in ip fda7:3ae7:e04d::/64 deny in ip fd00::/8 le 64 ge 44 allow in deny ``` If it is a CRXN prefix, the maxlen is checked and the prefix is accepted or filtered accordingly. For non-CRXN prefixes it is only checked if they are between /64 and /44. If so, they are also accepted. The problem here is that now non-CRXN and non-dn42 routes can be propagated and they are not filtered. The only possibility would be to extend the babeld configuration file by 3000 lines accordingly. Hence my question some time ago at the Mailling list if there is some kind of "include" statement in babeld. On Sun, 19 Feb 2023 15:53:03 +0100 Juliusz Chroboczek <j...@irif.fr> wrote: > https://mk16.de/blog/the-crxn-dn42-interconnection-is-up/ > > Interestingly, the two networks use overlapping prefixes, which requires > enumerating hundreds of prefixes in their filters. This is a case where > BIRD's support for Babel is likely to be useful: babeld's filtering > engine is simply not designed for large numbers of filtering rules. > > -- Juliusz > > _______________________________________________ > Babel-users mailing list > Babel-users@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users -- Marek Küthe m...@mk16.de er/ihm he/him
pgpRveKCVIwSy.pgp
Description: OpenPGP digital signature
_______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users