Again, speaking too soon here. Sorry for the spam. I read the documentation again - the ~ operator can be used with an "ip" type on the left and a "prefix" type on the right. So it would seem as though applying this to a prefix set should be something useful/an extension of checking if an IP is within a single prefix. I'll post back when I've applied the patch to let folks know if it worked.
Thanks again! -JJ On Fri, Nov 8, 2013 at 12:08 PM, John Jensen <jense...@gmail.com> wrote: > Thanks for the function optimization. This does indeed make it simpler! I > also believe I had misunderstood the documentation when I expected this to > work - obviously "ip" and "prefix" are different types, and now that I've > re-read the documentation on the ~ operator - "it can be used on element > and set of elements of the same type " > > My apologies. I appreciate the patch and will apply it shortly. > > Thanks, > > -JJ > > > On Fri, Nov 8, 2013 at 3:58 AM, Sergey Popovich > <popovich_ser...@mail.ru>wrote: > >> В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал: >> > Hi, >> > >> > We're about to migrate our exchange to a /23 and we're likely going to >> do >> > it over time. I have a simple filter in place to check and make sure >> that >> > the NEXT_HOP is within our exchange's subnet. Originally it looked like >> > this: >> > >> > function check_ixp_next_hop(ip nexthop) >> > prefix ixpnet; >> > { >> > ixpnet = x.x.x.x/24; >> > if ! (nexthop ~ ixpnet) then return false; >> > return true; >> > } >> > >> > >> > And then within the inbound filter for each peer's ASN: >> > >> > if ! (check_ixp_next_hop(bgp_next_hop)) then reject; >> > >> > >> > Since we're going to be caring about two distinct prefixes while we >> perform >> > the migration, I changed the filter to look like this: >> > >> > function check_ixp_next_hop(ip nexthop) >> > prefix set ixpnet; >> > { >> > ixpnet = [ x.x.x.x/24, y.y.y.y/23 ]; >> >> Also, pay attention, you should use something like >> >> ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ]; >> >> To match subnets. >> >> > if ! (nexthop ~ ixpnet) then return false; >> > return true; >> > } >> > >> >> Even simpler: >> ------------- >> >> function check_ixp_next_hop(ip nexthop) >> { >> return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ]; >> } >> >> -- >> SP5474-RIPE >> Sergey Popovich >> >> >