Re: how to use "Operators" in bird

Wed, 30 Jul 2014 04:29:33 -0700 

> hi,

Hello.
> 
> My system is Ubuntu 13.04, kernel version is 3.8.0-21-generic, bird version
> is 1.4.4.
> 
> Device configuration is as follows:
> 
> 1. about function
> 
> function rt_import (int asn; int set peer_asns; prefix set peer_nets)
> {
>    if (net ~ peer_nets) then return false!;
> 
> }
> 
> 2. about filter
> 
> filter bgp_upstream
> {
>          if rt_import (64609, [64609], [192.168.1.0/24]) then reject;
> 
> }
> 
> 
> In the above function, I use net ~ peer_nets to filter out peer_nets route,
> but in filter medium, peer_nets defined as 192.168.1.0/24, which would lead
> to such a fine route 192.168.1.1 will be filtered out. If the test using
> the "-" operator, will lead filter to filter out all the routes. Why?

192.168.1.1/32 should not be filtered with !(net ~ peer_nets) when
peer_nets = [ 192.168.1.0/24 ] as this specifies set of prefixes
with one prefix 192.168.1.0/24.

192.168.1.1/32 is another prefix (network address + prefix length,
not just IP address) and net ~ [ 192.168.1.0/24 ] gives false (i.e.
prefix 192.168.1.1/32 not in the prefix set peer_nets).

"-" operator is undefined when supstracting from net (prefix type)
peer_nets (prefix set type) and filter error should be logged probably.

> 
> In the above example, how can I use "operators" to achieve peer_nets
> defined as 192.168.1.0/24, 192.168.1.1 subnet address to ensure it will not
> be filtered out.

[192.168.1.0/24] and 192.168.1.0/24 are not the same.

[192.168.1.0/24] - is a prefix set (set of IP prefixes),
and 192.168.1.0/24 is a just IP prefix.

"~" could be used on both, but with different meaning.

net ~ [192.168.1.0/24]       it matches net to the set of prefixes.
net ~ 192.168.1.0/24         matches if net is subnet of 192.168.1.0/24.
net.ip ~ 192.168.1.0/24 or
192.168.1.1 ~ 192.168.1.0/24 matches IP to the prefix.

So if peer_nets declared as prefix in rt_import()
(not prefix set, as in your rt_import()) statement net ~ peer_nets
would match and prefix is filtered if peer_nets specified as
192.168.1.0/24 on rt_import() call.

Furthermore as I said previously net ~ [192.168.1.0/24] shall
not filter 192.168.1.1/32, but net ~ [192.168.1.0/24+] will do that
(see BIRD's documentation filter section for details on sets of
prefixes and how they could be written).

> 
> Thank you very much for nothing always help, thanks.

-- 
SP5474-RIPE
Sergey Popovich

Reply via email to