The tilde operator is not symmetric, although it visually seems to be.
It can be (at least in this case) vaguely interpreted as »left operand
is contained by the right operand«.
In other words, exchange the operands of the tilde.
Maria
On 4/20/20 3:19 PM, Fabiano D'Agostino wrote:
Thanks, it worked. So the community isn't needed? I tried 'show route
table t_0002_as2 where bgp_large_community ~ [(1,1101,13)]' and it prints:
Table t_0002_as2:
Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka
<maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>> ha scritto:
show route all filtered
shows only routes from master4 and master6 tables
to show routes from this protocol, use
show route table t_0002_as2 all filtered
Maria
On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> Yes, I just enabled it:
> protocol bgp {
> ...
> ipv4{
> import keep fitlered;
> import limit 250 action restart;
> import filter filter_rpki;
> table t_0002_as2;
> }
> }
>
> RPKI is working because if I check the syslog I find the invalid
printed
> prefixes, but 'show route all filtered' doesn't show anything.
>
> Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> <maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>
<mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>> ha scritto:
>
> And do you have
> import keep filtered;
> in your config?
> Maria
>
> On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> > Hi,
> > In my route server bird.conf I did this:
> > define FILTERED_RPKI_INVALID = (1,1101,13);
> >
> > filter filter_rpki{
> > if roa_check(..)=ROA_INVALID then
> > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> > }
> >
> > But when I do 'show route all filtered' I get nothing, I also
> tried with
> > 'show route bgp_large_community ~ [(1,1101,13)]' and I
have the
> same result.
> > Because I would like to have some statistics about
> > VALID/INVALID/UNKOWN prefixes and I saw that I could use the
> 'show route
> > stats' command.
> >
> > Thanks,
> >
> > Fabiano
> >
> > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> > <ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
<mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>
> <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
<mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>>> ha
scritto:
> >
> > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> > > Thanks!
> > > But can I also use birdc to check rejected prefixes?
> >
> > If you add a community, it will be visible with `show
route all
> > filtered`
> >
> > > Anyway why do you suggest to use
bgp_path.last_noaggregated?
> >
> > Because you don’t want to check ROA against another
ASN in the
> > aggregated path.
> >
> > --
> > Alarig
> >
>
