Ooops, filtered. The filtered routes are by default excluded from the
filters. You have to explicitly ask for filtered routes to make BIRD
work with them.
Maria
On 4/20/20 3:47 PM, Fabiano D'Agostino wrote:
Thanks, I did it but it is still not working. Nevermind I will use 'show
route filtered'.
Il giorno lun 20 apr 2020 alle ore 15:27 Maria Matejka
<maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>> ha scritto:
The tilde operator is not symmetric, although it visually seems to be.
It can be (at least in this case) vaguely interpreted as »left operand
is contained by the right operand«.
In other words, exchange the operands of the tilde.
Maria
On 4/20/20 3:19 PM, Fabiano D'Agostino wrote:
> Thanks, it worked. So the community isn't needed? I tried 'show
route
> table t_0002_as2 where bgp_large_community ~ [(1,1101,13)]' and
it prints:
> Table t_0002_as2:
>
> Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka
> <maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>
<mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>> ha scritto:
>
> show route all filtered
>
> shows only routes from master4 and master6 tables
>
> to show routes from this protocol, use
>
> show route table t_0002_as2 all filtered
>
> Maria
>
> On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> > Yes, I just enabled it:
> > protocol bgp {
> > ...
> > ipv4{
> > import keep fitlered;
> > import limit 250 action restart;
> > import filter filter_rpki;
> > table t_0002_as2;
> > }
> > }
> >
> > RPKI is working because if I check the syslog I find the
invalid
> printed
> > prefixes, but 'show route all filtered' doesn't show anything.
> >
> > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> > <maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>
<mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>
> <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>
<mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>>> ha
scritto:
> >
> > And do you have
> > import keep filtered;
> > in your config?
> > Maria
> >
> > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> > > Hi,
> > > In my route server bird.conf I did this:
> > > define FILTERED_RPKI_INVALID = (1,1101,13);
> > >
> > > filter filter_rpki{
> > > if roa_check(..)=ROA_INVALID then
> > >
{bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> > > }
> > >
> > > But when I do 'show route all filtered' I get
nothing, I also
> > tried with
> > > 'show route bgp_large_community ~ [(1,1101,13)]' and I
> have the
> > same result.
> > > Because I would like to have some statistics about
> > > VALID/INVALID/UNKOWN prefixes and I saw that I
could use the
> > 'show route
> > > stats' command.
> > >
> > > Thanks,
> > >
> > > Fabiano
> > >
> > > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> > > <ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
<mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>
> <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
<mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>>
> > <mailto:ala...@swordarmor.fr
<mailto:ala...@swordarmor.fr> <mailto:ala...@swordarmor.fr
<mailto:ala...@swordarmor.fr>>
> <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
<mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>>>> ha
> scritto:
> > >
> > > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano
D'Agostino wrote:
> > > > Thanks!
> > > > But can I also use birdc to check rejected
prefixes?
> > >
> > > If you add a community, it will be visible with
`show
> route all
> > > filtered`
> > >
> > > > Anyway why do you suggest to use
> bgp_path.last_noaggregated?
> > >
> > > Because you don’t want to check ROA against another
> ASN in the
> > > aggregated path.
> > >
> > > --
> > > Alarig
> > >
> >
>
