Synopsis: <BGPD ext-community filters problem> Чтв 02 Окт 2014 08:32:22 +0400, def <[email protected]> написал: > Synopsis: <problem with network statements in bgpd.conf> > Category: <user i386 system> > Environment: > System : OpenBSD 5.4 > Details : OpenBSD 5.4 (XXX) #7: Thu Mar 13 10:08:46 MSK 2014 > [email protected]:/usr/src/sys/arch/i386/compile/XXX > > Architecture: OpenBSD.i386 > Machine : i386 > > Description: > > Using BGPD with neighbor properties: > announce self > announce IPv4 vpn > announce refresh yes > announce capabilities yes > announce as-4byte no > and then rdomain sections with rd/import-export rt/depend on mpeX > > Wildcard mask to ext-community filters are not supported yet, > sad but true, tons of exact community values and its looking good. > But seems like ext-community filters work unpredictable. > Havent experience with bgpd self originated prefixes, > simple case with allow to any ext-community X set prepend > works good for me. > > How-To-Repeat: > > Once bgpd will get second ebgp session you may wish to manipulate > vpnv4 updates from one ebgp peer to second and now filters do > something but not you could expect. > > example: i have two ebgp peers for vpnv4 and want prefixes from one peer > with ext-community Y to send to second peer. > The filter: "allow to second-peer ext-community Y" does > transit 10 prefixes of 300 which have ext-community Y. > Make restart bgpd, second-peer now receives 15 or 17 or even 8 prefixes > (and most of them even were not received before restart). > Then i tryed workaround to locally convert ext-community to standard > community, > with filter: > "match from first-peer ext-community Y set community X" > "allow to second community X" > with option 'quick' and many many other combinations with no success, only > peer2 received prefix count changes after each bgpd restart. > > Fix: > > There is no fix. > > --
--
