Hi all, I4m testing OpenBGPD on a route-server/IX topology. My testing case has one Route Server (RS), 3 AS (AS1, AS2, AS3) and a fourth client AS (AS4) connected to AS2 and AS3. The following "ascii" figure shows the topology:
RS ----------------------------------- | | | AS1 AS2 AS3 | | ----------------- | AS4 Each AS announces two /17 prefixes. AS4 announce its two prefixes with a prepend to AS3, and with no prepend to AS2. In this case, the RS RIB is show below: flags destination gateway lpref med aspath origin *> 10.1.0.0/17 x.x.x..AS1 100 0 1 i *> 10.1.128.0/17 x.x.x.x.AS1 100 0 1 i *> 10.2.0.0/17 x.x.x.x.AS2 100 0 2 i *> 10.2.128.0/17 x.x.x.x.AS2 100 0 2 i *> 10.3.0.0/17 x.x.x.x.AS3 100 0 3 i *> 10.3.128.0/17 x.x.x.x.AS3 100 0 3 i *> 10.4.0.0/17 x.x.x.x.AS2 100 0 2 4 i * 10.4.0.0/17 x.x.x.x.AS3 100 0 3 4 4 i *> 10.4.128.0/17 x.x.x.x.AS2 100 0 2 4 i * 10.4.128.0/17 x.x.x.AS3 100 0 3 4 4 i Since BGP export only the best routes, so AS1 learn the AS4 prefixes with AS2 being the gateway (as expected...). RS configuration is show below: peer1="x.x.x.as1" peer2="x.x.x.as2" peer3="x.x.x.as3" ASN="65000" AS $ASN router-id x.x.x.rs fib-update no transparent-as yes nexthop qualify via bgp group "RS" { neighbor $peer1 { descr "AS1" remote-as 1 announce all } neighbor $peer2 { descr "AS2" remote-as 2 announce all } neighbor $peer3 { descr "AS3" remote-as 3 announce all } } match from any set community $ASN:neighbor-as So far, so good. Now, let4s change the rules and make AS1 no longer exchange traffic with AS2 (and vice-versa). If we just made this by using filters denying AS1<->AS2 updates, then AS1 will never learn the prefixes of AS4 trhu AS3. This hidden prefix problem is better explained here [1]. Quagga and Bird [2] deals with this problem by using a per AS RIB, so the filter is applied on the input of each RIB, before the path selection process. I tried a few solutions and none worked. First, I tried to use the "route-collector yes" option. Documentation said that this should disable the path selection, and i thought that openbgd would export all routes to clients leaving to them the work of selecting routes. But route selection still occurs, at least when exporting, so, it didnt worked as I would like. I added the following lines to configuration: route-collector yes deny to $peer1 community $ASN:2 deny to $peer2 community $ASN:1 I also saw in docs that it4s possible to create a table and disable the route selection, so my next try was create such table, and configure all peers to use that table: rde rib allroutes no evaluate and adding a "rib allroutes" to each peer config. But this didnt worked too, in fact, no route was exported. My last try was creating a RIB for each peer: rde rib toAS1 rde rib toAS2 rde rib toAS3 As I understood from docs, I may apply a rule to one rib, like this: deny to $peer1 community $ASN:2 rib toAS1 But openbgpd complains about such line. Does anyone knows how solve this? [1] http://www.quagga.net/docs/docs-multi/Description-of-the-Route-Server-model.h tml [2] https://git.nic.cz/redmine/projects/bird/wiki/Route_server_example -- Christian Lyra PoP-PR/RNP