Hi all,
I4m testing OpenBGPD on a route-server/IX topology. My testing case
has one Route Server (RS), 3 AS (AS1, AS2, AS3) and a fourth client AS
(AS4) connected to AS2 and AS3. The following "ascii" figure shows the
topology:
RS
-----------------------------------
| | |
AS1 AS2 AS3
| |
-----------------
|
AS4
Each AS announces two /17 prefixes. AS4 announce its two prefixes with
a prepend to AS3, and with no prepend to AS2. In this case, the RS RIB
is show below:
flags destination gateway lpref med aspath origin
*> 10.1.0.0/17 x.x.x..AS1 100 0 1 i
*> 10.1.128.0/17 x.x.x.x.AS1 100 0 1 i
*> 10.2.0.0/17 x.x.x.x.AS2 100 0 2 i
*> 10.2.128.0/17 x.x.x.x.AS2 100 0 2 i
*> 10.3.0.0/17 x.x.x.x.AS3 100 0 3 i
*> 10.3.128.0/17 x.x.x.x.AS3 100 0 3 i
*> 10.4.0.0/17 x.x.x.x.AS2 100 0 2 4 i
* 10.4.0.0/17 x.x.x.x.AS3 100 0 3 4 4 i
*> 10.4.128.0/17 x.x.x.x.AS2 100 0 2 4 i
* 10.4.128.0/17 x.x.x.AS3 100 0 3 4 4 i
Since BGP export only the best routes, so AS1 learn the AS4 prefixes
with AS2 being the gateway (as expected...). RS configuration is show
below:
peer1="x.x.x.as1"
peer2="x.x.x.as2"
peer3="x.x.x.as3"
ASN="65000"
AS $ASN
router-id x.x.x.rs
fib-update no
transparent-as yes
nexthop qualify via bgp
group "RS" {
neighbor $peer1 {
descr "AS1"
remote-as 1
announce all
}
neighbor $peer2 {
descr "AS2"
remote-as 2
announce all
}
neighbor $peer3 {
descr "AS3"
remote-as 3
announce all
}
}
match from any set community $ASN:neighbor-as
So far, so good. Now, let4s change the rules and make AS1 no longer
exchange traffic with AS2 (and vice-versa). If we just made this by
using filters denying AS1<->AS2 updates, then AS1 will never learn the
prefixes of AS4 trhu AS3. This hidden prefix problem is better
explained here [1]. Quagga and Bird [2] deals with this problem by
using a per AS RIB, so the filter is applied on the input of each RIB,
before the path selection process.
I tried a few solutions and none worked. First, I tried to use the
"route-collector yes" option. Documentation said that this should
disable the path selection, and i thought that openbgd would export
all routes to clients leaving to them the work of selecting routes.
But route selection still occurs, at least when exporting, so, it
didnt worked as I would like. I added the following lines to
configuration:
route-collector yes
deny to $peer1 community $ASN:2
deny to $peer2 community $ASN:1
I also saw in docs that it4s possible to create a table and disable
the route selection, so my next try was create such table, and
configure all peers to use that table:
rde rib allroutes no evaluate
and adding a "rib allroutes" to each peer config. But this didnt
worked too, in fact, no route was exported.
My last try was creating a RIB for each peer:
rde rib toAS1
rde rib toAS2
rde rib toAS3
As I understood from docs, I may apply a rule to one rib, like this:
deny to $peer1 community $ASN:2 rib toAS1
But openbgpd complains about such line. Does anyone knows how solve this?
[1]
http://www.quagga.net/docs/docs-multi/Description-of-the-Route-Server-model.h
tml
[2] https://git.nic.cz/redmine/projects/bird/wiki/Route_server_example
--
Christian Lyra
PoP-PR/RNP
