Re: bgpd 4byte AS ext-community neighbour-as

2013-05-31 Thread Hrvoje Popovski 
On 31.5.2013. 16:50, Hrvoje Popovski wrote:
> Hello,
> 
> We @srce have small IX and we filter bgpd updates with communities.
> Our conifg is simple and works great:
> 
> match from any set community 12345:65000
> deny to { group rsip4, group rsip6 } community 12345:65000
> deny to { group rsip4, group rsip6 } community 0:12345
> allow to { group rsip4, group rsip6 } community 12345:12345
> deny to { group rsip4, group rsip6 } community 0:neighbor-as
> allow to { group rsip4, group rsip6 } community 12345:neighbor-as
> 
> 
> I thought that I can do same thing with ext-community but bgpd -nvf
> /etc/bgpd.conf logs
> Bad ext-community neighbor-as is invalid
> 
> Is it possible to implement neigbour-as to work with ext-communities?
> Below is our configuration we thought it would work.
> 
> match from any set ext-community soo 12345:65000
> deny to { group rsip4, group rsip6 } ext-community soo 12345:65000
> deny to { group rsip4, group rsip6 } ext-community soo 0:12345
> allow to { group rsip4, group rsip6 } ext-community soo 12345:12345
> deny to { group rsip4, group rsip6 } ext-community soo 0:neighbor-as
> deny to { group rsip4, group rsip6 } ext-community soo 12345:neighbor-as

   this is typo it should be allow

bgpd 4byte AS ext-community neighbour-as

2013-05-31 Thread Hrvoje Popovski 
Hello,

We @srce have small IX and we filter bgpd updates with communities.
Our conifg is simple and works great:

match from any set community 12345:65000
deny to { group rsip4, group rsip6 } community 12345:65000
deny to { group rsip4, group rsip6 } community 0:12345
allow to { group rsip4, group rsip6 } community 12345:12345
deny to { group rsip4, group rsip6 } community 0:neighbor-as
allow to { group rsip4, group rsip6 } community 12345:neighbor-as


I thought that I can do same thing with ext-community but bgpd -nvf
/etc/bgpd.conf logs
Bad ext-community neighbor-as is invalid

Is it possible to implement neigbour-as to work with ext-communities?
Below is our configuration we thought it would work.

match from any set ext-community soo 12345:65000
deny to { group rsip4, group rsip6 } ext-community soo 12345:65000
deny to { group rsip4, group rsip6 } ext-community soo 0:12345
allow to { group rsip4, group rsip6 } ext-community soo 12345:12345
deny to { group rsip4, group rsip6 } ext-community soo 0:neighbor-as
deny to { group rsip4, group rsip6 } ext-community soo 12345:neighbor-as

If there is some other way to implement same thing, please let me know.


Thank you