[ixpmanager] BIRD Config Gen: Prefixes Not Being Exported; Strange Errors
Ebtsam M Osaman
soma.m.osman at gmail.com
Tue Feb 13 10:54:18 GMT 2018
Hi ,
I'm facing the same problem
I'm running simple setup ,two neighbors are connected to the route server.
The route servers receive their prefixes. I checked what you have
mentioned here , but right now :
1- IRRDB filtering is not enabled .
2- ASN 16 bit is used
and I still can not see exported prefixes in the master table . can you
please help with further troubleshooting
I attached rs1.conf as generated by IXP manager
Thanks in advance !
On Sun, Jan 21, 2018 at 2:43 PM, Barry O'Donovan <barry.odonovan at inex.ie>
wrote:
>
>
>
> Kyle Spencer wrote:
> > Meanwhile, BIRD's log file is flooded with this error:
> >
> > 2018-01-21 14:38:13 <ERR> ...
> > 2018-01-21 14:38:14 <ERR> filters, line 74: Can't operate with value
> > out of bounds in pair constructor
> > 2018-01-21 14:38:14 <ERR> filters, line 74: Can't operate with value
> > out of bounds in pair constructor
> > 2018-01-21 14:38:14 <ERR> ...
> > 2018-01-21 14:38:47 <ERR> filters, line 74: Can't operate with value
> > out of bounds in pair constructor
>
> We'll need to see the bird config file Kyle.
>
> Or at least the snippet around those lines.
>
> I presume you're try to build a safe route server with prefix filtering?
> Have you populated the database as per:
>
> http://docs.ixpmanager.org/features/irrdb/
>
> - Barry
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> https://www.inex.ie/mailman/listinfo/ixpmanager
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20180213/69930117/attachment.html>
-------------- next part --------------
#
# Bird Route Server configuration generated by IXP Manager
#
# Do not edit this file, it will be overwritten. Please see:
#
# https://github.com/inex/IXP-Manager/wiki/Route-Server
#
# Generated: 2018-02-13 10:30:37
#
# For VLAN: peeringLAN (Tag: 1200, Database ID: 2)
log "/var/log/bird/rs1.log" all;
log syslog all;
define routeserverasn = 65001;
define routeserveraddress = 10.0.0.220;
router id 10.0.0.220;
listen bgp address routeserveraddress;
# ignore interface up/down events
protocol device { }
# This function excludes weird networks
# rfc1918, class D, class E, too long and too short prefixes
function avoid_martians()
prefix set martians;
{
martians = [
10.0.0.0/8+,
169.254.0.0/16+,
172.16.0.0/12+,
192.0.0.0/24+,
192.0.2.0/24+,
192.168.0.0/16+,
198.18.0.0/15+,
198.51.100.0/24+,
203.0.113.0/24+,
224.0.0.0/4+,
240.0.0.0/4+,
0.0.0.0/32-,
0.0.0.0/0{25,32},
0.0.0.0/0{0,7}
];
# Avoid RFC1918 and similar networks
if net ~ martians then
return false;
return true;
}
##
## Standard IXP community filter
##
function ixp_community_filter(int peerasn)
{
if !(source = RTS_BGP) then
return false;
# it's unwise to conduct a 32-bit check on a 16-bit value
if peerasn > 65535 then
return true;
# Implement widely used community filtering schema.
if (0, peerasn) ~ bgp_community then
return false;
if (routeserverasn, peerasn) ~ bgp_community then
return true;
if (0, routeserverasn) ~ bgp_community then
return false;
return true;
}
##
## Route Server client configuration
##
template bgp tb_rsclient {
local as routeserverasn;
source address routeserveraddress;
import filter {
## Prevent BGP NEXT_HOP Hijacking
if !( from = bgp_next_hop ) then
reject "BGP neighbor address [", from, "] != next hop address [", bgp_next_hop, "]", ", net:[", net, "], path:[", bgp_path, "]";
accept;
};
export all;
rs client;
}
### AS65020 - ISP1 - VLAN Interface #5
table t_0005_as65020;
filter f_import_0005_as65020
prefix set allnet;
int set allas;
{
if !(avoid_martians()) then
reject;
# Route servers peering with route servers will cause the universe
# to collapse. Recommend evasive manoeuvers.
if (bgp_path.first != 65020 ) then
reject;
allas = [ 65020 ];
if !(bgp_path.last ~ allas) then
reject;
# Deny everything because the IRR database returned nothing
reject;
accept;
}
protocol pipe pp_0005_as65020 {
description "Pipe for AS65020 - ISP1 - VLAN Interface 5";
table master;
mode transparent;
peer table t_0005_as65020;
import filter f_import_0005_as65020;
export where ixp_community_filter(65020);
}
protocol bgp pb_0005_as65020 from tb_rsclient {
description "AS65020 - ISP1";
neighbor 10.0.0.2 as 65020;
import limit 200 action restart;
table t_0005_as65020;
}
### AS65030 - ISP2 - VLAN Interface #6
table t_0006_as65030;
filter f_import_0006_as65030
prefix set allnet;
int set allas;
{
if !(avoid_martians()) then
reject;
# Route servers peering with route servers will cause the universe
# to collapse. Recommend evasive manoeuvers.
if (bgp_path.first != 65030 ) then
reject;
# This ASN was configured not to use IRRDB filtering
accept;
}
protocol pipe pp_0006_as65030 {
description "Pipe for AS65030 - ISP2 - VLAN Interface 6";
table master;
mode transparent;
peer table t_0006_as65030;
import filter f_import_0006_as65030;
export where ixp_community_filter(65030);
}
protocol bgp pb_0006_as65030 from tb_rsclient {
description "AS65030 - ISP2";
neighbor 10.0.0.3 as 65030;
import limit 200 action restart;
table t_0006_as65030;
}
More information about the ixpmanager
mailing list