[ixpmanager] AS-SET Is not Working
Frank Habicht
geier at geier.ne.tz
Mon Apr 20 08:20:00 IST 2020
Hi Shahab,
since this AS-SET in RIPE DB was last modified just over 1 hour ago, did
you re-create your configurations (including filters) since then?
$ whois -h whois.ripe.net -- -B -r AS-ASIATECH | grep last-modified
last-modified: 2020-04-20T06:04:33Z
Frank
On 20/04/2020 10:13, Shahab Vahabzadeh wrote:
> Frank,
> No AS Number is not inside allas array but AS Number is inside AS-SET in
> ripe.
>
> Thanks
>
>
>
> root at rs1:/etc/bird# cat bird-rs1-ipv4.conf |grep 43754
>
> ### AS*43754*- Asiatech - VLAN Interface #26
>
> function f_import_as*43754*()
>
> if (bgp_path.first != *43754*) then {
>
> protocol bgp pb_as*43754*_vli26_ipv4 {
>
> description "AS*43754*- Asiatech";
>
> neighbor 185.1.77.20 as *43754*;
>
> import where f_import_as*43754*();
>
>
> On Mon, Apr 20, 2020 at 11:34 AM Frank Habicht <geier at geier.ne.tz
> <mailto:geier at geier.ne.tz>> wrote:
>
> Hi Shahab,
>
> is 43754 in the config?
> the version of the config that was already loaded at last reconfigure?
>
> Frank
>
> On 20/04/2020 09:24, Shahab Vahabzadeh wrote:
> > Frank,
> > Right now in filters in the web, IRRDB is Valid but IRRDB ORIGIN
> AS FILTERED
> >
> > On Mon, Apr 20, 2020 at 10:53 AM Shahab Vahabzadeh <me at shahabv.com
> <mailto:me at shahabv.com>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
> >
> > root at rs1:/etc/bird# cat bird-rs1-ipv4.conf | grep 185.141.213
> >
> >
> > 185.141.171.0/24 <http://185.141.171.0/24>
> <http://185.141.171.0/24>, 185.141.212.0/22
> <http://185.141.212.0/22>
> > <http://185.141.212.0/22>, 185.141.212.0/24
> <http://185.141.212.0/24>
> > <http://185.141.212.0/24>, *185.141.213*.0/24,
> >
> >
> > On Mon, Apr 20, 2020 at 10:51 AM Shahab Vahabzadeh
> <me at shahabv.com <mailto:me at shahabv.com>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
> >
> > bird> show status
> >
> > BIRD 2.0.7
> >
> > Router ID is 185.1.77.1
> >
> > Current server time is 2020-04-20 10:51:29
> >
> > Last reboot on 2020-04-19 11:31:11
> >
> > Last reconfiguration on 2020-04-20 10:48:22
> >
> > Daemon is up and running
> >
> > bird>
> >
> >
> > On Mon, Apr 20, 2020 at 10:47 AM Frank Habicht
> > <geier at geier.ne.tz <mailto:geier at geier.ne.tz>
> <mailto:geier at geier.ne.tz <mailto:geier at geier.ne.tz>>> wrote:
> >
> > Hi,
> >
> > was the bird configuration with the filters re-generated
> > since the AS
> > was added to the AS-SET?
> > If yes, was that operation successful?
> > Maybe you can check the date/time of last change of your
> > bird config file?
> >
> > Frank
> >
> > On 20/04/2020 09:09, Shahab Vahabzadeh wrote:
> > > Frank,
> > > Also Problem in shell solved but in route server no its
> > filter again:
> > >
> > > root at members:~# bgpq3 -S RIPE AS-ASIATECH | grep
> > 185.141.213.0/24 <http://185.141.213.0/24>
> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > >
> > > ip prefix-list NN permit *185.141.213.0/24
> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> <http://185.141.213.0/24>*
> > >
> > >
> > > On Mon, Apr 20, 2020 at 10:38 AM Shahab Vahabzadeh
> > <me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>>> wrote:
> > >
> > > Dear Frank,
> > > I asked customer to add their own AS in side their
> > >
> >
> AS-SET: https://apps.db.ripe.net/db-web-ui/query?searchtext=AS-ASIATECH
> > > But the problem exist and that prefix is
> > >
> >
> filtered: https://members.tehran-ix.ir/lg/rs1-ipv4/routes/protocol/pb_as43754_vli26_ipv4
> > >
> > > 185.141.213.0/24 <http://185.141.213.0/24>
> <http://185.141.213.0/24>
> > <http://185.141.213.0/24>
> > >
> > >
> > >
> > > On Mon, Apr 20, 2020 at 10:35 AM Frank Habicht
> > <geier at geier.ne.tz <mailto:geier at geier.ne.tz>
> <mailto:geier at geier.ne.tz <mailto:geier at geier.ne.tz>>
> > > <mailto:geier at geier.ne.tz
> <mailto:geier at geier.ne.tz> <mailto:geier at geier.ne.tz
> <mailto:geier at geier.ne.tz>>>>
> > wrote:
> > >
> > > Hi Shahab,
> > >
> > > it's better if they (43754) fix the AS-SET to
> > include their own ASN.
> > > That way they will also fix filter generation on
> > their upstream
> > > or any
> > > bilateral peer.
> > > Everybody else generating filters from the
> AS-SET
> > does also not
> > > do the
> > > AND, so your suggestion would fix it only
> for the
> > IXP route
> > > servers, not
> > > for the other places.
> > >
> > > Greetings,
> > > Frank
> > >
> > > On 20/04/2020 08:58, Shahab Vahabzadeh wrote:
> > > > Nick,
> > > > I think I find the problem, Customer AS Number
> > (AS43754) must
> > > be inside
> > > > AS-SET?!
> > > > They (and Me) thought that only AS numbers
> > behind customers
> > > must be there.
> > > > Maybe you can AND it in your queries, Customer
> > AS Number + AS-SET.
> > > > Thanks
> > > >
> > > > On Mon, Apr 20, 2020 at 10:25 AM Shahab
> Vahabzadeh
> > > <me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>>
> > > > <mailto:me at shahabv.com
> <mailto:me at shahabv.com> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>>>> wrote:
> > > >
> > > > Nick,
> > > > Our IRRDB source for all customers is
> RIPE.
> > > > Thanks
> > > >
> > > > On Mon, Apr 20, 2020 at 10:23 AM Shahab
> > Vahabzadeh
> > > <me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>>
> > > > <mailto:me at shahabv.com
> <mailto:me at shahabv.com>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>>>>> wrote:
> > > >
> > > > Dear Nick,
> > > > Now for customer Asiatech (AS43754) we
> > have IPv4 and IPv6
> > > > Peering Macro which is AS-ASIATECH.
> > > > And also as I check the ripe
> > database there is a valid
> > > route
> > > > object for 185.141.213.0/24
> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24> with
> > > > AS43754 itself.
> > > > So why is there an error for this
> prefix?
> > > > Thanks
> > > >
> > > > On Sun, Apr 19, 2020 at 1:53 PM Nick
> > Hilliard (INEX)
> > > > <nick at inex.ie
> <mailto:nick at inex.ie> <mailto:nick at inex.ie <mailto:nick at inex.ie>>
> > <mailto:nick at inex.ie <mailto:nick at inex.ie>
> <mailto:nick at inex.ie <mailto:nick at inex.ie>>>
> > > <mailto:nick at inex.ie <mailto:nick at inex.ie>
> <mailto:nick at inex.ie <mailto:nick at inex.ie>>
> > <mailto:nick at inex.ie <mailto:nick at inex.ie>
> <mailto:nick at inex.ie <mailto:nick at inex.ie>>>>> wrote:
> > > >
> > > > Shahab Vahabzadeh wrote on
> > 19/04/2020 08:34:
> > > > > You are right but what is your
> > idea about this
> > > prefix:
> > > > 185.141.213.0/24
> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24> ?
> > > > > There is a route object in ripe
> > with AS43754 and
> > > this AS
> > > > belongs to the
> > > > > customer himself.
> > > > > But again it's filter with two
> > tag: Prefix Filtered,
> > > > Origin AS Filtered
> > > >
> > > > The list of IRRDB prefixes is
> built
> > using the
> > > "IPv4 Peering
> > > > Macro" and
> > > > "IRRDB Source" in the Customer
> profile.
> > > >
> > > > If the "IPv4 Peering Macro"
> field is
> > blank, then
> > > it uses the AS.
> > > >
> > > > The artisan irrdb:update-prefix-db
> > command uses
> > > the bgpq3
> > > > command to
> > > > populate the local database using
> > the peering
> > > macro and the
> > > > source list.
> > > >
> > > > The first thing to do is check the
> > information
> > > that's going
> > > > into the
> > > > local database.
> > > >
> > > > - you need to check that the
> "IPv4
> > Peering Macro"
> > > is set to
> > > > what the
> > > > customer specifies
> > > >
> > > > - make sure the irrdb source
> looks
> > correct.
> > > Probably it
> > > > should be set
> > > > to "RIPE".
> > > >
> > > > - you need to make sure that
> there
> > is a route:
> > > object in
> > > > the IRRDB for
> > > > the prefix that you're checking.
> > > >
> > > > You can find out what bgpq3 thinks
> > by calling it
> > > directly
> > > > using the
> > > > parameters specified in IXP
> Manager,
> > e.g. if
> > > you've set the
> > > > as-set to be
> > > > blank, it will use the AS itself:
> > > >
> > > > > % bgpq3 -S RIPE AS43754 | grep
> > 185.141.213.0/24 <http://185.141.213.0/24>
> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > > > <http://185.141.213.0/24>
> > > > > ip prefix-list NN permit
> > 185.141.213.0/24 <http://185.141.213.0/24>
> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > > > <http://185.141.213.0/24>
> > > > > %
> > > >
> > > > This means that there's a route:
> > object in the
> > > RIPE IRRDB,
> > > > which is a
> > > > good start.
> > > >
> > > > The next thing would be to
> check the
> > AS-SET that
> > > you're
> > > > using in IXP
> > > > Manager for this customer, along
> > with the IRRDB
> > > source list:
> > > >
> > > > > % bgpq3 -S "<IRRDB source list>"
> > <IPv4 peering
> > > macro> |
> > > > grep 185.141.213.0/24
> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > > >
> > > > If this comes up blank, then
> you've
> > identified
> > > that the
> > > > problem is that
> > > > you're using the wrong IRRDB
> source,
> > the wrong AS
> > > set or
> > > > else that the
> > > > customer hasn't configured
> their AS
> > set properly.
> > > >
> > > > Nick
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Cheers, Shahab
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Cheers, Shahab
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Cheers, Shahab
> > > >
> > > >
> _______________________________________________
> > > > INEX IXP Manager mailing list
> > > > ixpmanager at inex.ie
> <mailto:ixpmanager at inex.ie> <mailto:ixpmanager at inex.ie
> <mailto:ixpmanager at inex.ie>>
> > <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>>
> > > > Unsubscribe or change options here:
> > > https://www.inex.ie/mailman/listinfo/ixpmanager
> > > >
> > > _______________________________________________
> > > INEX IXP Manager mailing list
> > > ixpmanager at inex.ie
> <mailto:ixpmanager at inex.ie> <mailto:ixpmanager at inex.ie
> <mailto:ixpmanager at inex.ie>>
> > <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>>
> > > Unsubscribe or change options here:
> > > https://www.inex.ie/mailman/listinfo/ixpmanager
> > >
> > >
> > >
> > > --
> > >
> > > Cheers, Shahab
> > >
> > >
> > >
> > > --
> > >
> > > Cheers, Shahab
> > >
> > > _______________________________________________
> > > INEX IXP Manager mailing list
> > > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> > > Unsubscribe or change options here:
> > https://www.inex.ie/mailman/listinfo/ixpmanager
> > >
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> > Unsubscribe or change options here:
> > https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> > Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
>
>
>
> --
>
> Cheers, Shahab
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager
>
More information about the ixpmanager
mailing list