diff options
| author | uvok cheetah | 2024-07-21 14:05:08 +0200 |
|---|---|---|
| committer | uvok cheetah | 2024-07-21 14:05:17 +0200 |
| commit | 934e7660c90f5863eefbcf145a3ef988542fb2dc (patch) | |
| tree | 303aa39a21bc28dcdd5acccfceedb60be58fd9e3 /roles | |
| parent | faefd5cda8a0d24b090f7b9c9952d4464a262a49 (diff) | |
bird: Add IRR filter
also, remove "direct neighbor" preference
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/uvok_bird/files/clear_filters.conf | 29 | ||||
| -rw-r--r-- | roles/uvok_bird/templates/clear_defines.conf.j2 | 1 |
2 files changed, 26 insertions, 4 deletions
diff --git a/roles/uvok_bird/files/clear_filters.conf b/roles/uvok_bird/files/clear_filters.conf index bb01b4c..303ea91 100644 --- a/roles/uvok_bird/files/clear_filters.conf +++ b/roles/uvok_bird/files/clear_filters.conf @@ -128,12 +128,33 @@ function reject_roa_rpki() } } -function prefer_direct_neighbor() +# take the set of allowed ASes (as first AS), according to IRR +# adds filter if first AS in BGP path is not in allowed list +function reject_irr_invalid_as(int set irr_ases) { - if (bgp_path.len = 1) then - bgp_local_pref = bgp_local_pref + 700; + if (bgp_path.first !~ irr_ases) then { + print "Reject: Not in IRR AS list: ", net, " ", bgp_path; + clearnet_add_filter(FILTER_IRR); + } +} + +# take the set of allowed prefixes (prefix set), according to IRR +# adds filter if net is not in allowed list +function reject_irr_invalid_net(prefix set irr_prefixes) +{ + if (net !~ irr_prefixes) then { + print "Reject: Not in IRR AS list: ", net, " ", bgp_path; + clearnet_add_filter(FILTER_IRR); + } } +# ... what did I think? Shortest AS path wins anyway. +# function prefer_direct_neighbor() +# { +# if (bgp_path.len = 1) then +# bgp_local_pref = bgp_local_pref + 700; +# } + function clearnet_common_import() { reject_bogon_asns(); @@ -142,7 +163,7 @@ function clearnet_common_import() { reject_small_prefixes(); reject_problem_prefixes(); reject_roa_rpki(); - prefer_direct_neighbor(); + #prefer_direct_neighbor(); honor_graceful_shutdown(); } diff --git a/roles/uvok_bird/templates/clear_defines.conf.j2 b/roles/uvok_bird/templates/clear_defines.conf.j2 index 40b6bca..15e67cf 100644 --- a/roles/uvok_bird/templates/clear_defines.conf.j2 +++ b/roles/uvok_bird/templates/clear_defines.conf.j2 @@ -24,3 +24,4 @@ define FILTER_PROBLEM_PREFIX = 202; define FILTER_LONG_ASPATH = 203; define FILTER_SMALL_V6_PREFIX = 204; define FILTER_ROA_RPKI = 205; +define FILTER_IRR = 206; |