diff options
Diffstat (limited to 'roles/uvok_bird/files')
-rw-r--r-- | roles/uvok_bird/files/clear_filters.conf | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/roles/uvok_bird/files/clear_filters.conf b/roles/uvok_bird/files/clear_filters.conf index bb01b4c..303ea91 100644 --- a/roles/uvok_bird/files/clear_filters.conf +++ b/roles/uvok_bird/files/clear_filters.conf @@ -128,12 +128,33 @@ function reject_roa_rpki() } } -function prefer_direct_neighbor() +# take the set of allowed ASes (as first AS), according to IRR +# adds filter if first AS in BGP path is not in allowed list +function reject_irr_invalid_as(int set irr_ases) { - if (bgp_path.len = 1) then - bgp_local_pref = bgp_local_pref + 700; + if (bgp_path.first !~ irr_ases) then { + print "Reject: Not in IRR AS list: ", net, " ", bgp_path; + clearnet_add_filter(FILTER_IRR); + } +} + +# take the set of allowed prefixes (prefix set), according to IRR +# adds filter if net is not in allowed list +function reject_irr_invalid_net(prefix set irr_prefixes) +{ + if (net !~ irr_prefixes) then { + print "Reject: Not in IRR AS list: ", net, " ", bgp_path; + clearnet_add_filter(FILTER_IRR); + } } +# ... what did I think? Shortest AS path wins anyway. +# function prefer_direct_neighbor() +# { +# if (bgp_path.len = 1) then +# bgp_local_pref = bgp_local_pref + 700; +# } + function clearnet_common_import() { reject_bogon_asns(); @@ -142,7 +163,7 @@ function clearnet_common_import() { reject_small_prefixes(); reject_problem_prefixes(); reject_roa_rpki(); - prefer_direct_neighbor(); + #prefer_direct_neighbor(); honor_graceful_shutdown(); } |