[ixpmanager] AS-SET Is not Working
Shahab Vahabzadeh
me at shahabv.com
Mon Apr 20 07:23:15 IST 2020
root at rs1:/etc/bird# cat bird-rs1-ipv4.conf | grep 185.141.213
185.141.171.0/24, 185.141.212.0/22, 185.141.212.0/24,
*185.141.213*.0/24,
On Mon, Apr 20, 2020 at 10:51 AM Shahab Vahabzadeh <me at shahabv.com> wrote:
> bird> show status
>
> BIRD 2.0.7
>
> Router ID is 185.1.77.1
>
> Current server time is 2020-04-20 10:51:29
>
> Last reboot on 2020-04-19 11:31:11
>
> Last reconfiguration on 2020-04-20 10:48:22
>
> Daemon is up and running
>
> bird>
>
> On Mon, Apr 20, 2020 at 10:47 AM Frank Habicht <geier at geier.ne.tz> wrote:
>
>> Hi,
>>
>> was the bird configuration with the filters re-generated since the AS
>> was added to the AS-SET?
>> If yes, was that operation successful?
>> Maybe you can check the date/time of last change of your bird config file?
>>
>> Frank
>>
>> On 20/04/2020 09:09, Shahab Vahabzadeh wrote:
>> > Frank,
>> > Also Problem in shell solved but in route server no its filter again:
>> >
>> > root at members:~# bgpq3 -S RIPE AS-ASIATECH | grep 185.141.213.0/24
>> > <http://185.141.213.0/24>
>> >
>> > ip prefix-list NN permit *185.141.213.0/24 <http://185.141.213.0/24>*
>> >
>> >
>> > On Mon, Apr 20, 2020 at 10:38 AM Shahab Vahabzadeh <me at shahabv.com
>> > <mailto:me at shahabv.com>> wrote:
>> >
>> > Dear Frank,
>> > I asked customer to add their own AS in side their
>> > AS-SET:
>> https://apps.db.ripe.net/db-web-ui/query?searchtext=AS-ASIATECH
>> > But the problem exist and that prefix is
>> > filtered:
>> https://members.tehran-ix.ir/lg/rs1-ipv4/routes/protocol/pb_as43754_vli26_ipv4
>> >
>> > 185.141.213.0/24 <http://185.141.213.0/24>
>> >
>> >
>> >
>> > On Mon, Apr 20, 2020 at 10:35 AM Frank Habicht <geier at geier.ne.tz
>> > <mailto:geier at geier.ne.tz>> wrote:
>> >
>> > Hi Shahab,
>> >
>> > it's better if they (43754) fix the AS-SET to include their own
>> ASN.
>> > That way they will also fix filter generation on their upstream
>> > or any
>> > bilateral peer.
>> > Everybody else generating filters from the AS-SET does also not
>> > do the
>> > AND, so your suggestion would fix it only for the IXP route
>> > servers, not
>> > for the other places.
>> >
>> > Greetings,
>> > Frank
>> >
>> > On 20/04/2020 08:58, Shahab Vahabzadeh wrote:
>> > > Nick,
>> > > I think I find the problem, Customer AS Number (AS43754) must
>> > be inside
>> > > AS-SET?!
>> > > They (and Me) thought that only AS numbers behind customers
>> > must be there.
>> > > Maybe you can AND it in your queries, Customer AS Number +
>> AS-SET.
>> > > Thanks
>> > >
>> > > On Mon, Apr 20, 2020 at 10:25 AM Shahab Vahabzadeh
>> > <me at shahabv.com <mailto:me at shahabv.com>
>> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
>> > >
>> > > Nick,
>> > > Our IRRDB source for all customers is RIPE.
>> > > Thanks
>> > >
>> > > On Mon, Apr 20, 2020 at 10:23 AM Shahab Vahabzadeh
>> > <me at shahabv.com <mailto:me at shahabv.com>
>> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
>> > >
>> > > Dear Nick,
>> > > Now for customer Asiatech (AS43754) we have IPv4 and
>> IPv6
>> > > Peering Macro which is AS-ASIATECH.
>> > > And also as I check the ripe database there is a valid
>> > route
>> > > object for 185.141.213.0/24 <http://185.141.213.0/24>
>> > <http://185.141.213.0/24> with
>> > > AS43754 itself.
>> > > So why is there an error for this prefix?
>> > > Thanks
>> > >
>> > > On Sun, Apr 19, 2020 at 1:53 PM Nick Hilliard (INEX)
>> > > <nick at inex.ie <mailto:nick at inex.ie>
>> > <mailto:nick at inex.ie <mailto:nick at inex.ie>>> wrote:
>> > >
>> > > Shahab Vahabzadeh wrote on 19/04/2020 08:34:
>> > > > You are right but what is your idea about this
>> > prefix:
>> > > 185.141.213.0/24 <http://185.141.213.0/24>
>> > <http://185.141.213.0/24> ?
>> > > > There is a route object in ripe with AS43754 and
>> > this AS
>> > > belongs to the
>> > > > customer himself.
>> > > > But again it's filter with two tag: Prefix
>> Filtered,
>> > > Origin AS Filtered
>> > >
>> > > The list of IRRDB prefixes is built using the
>> > "IPv4 Peering
>> > > Macro" and
>> > > "IRRDB Source" in the Customer profile.
>> > >
>> > > If the "IPv4 Peering Macro" field is blank, then
>> > it uses the AS.
>> > >
>> > > The artisan irrdb:update-prefix-db command uses
>> > the bgpq3
>> > > command to
>> > > populate the local database using the peering
>> > macro and the
>> > > source list.
>> > >
>> > > The first thing to do is check the information
>> > that's going
>> > > into the
>> > > local database.
>> > >
>> > > - you need to check that the "IPv4 Peering Macro"
>> > is set to
>> > > what the
>> > > customer specifies
>> > >
>> > > - make sure the irrdb source looks correct.
>> > Probably it
>> > > should be set
>> > > to "RIPE".
>> > >
>> > > - you need to make sure that there is a route:
>> > object in
>> > > the IRRDB for
>> > > the prefix that you're checking.
>> > >
>> > > You can find out what bgpq3 thinks by calling it
>> > directly
>> > > using the
>> > > parameters specified in IXP Manager, e.g. if
>> > you've set the
>> > > as-set to be
>> > > blank, it will use the AS itself:
>> > >
>> > > > % bgpq3 -S RIPE AS43754 | grep 185.141.213.0/24
>> > <http://185.141.213.0/24>
>> > > <http://185.141.213.0/24>
>> > > > ip prefix-list NN permit 185.141.213.0/24
>> > <http://185.141.213.0/24>
>> > > <http://185.141.213.0/24>
>> > > > %
>> > >
>> > > This means that there's a route: object in the
>> > RIPE IRRDB,
>> > > which is a
>> > > good start.
>> > >
>> > > The next thing would be to check the AS-SET that
>> > you're
>> > > using in IXP
>> > > Manager for this customer, along with the IRRDB
>> > source list:
>> > >
>> > > > % bgpq3 -S "<IRRDB source list>" <IPv4 peering
>> > macro> |
>> > > grep 185.141.213.0/24 <http://185.141.213.0/24>
>> > <http://185.141.213.0/24>
>> > >
>> > > If this comes up blank, then you've identified
>> > that the
>> > > problem is that
>> > > you're using the wrong IRRDB source, the wrong AS
>> > set or
>> > > else that the
>> > > customer hasn't configured their AS set properly.
>> > >
>> > > Nick
>> > >
>> > >
>> > >
>> > > --
>> > >
>> > > Cheers, Shahab
>> > >
>> > >
>> > >
>> > > --
>> > >
>> > > Cheers, Shahab
>> > >
>> > >
>> > >
>> > > --
>> > >
>> > > Cheers, Shahab
>> > >
>> > > _______________________________________________
>> > > INEX IXP Manager mailing list
>> > > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
>> > > Unsubscribe or change options here:
>> > https://www.inex.ie/mailman/listinfo/ixpmanager
>> > >
>> > _______________________________________________
>> > INEX IXP Manager mailing list
>> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
>> > Unsubscribe or change options here:
>> > https://www.inex.ie/mailman/listinfo/ixpmanager
>> >
>> >
>> >
>> > --
>> >
>> > Cheers, Shahab
>> >
>> >
>> >
>> > --
>> >
>> > Cheers, Shahab
>> >
>> > _______________________________________________
>> > INEX IXP Manager mailing list
>> > ixpmanager at inex.ie
>> > Unsubscribe or change options here:
>> https://www.inex.ie/mailman/listinfo/ixpmanager
>> >
>> _______________________________________________
>> INEX IXP Manager mailing list
>> ixpmanager at inex.ie
>> Unsubscribe or change options here:
>> https://www.inex.ie/mailman/listinfo/ixpmanager
>>
>
>
> --
>
> Cheers, Shahab
>
--
Cheers, Shahab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20200420/552d4f3d/attachment-0001.htm>
More information about the ixpmanager
mailing list