[ixpmanager] AS-SET Is not Working
Shahab Vahabzadeh
me at shahabv.com
Mon Apr 20 07:24:59 IST 2020
Frank,
Right now in filters in the web, IRRDB is Valid but IRRDB ORIGIN AS FILTERED
On Mon, Apr 20, 2020 at 10:53 AM Shahab Vahabzadeh <me at shahabv.com> wrote:
> root at rs1:/etc/bird# cat bird-rs1-ipv4.conf | grep 185.141.213
>
>
> 185.141.171.0/24, 185.141.212.0/22, 185.141.212.0/24,
> *185.141.213*.0/24,
>
> On Mon, Apr 20, 2020 at 10:51 AM Shahab Vahabzadeh <me at shahabv.com> wrote:
>
>> bird> show status
>>
>> BIRD 2.0.7
>>
>> Router ID is 185.1.77.1
>>
>> Current server time is 2020-04-20 10:51:29
>>
>> Last reboot on 2020-04-19 11:31:11
>>
>> Last reconfiguration on 2020-04-20 10:48:22
>>
>> Daemon is up and running
>>
>> bird>
>>
>> On Mon, Apr 20, 2020 at 10:47 AM Frank Habicht <geier at geier.ne.tz> wrote:
>>
>>> Hi,
>>>
>>> was the bird configuration with the filters re-generated since the AS
>>> was added to the AS-SET?
>>> If yes, was that operation successful?
>>> Maybe you can check the date/time of last change of your bird config
>>> file?
>>>
>>> Frank
>>>
>>> On 20/04/2020 09:09, Shahab Vahabzadeh wrote:
>>> > Frank,
>>> > Also Problem in shell solved but in route server no its filter again:
>>> >
>>> > root at members:~# bgpq3 -S RIPE AS-ASIATECH | grep 185.141.213.0/24
>>> > <http://185.141.213.0/24>
>>> >
>>> > ip prefix-list NN permit *185.141.213.0/24 <http://185.141.213.0/24>*
>>> >
>>> >
>>> > On Mon, Apr 20, 2020 at 10:38 AM Shahab Vahabzadeh <me at shahabv.com
>>> > <mailto:me at shahabv.com>> wrote:
>>> >
>>> > Dear Frank,
>>> > I asked customer to add their own AS in side their
>>> > AS-SET:
>>> https://apps.db.ripe.net/db-web-ui/query?searchtext=AS-ASIATECH
>>> > But the problem exist and that prefix is
>>> > filtered:
>>> https://members.tehran-ix.ir/lg/rs1-ipv4/routes/protocol/pb_as43754_vli26_ipv4
>>> >
>>> > 185.141.213.0/24 <http://185.141.213.0/24>
>>> >
>>> >
>>> >
>>> > On Mon, Apr 20, 2020 at 10:35 AM Frank Habicht <geier at geier.ne.tz
>>> > <mailto:geier at geier.ne.tz>> wrote:
>>> >
>>> > Hi Shahab,
>>> >
>>> > it's better if they (43754) fix the AS-SET to include their
>>> own ASN.
>>> > That way they will also fix filter generation on their upstream
>>> > or any
>>> > bilateral peer.
>>> > Everybody else generating filters from the AS-SET does also not
>>> > do the
>>> > AND, so your suggestion would fix it only for the IXP route
>>> > servers, not
>>> > for the other places.
>>> >
>>> > Greetings,
>>> > Frank
>>> >
>>> > On 20/04/2020 08:58, Shahab Vahabzadeh wrote:
>>> > > Nick,
>>> > > I think I find the problem, Customer AS Number (AS43754) must
>>> > be inside
>>> > > AS-SET?!
>>> > > They (and Me) thought that only AS numbers behind customers
>>> > must be there.
>>> > > Maybe you can AND it in your queries, Customer AS Number +
>>> AS-SET.
>>> > > Thanks
>>> > >
>>> > > On Mon, Apr 20, 2020 at 10:25 AM Shahab Vahabzadeh
>>> > <me at shahabv.com <mailto:me at shahabv.com>
>>> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
>>> > >
>>> > > Nick,
>>> > > Our IRRDB source for all customers is RIPE.
>>> > > Thanks
>>> > >
>>> > > On Mon, Apr 20, 2020 at 10:23 AM Shahab Vahabzadeh
>>> > <me at shahabv.com <mailto:me at shahabv.com>
>>> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
>>> > >
>>> > > Dear Nick,
>>> > > Now for customer Asiatech (AS43754) we have IPv4 and
>>> IPv6
>>> > > Peering Macro which is AS-ASIATECH.
>>> > > And also as I check the ripe database there is a
>>> valid
>>> > route
>>> > > object for 185.141.213.0/24 <http://185.141.213.0/24
>>> >
>>> > <http://185.141.213.0/24> with
>>> > > AS43754 itself.
>>> > > So why is there an error for this prefix?
>>> > > Thanks
>>> > >
>>> > > On Sun, Apr 19, 2020 at 1:53 PM Nick Hilliard (INEX)
>>> > > <nick at inex.ie <mailto:nick at inex.ie>
>>> > <mailto:nick at inex.ie <mailto:nick at inex.ie>>> wrote:
>>> > >
>>> > > Shahab Vahabzadeh wrote on 19/04/2020 08:34:
>>> > > > You are right but what is your idea about this
>>> > prefix:
>>> > > 185.141.213.0/24 <http://185.141.213.0/24>
>>> > <http://185.141.213.0/24> ?
>>> > > > There is a route object in ripe with AS43754
>>> and
>>> > this AS
>>> > > belongs to the
>>> > > > customer himself.
>>> > > > But again it's filter with two tag: Prefix
>>> Filtered,
>>> > > Origin AS Filtered
>>> > >
>>> > > The list of IRRDB prefixes is built using the
>>> > "IPv4 Peering
>>> > > Macro" and
>>> > > "IRRDB Source" in the Customer profile.
>>> > >
>>> > > If the "IPv4 Peering Macro" field is blank, then
>>> > it uses the AS.
>>> > >
>>> > > The artisan irrdb:update-prefix-db command uses
>>> > the bgpq3
>>> > > command to
>>> > > populate the local database using the peering
>>> > macro and the
>>> > > source list.
>>> > >
>>> > > The first thing to do is check the information
>>> > that's going
>>> > > into the
>>> > > local database.
>>> > >
>>> > > - you need to check that the "IPv4 Peering
>>> Macro"
>>> > is set to
>>> > > what the
>>> > > customer specifies
>>> > >
>>> > > - make sure the irrdb source looks correct.
>>> > Probably it
>>> > > should be set
>>> > > to "RIPE".
>>> > >
>>> > > - you need to make sure that there is a route:
>>> > object in
>>> > > the IRRDB for
>>> > > the prefix that you're checking.
>>> > >
>>> > > You can find out what bgpq3 thinks by calling it
>>> > directly
>>> > > using the
>>> > > parameters specified in IXP Manager, e.g. if
>>> > you've set the
>>> > > as-set to be
>>> > > blank, it will use the AS itself:
>>> > >
>>> > > > % bgpq3 -S RIPE AS43754 | grep
>>> 185.141.213.0/24
>>> > <http://185.141.213.0/24>
>>> > > <http://185.141.213.0/24>
>>> > > > ip prefix-list NN permit 185.141.213.0/24
>>> > <http://185.141.213.0/24>
>>> > > <http://185.141.213.0/24>
>>> > > > %
>>> > >
>>> > > This means that there's a route: object in the
>>> > RIPE IRRDB,
>>> > > which is a
>>> > > good start.
>>> > >
>>> > > The next thing would be to check the AS-SET that
>>> > you're
>>> > > using in IXP
>>> > > Manager for this customer, along with the IRRDB
>>> > source list:
>>> > >
>>> > > > % bgpq3 -S "<IRRDB source list>" <IPv4 peering
>>> > macro> |
>>> > > grep 185.141.213.0/24 <http://185.141.213.0/24>
>>> > <http://185.141.213.0/24>
>>> > >
>>> > > If this comes up blank, then you've identified
>>> > that the
>>> > > problem is that
>>> > > you're using the wrong IRRDB source, the wrong AS
>>> > set or
>>> > > else that the
>>> > > customer hasn't configured their AS set properly.
>>> > >
>>> > > Nick
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > >
>>> > > Cheers, Shahab
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > >
>>> > > Cheers, Shahab
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > >
>>> > > Cheers, Shahab
>>> > >
>>> > > _______________________________________________
>>> > > INEX IXP Manager mailing list
>>> > > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
>>> > > Unsubscribe or change options here:
>>> > https://www.inex.ie/mailman/listinfo/ixpmanager
>>> > >
>>> > _______________________________________________
>>> > INEX IXP Manager mailing list
>>> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
>>> > Unsubscribe or change options here:
>>> > https://www.inex.ie/mailman/listinfo/ixpmanager
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> > Cheers, Shahab
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> > Cheers, Shahab
>>> >
>>> > _______________________________________________
>>> > INEX IXP Manager mailing list
>>> > ixpmanager at inex.ie
>>> > Unsubscribe or change options here:
>>> https://www.inex.ie/mailman/listinfo/ixpmanager
>>> >
>>> _______________________________________________
>>> INEX IXP Manager mailing list
>>> ixpmanager at inex.ie
>>> Unsubscribe or change options here:
>>> https://www.inex.ie/mailman/listinfo/ixpmanager
>>>
>>
>>
>> --
>>
>> Cheers, Shahab
>>
>
>
> --
>
> Cheers, Shahab
>
--
Cheers, Shahab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20200420/95f3a03d/attachment-0001.htm>
More information about the ixpmanager
mailing list