[ixpmanager] AS-SET Is not Working
Frank Habicht
geier at geier.ne.tz
Mon Apr 20 08:04:21 IST 2020
Hi Shahab,
is 43754 in the config?
the version of the config that was already loaded at last reconfigure?
Frank
On 20/04/2020 09:24, Shahab Vahabzadeh wrote:
> Frank,
> Right now in filters in the web, IRRDB is Valid but IRRDB ORIGIN AS FILTERED
>
> On Mon, Apr 20, 2020 at 10:53 AM Shahab Vahabzadeh <me at shahabv.com
> <mailto:me at shahabv.com>> wrote:
>
> root at rs1:/etc/bird# cat bird-rs1-ipv4.conf | grep 185.141.213
>
>
> 185.141.171.0/24 <http://185.141.171.0/24>, 185.141.212.0/22
> <http://185.141.212.0/22>, 185.141.212.0/24
> <http://185.141.212.0/24>, *185.141.213*.0/24,
>
>
> On Mon, Apr 20, 2020 at 10:51 AM Shahab Vahabzadeh <me at shahabv.com
> <mailto:me at shahabv.com>> wrote:
>
> bird> show status
>
> BIRD 2.0.7
>
> Router ID is 185.1.77.1
>
> Current server time is 2020-04-20 10:51:29
>
> Last reboot on 2020-04-19 11:31:11
>
> Last reconfiguration on 2020-04-20 10:48:22
>
> Daemon is up and running
>
> bird>
>
>
> On Mon, Apr 20, 2020 at 10:47 AM Frank Habicht
> <geier at geier.ne.tz <mailto:geier at geier.ne.tz>> wrote:
>
> Hi,
>
> was the bird configuration with the filters re-generated
> since the AS
> was added to the AS-SET?
> If yes, was that operation successful?
> Maybe you can check the date/time of last change of your
> bird config file?
>
> Frank
>
> On 20/04/2020 09:09, Shahab Vahabzadeh wrote:
> > Frank,
> > Also Problem in shell solved but in route server no its
> filter again:
> >
> > root at members:~# bgpq3 -S RIPE AS-ASIATECH | grep
> 185.141.213.0/24 <http://185.141.213.0/24>
> > <http://185.141.213.0/24>
> >
> > ip prefix-list NN permit *185.141.213.0/24
> <http://185.141.213.0/24> <http://185.141.213.0/24>*
> >
> >
> > On Mon, Apr 20, 2020 at 10:38 AM Shahab Vahabzadeh
> <me at shahabv.com <mailto:me at shahabv.com>
> > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
> >
> > Dear Frank,
> > I asked customer to add their own AS in side their
> >
> AS-SET: https://apps.db.ripe.net/db-web-ui/query?searchtext=AS-ASIATECH
> > But the problem exist and that prefix is
> >
> filtered: https://members.tehran-ix.ir/lg/rs1-ipv4/routes/protocol/pb_as43754_vli26_ipv4
> >
> > 185.141.213.0/24 <http://185.141.213.0/24>
> <http://185.141.213.0/24>
> >
> >
> >
> > On Mon, Apr 20, 2020 at 10:35 AM Frank Habicht
> <geier at geier.ne.tz <mailto:geier at geier.ne.tz>
> > <mailto:geier at geier.ne.tz <mailto:geier at geier.ne.tz>>>
> wrote:
> >
> > Hi Shahab,
> >
> > it's better if they (43754) fix the AS-SET to
> include their own ASN.
> > That way they will also fix filter generation on
> their upstream
> > or any
> > bilateral peer.
> > Everybody else generating filters from the AS-SET
> does also not
> > do the
> > AND, so your suggestion would fix it only for the
> IXP route
> > servers, not
> > for the other places.
> >
> > Greetings,
> > Frank
> >
> > On 20/04/2020 08:58, Shahab Vahabzadeh wrote:
> > > Nick,
> > > I think I find the problem, Customer AS Number
> (AS43754) must
> > be inside
> > > AS-SET?!
> > > They (and Me) thought that only AS numbers
> behind customers
> > must be there.
> > > Maybe you can AND it in your queries, Customer
> AS Number + AS-SET.
> > > Thanks
> > >
> > > On Mon, Apr 20, 2020 at 10:25 AM Shahab Vahabzadeh
> > <me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>>> wrote:
> > >
> > > Nick,
> > > Our IRRDB source for all customers is RIPE.
> > > Thanks
> > >
> > > On Mon, Apr 20, 2020 at 10:23 AM Shahab
> Vahabzadeh
> > <me at shahabv.com <mailto:me at shahabv.com>
> <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> > > <mailto:me at shahabv.com
> <mailto:me at shahabv.com> <mailto:me at shahabv.com
> <mailto:me at shahabv.com>>>> wrote:
> > >
> > > Dear Nick,
> > > Now for customer Asiatech (AS43754) we
> have IPv4 and IPv6
> > > Peering Macro which is AS-ASIATECH.
> > > And also as I check the ripe
> database there is a valid
> > route
> > > object for 185.141.213.0/24
> <http://185.141.213.0/24> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> with
> > > AS43754 itself.
> > > So why is there an error for this prefix?
> > > Thanks
> > >
> > > On Sun, Apr 19, 2020 at 1:53 PM Nick
> Hilliard (INEX)
> > > <nick at inex.ie <mailto:nick at inex.ie>
> <mailto:nick at inex.ie <mailto:nick at inex.ie>>
> > <mailto:nick at inex.ie <mailto:nick at inex.ie>
> <mailto:nick at inex.ie <mailto:nick at inex.ie>>>> wrote:
> > >
> > > Shahab Vahabzadeh wrote on
> 19/04/2020 08:34:
> > > > You are right but what is your
> idea about this
> > prefix:
> > > 185.141.213.0/24
> <http://185.141.213.0/24> <http://185.141.213.0/24>
> > <http://185.141.213.0/24> ?
> > > > There is a route object in ripe
> with AS43754 and
> > this AS
> > > belongs to the
> > > > customer himself.
> > > > But again it's filter with two
> tag: Prefix Filtered,
> > > Origin AS Filtered
> > >
> > > The list of IRRDB prefixes is built
> using the
> > "IPv4 Peering
> > > Macro" and
> > > "IRRDB Source" in the Customer profile.
> > >
> > > If the "IPv4 Peering Macro" field is
> blank, then
> > it uses the AS.
> > >
> > > The artisan irrdb:update-prefix-db
> command uses
> > the bgpq3
> > > command to
> > > populate the local database using
> the peering
> > macro and the
> > > source list.
> > >
> > > The first thing to do is check the
> information
> > that's going
> > > into the
> > > local database.
> > >
> > > - you need to check that the "IPv4
> Peering Macro"
> > is set to
> > > what the
> > > customer specifies
> > >
> > > - make sure the irrdb source looks
> correct.
> > Probably it
> > > should be set
> > > to "RIPE".
> > >
> > > - you need to make sure that there
> is a route:
> > object in
> > > the IRRDB for
> > > the prefix that you're checking.
> > >
> > > You can find out what bgpq3 thinks
> by calling it
> > directly
> > > using the
> > > parameters specified in IXP Manager,
> e.g. if
> > you've set the
> > > as-set to be
> > > blank, it will use the AS itself:
> > >
> > > > % bgpq3 -S RIPE AS43754 | grep
> 185.141.213.0/24 <http://185.141.213.0/24>
> > <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > > > ip prefix-list NN permit
> 185.141.213.0/24 <http://185.141.213.0/24>
> > <http://185.141.213.0/24>
> > > <http://185.141.213.0/24>
> > > > %
> > >
> > > This means that there's a route:
> object in the
> > RIPE IRRDB,
> > > which is a
> > > good start.
> > >
> > > The next thing would be to check the
> AS-SET that
> > you're
> > > using in IXP
> > > Manager for this customer, along
> with the IRRDB
> > source list:
> > >
> > > > % bgpq3 -S "<IRRDB source list>"
> <IPv4 peering
> > macro> |
> > > grep 185.141.213.0/24
> <http://185.141.213.0/24> <http://185.141.213.0/24>
> > <http://185.141.213.0/24>
> > >
> > > If this comes up blank, then you've
> identified
> > that the
> > > problem is that
> > > you're using the wrong IRRDB source,
> the wrong AS
> > set or
> > > else that the
> > > customer hasn't configured their AS
> set properly.
> > >
> > > Nick
> > >
> > >
> > >
> > > --
> > >
> > > Cheers, Shahab
> > >
> > >
> > >
> > > --
> > >
> > > Cheers, Shahab
> > >
> > >
> > >
> > > --
> > >
> > > Cheers, Shahab
> > >
> > > _______________________________________________
> > > INEX IXP Manager mailing list
> > > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> > > Unsubscribe or change options here:
> > https://www.inex.ie/mailman/listinfo/ixpmanager
> > >
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> > Unsubscribe or change options here:
> > https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> > Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
>
>
>
> --
>
> Cheers, Shahab
>
>
>
> --
>
> Cheers, Shahab
>
>
>
> --
>
> Cheers, Shahab
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager
>
More information about the ixpmanager
mailing list