[ixpmanager] AS-SET Is not Working

Shahab Vahabzadeh me at shahabv.com
Mon Apr 20 08:13:53 IST 2020


Frank,
No AS Number is not inside allas array but AS Number is inside AS-SET in
ripe.

Thanks



root at rs1:/etc/bird# cat bird-rs1-ipv4.conf |grep 43754

### AS*43754* - Asiatech - VLAN Interface #26

function f_import_as*43754*()

    if (bgp_path.first != *43754* ) then {

protocol bgp pb_as*43754*_vli26_ipv4 {

    description "AS*43754* - Asiatech";

    neighbor 185.1.77.20 as *43754*;

        import where f_import_as*43754*();

On Mon, Apr 20, 2020 at 11:34 AM Frank Habicht <geier at geier.ne.tz> wrote:

> Hi Shahab,
>
> is 43754 in the config?
> the version of the config that was already loaded at last reconfigure?
>
> Frank
>
> On 20/04/2020 09:24, Shahab Vahabzadeh wrote:
> > Frank,
> > Right now in filters in the web, IRRDB is Valid but IRRDB ORIGIN AS
> FILTERED
> >
> > On Mon, Apr 20, 2020 at 10:53 AM Shahab Vahabzadeh <me at shahabv.com
> > <mailto:me at shahabv.com>> wrote:
> >
> >     root at rs1:/etc/bird# cat bird-rs1-ipv4.conf | grep 185.141.213
> >
> >
> >     185.141.171.0/24 <http://185.141.171.0/24>,         185.141.212.0/22
> >     <http://185.141.212.0/22>,         185.141.212.0/24
> >     <http://185.141.212.0/24>,         *185.141.213*.0/24,
> >
> >
> >     On Mon, Apr 20, 2020 at 10:51 AM Shahab Vahabzadeh <me at shahabv.com
> >     <mailto:me at shahabv.com>> wrote:
> >
> >         bird> show status
> >
> >         BIRD 2.0.7
> >
> >         Router ID is 185.1.77.1
> >
> >         Current server time is 2020-04-20 10:51:29
> >
> >         Last reboot on 2020-04-19 11:31:11
> >
> >         Last reconfiguration on 2020-04-20 10:48:22
> >
> >         Daemon is up and running
> >
> >         bird>
> >
> >
> >         On Mon, Apr 20, 2020 at 10:47 AM Frank Habicht
> >         <geier at geier.ne.tz <mailto:geier at geier.ne.tz>> wrote:
> >
> >             Hi,
> >
> >             was the bird configuration with the filters re-generated
> >             since the AS
> >             was added to the AS-SET?
> >             If yes, was that operation successful?
> >             Maybe you can check the date/time of last change of your
> >             bird config file?
> >
> >             Frank
> >
> >             On 20/04/2020 09:09, Shahab Vahabzadeh wrote:
> >             > Frank,
> >             > Also Problem in shell solved but in route server no its
> >             filter again:
> >             >
> >             > root at members:~# bgpq3 -S RIPE AS-ASIATECH | grep
> >             185.141.213.0/24 <http://185.141.213.0/24>
> >             > <http://185.141.213.0/24>
> >             >
> >             > ip prefix-list NN permit *185.141.213.0/24
> >             <http://185.141.213.0/24> <http://185.141.213.0/24>*
> >             >
> >             >
> >             > On Mon, Apr 20, 2020 at 10:38 AM Shahab Vahabzadeh
> >             <me at shahabv.com <mailto:me at shahabv.com>
> >             > <mailto:me at shahabv.com <mailto:me at shahabv.com>>> wrote:
> >             >
> >             >     Dear Frank,
> >             >     I asked customer to add their own AS in side their
> >             >
> >              AS-SET:
> https://apps.db.ripe.net/db-web-ui/query?searchtext=AS-ASIATECH
> >             >     But the problem exist and that prefix is
> >             >
> >              filtered:
> https://members.tehran-ix.ir/lg/rs1-ipv4/routes/protocol/pb_as43754_vli26_ipv4
> >             >
> >             >     185.141.213.0/24 <http://185.141.213.0/24>
> >             <http://185.141.213.0/24>
> >             >
> >             >
> >             >
> >             >     On Mon, Apr 20, 2020 at 10:35 AM Frank Habicht
> >             <geier at geier.ne.tz <mailto:geier at geier.ne.tz>
> >             >     <mailto:geier at geier.ne.tz <mailto:geier at geier.ne.tz>>>
> >             wrote:
> >             >
> >             >         Hi Shahab,
> >             >
> >             >         it's better if they (43754) fix the AS-SET to
> >             include their own ASN.
> >             >         That way they will also fix filter generation on
> >             their upstream
> >             >         or any
> >             >         bilateral peer.
> >             >         Everybody else generating filters from the AS-SET
> >             does also not
> >             >         do the
> >             >         AND, so your suggestion would fix it only for the
> >             IXP route
> >             >         servers, not
> >             >         for the other places.
> >             >
> >             >         Greetings,
> >             >         Frank
> >             >
> >             >         On 20/04/2020 08:58, Shahab Vahabzadeh wrote:
> >             >         > Nick,
> >             >         > I think I find the problem, Customer AS Number
> >             (AS43754) must
> >             >         be inside
> >             >         > AS-SET?!
> >             >         > They (and Me) thought that only AS numbers
> >             behind customers
> >             >         must be there.
> >             >         > Maybe you can AND it in your queries, Customer
> >             AS Number + AS-SET.
> >             >         > Thanks
> >             >         >
> >             >         > On Mon, Apr 20, 2020 at 10:25 AM Shahab
> Vahabzadeh
> >             >         <me at shahabv.com <mailto:me at shahabv.com>
> >             <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> >             >         > <mailto:me at shahabv.com <mailto:me at shahabv.com>
> >             <mailto:me at shahabv.com <mailto:me at shahabv.com>>>> wrote:
> >             >         >
> >             >         >     Nick,
> >             >         >     Our IRRDB source for all customers is RIPE.
> >             >         >     Thanks
> >             >         >
> >             >         >     On Mon, Apr 20, 2020 at 10:23 AM Shahab
> >             Vahabzadeh
> >             >         <me at shahabv.com <mailto:me at shahabv.com>
> >             <mailto:me at shahabv.com <mailto:me at shahabv.com>>
> >             >         >     <mailto:me at shahabv.com
> >             <mailto:me at shahabv.com> <mailto:me at shahabv.com
> >             <mailto:me at shahabv.com>>>> wrote:
> >             >         >
> >             >         >         Dear Nick,
> >             >         >         Now for customer Asiatech (AS43754) we
> >             have IPv4 and IPv6
> >             >         >         Peering Macro which is AS-ASIATECH.
> >             >         >         And also as I check the ripe
> >             database there is a valid
> >             >         route
> >             >         >         object for 185.141.213.0/24
> >             <http://185.141.213.0/24> <http://185.141.213.0/24>
> >             >         <http://185.141.213.0/24> with
> >             >         >         AS43754 itself.
> >             >         >         So why is there an error for this prefix?
> >             >         >         Thanks
> >             >         >
> >             >         >         On Sun, Apr 19, 2020 at 1:53 PM Nick
> >             Hilliard (INEX)
> >             >         >         <nick at inex.ie <mailto:nick at inex.ie>
> >             <mailto:nick at inex.ie <mailto:nick at inex.ie>>
> >             >         <mailto:nick at inex.ie <mailto:nick at inex.ie>
> >             <mailto:nick at inex.ie <mailto:nick at inex.ie>>>> wrote:
> >             >         >
> >             >         >             Shahab Vahabzadeh wrote on
> >             19/04/2020 08:34:
> >             >         >             > You are right but what is your
> >             idea about this
> >             >         prefix:
> >             >         >             185.141.213.0/24
> >             <http://185.141.213.0/24> <http://185.141.213.0/24>
> >             >         <http://185.141.213.0/24>  ?
> >             >         >             > There is a route object in ripe
> >             with AS43754 and
> >             >         this AS
> >             >         >             belongs to the
> >             >         >             > customer himself.
> >             >         >             > But again it's filter with two
> >             tag: Prefix Filtered,
> >             >         >             Origin AS Filtered
> >             >         >
> >             >         >             The list of IRRDB prefixes is built
> >             using the
> >             >         "IPv4 Peering
> >             >         >             Macro" and
> >             >         >             "IRRDB Source" in the Customer
> profile.
> >             >         >
> >             >         >             If the "IPv4 Peering Macro" field is
> >             blank, then
> >             >         it uses the AS.
> >             >         >
> >             >         >             The artisan irrdb:update-prefix-db
> >             command uses
> >             >         the bgpq3
> >             >         >             command to
> >             >         >             populate the local database using
> >             the peering
> >             >         macro and the
> >             >         >             source list.
> >             >         >
> >             >         >             The first thing to do is check the
> >             information
> >             >         that's going
> >             >         >             into the
> >             >         >             local database.
> >             >         >
> >             >         >             -  you need to check that the "IPv4
> >             Peering Macro"
> >             >         is set to
> >             >         >             what the
> >             >         >             customer specifies
> >             >         >
> >             >         >             -  make sure the irrdb source looks
> >             correct.
> >             >         Probably it
> >             >         >             should be set
> >             >         >             to "RIPE".
> >             >         >
> >             >         >             -  you need to make sure that there
> >             is a route:
> >             >         object in
> >             >         >             the IRRDB for
> >             >         >             the prefix that you're checking.
> >             >         >
> >             >         >             You can find out what bgpq3 thinks
> >             by calling it
> >             >         directly
> >             >         >             using the
> >             >         >             parameters specified in IXP Manager,
> >             e.g. if
> >             >         you've set the
> >             >         >             as-set to be
> >             >         >             blank, it will use the AS itself:
> >             >         >
> >             >         >             > % bgpq3 -S RIPE AS43754 | grep
> >             185.141.213.0/24 <http://185.141.213.0/24>
> >             >         <http://185.141.213.0/24>
> >             >         >             <http://185.141.213.0/24>
> >             >         >             > ip prefix-list NN permit
> >             185.141.213.0/24 <http://185.141.213.0/24>
> >             >         <http://185.141.213.0/24>
> >             >         >             <http://185.141.213.0/24>
> >             >         >             > %
> >             >         >
> >             >         >             This means that there's a route:
> >             object in the
> >             >         RIPE IRRDB,
> >             >         >             which is a
> >             >         >             good start.
> >             >         >
> >             >         >             The next thing would be to check the
> >             AS-SET that
> >             >         you're
> >             >         >             using in IXP
> >             >         >             Manager for this customer, along
> >             with the IRRDB
> >             >         source list:
> >             >         >
> >             >         >             > % bgpq3 -S "<IRRDB source list>"
> >             <IPv4 peering
> >             >         macro> |
> >             >         >             grep 185.141.213.0/24
> >             <http://185.141.213.0/24> <http://185.141.213.0/24>
> >             >         <http://185.141.213.0/24>
> >             >         >
> >             >         >             If this comes up blank, then you've
> >             identified
> >             >         that the
> >             >         >             problem is that
> >             >         >             you're using the wrong IRRDB source,
> >             the wrong AS
> >             >         set or
> >             >         >             else that the
> >             >         >             customer hasn't configured their AS
> >             set properly.
> >             >         >
> >             >         >             Nick
> >             >         >
> >             >         >
> >             >         >
> >             >         >         --
> >             >         >
> >             >         >         Cheers, Shahab
> >             >         >
> >             >         >
> >             >         >
> >             >         >     --
> >             >         >
> >             >         >     Cheers, Shahab
> >             >         >
> >             >         >
> >             >         >
> >             >         > --
> >             >         >
> >             >         > Cheers, Shahab
> >             >         >
> >             >         > _______________________________________________
> >             >         > INEX IXP Manager mailing list
> >             >         > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> >             <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> >             >         > Unsubscribe or change options here:
> >             >         https://www.inex.ie/mailman/listinfo/ixpmanager
> >             >         >
> >             >         _______________________________________________
> >             >         INEX IXP Manager mailing list
> >             >         ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> >             <mailto:ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>>
> >             >         Unsubscribe or change options here:
> >             >         https://www.inex.ie/mailman/listinfo/ixpmanager
> >             >
> >             >
> >             >
> >             >     --
> >             >
> >             >     Cheers, Shahab
> >             >
> >             >
> >             >
> >             > --
> >             >
> >             > Cheers, Shahab
> >             >
> >             > _______________________________________________
> >             > INEX IXP Manager mailing list
> >             > ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> >             > Unsubscribe or change options here:
> >             https://www.inex.ie/mailman/listinfo/ixpmanager
> >             >
> >             _______________________________________________
> >             INEX IXP Manager mailing list
> >             ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
> >             Unsubscribe or change options here:
> >             https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> >
> >
> >         --
> >
> >         Cheers, Shahab
> >
> >
> >
> >     --
> >
> >     Cheers, Shahab
> >
> >
> >
> > --
> >
> > Cheers, Shahab
> >
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie
> > Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
> >
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
>


-- 

Cheers, Shahab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20200420/8b7164f6/attachment-0001.htm>


More information about the ixpmanager mailing list