bird/filters/dn42.conf

88 lines
1.9 KiB
Text

function is_dn42() {
return net ~ [
172.20.0.0/14{21,29},
172.20.0.0/24{28,32}, # Anycast
172.21.0.0/24{28,32}, # Anycast
172.22.0.0/24{28,32}, # Anycast
172.23.0.0/24{28,32}, # Anycast
fd00::/8{44,64}
];
}
function dn42_import_v4()
bool ok;
{
ok = true;
if bgp_path ~ [= * 4242421331 * =] then reject;
if is_mine_dn42() then
ok = false;
if ! is_dn42() then
ok = false;
if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then
bgp_large_community.add(informational_rpki_valid);
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
bgp_large_community.add(informational_rpki_unknown);
else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
bgp_large_community.add(informational_rpki_invalid);
ok = false;
}
else
bgp_large_community.add(informational_rpki_not_checked);
return ok;
}
function dn42_import_v6()
bool ok;
{
ok = true;
if bgp_path ~ [= * 4242421331 * =] then reject;
if is_mine_dn42() then
ok = false;
if ! is_dn42() then
ok = false;
if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
bgp_large_community.add(informational_rpki_valid);
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
bgp_large_community.add(informational_rpki_unknown);
else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
bgp_large_community.add(informational_rpki_invalid);
ok = false;
}
else
bgp_large_community.add(informational_rpki_not_checked);
return ok;
}
function dn42_export_v4()
bool ok;
{
ok = true;
if ! is_dn42() then
ok = false;
return ok;
}
function dn42_export_v6()
bool ok;
{
ok = true;
if ! is_dn42() then
ok = false;
return ok;
}