I use a mixture of BGP communities and prefix lists and it scales very well for me . Rgds Peter, Sent from my Asus Transformer Pad On Dec 12, 2012 3:24 AM, "Dan Luedtke" <mail@danrl.de> wrote:
Hi NANOGers,
tl;dr What is the best practice for filtering a large number of prefixes at an internet exchange?
Yesterday I ran into problems while writing new filtering rules for my peerings at a local Exchange. My workflow probably has a flaw, although it works fine for IPv6 (well, less prefixes there).
After the physical link was set up I startet a BGP session with the route server of the exchange. A few minutes later some other AS imported my prefix, e.g. those listed at HE[1]. I guess they filtered "less strict" :) The next day the exchange's route server administrator added my AS-SET to the AS-SET of the route server.
--- snip RIPE DB --- as-set: AS-KLEYREX-RS1 descr: KleyReX Internet Exchange Frankfurt [...] members: AS-NONATTACHED --- snap ---
A few days have passed since then but the number of peers has not increased as expected. Is this normal? My mp-* entries look like this:
--- snip RIPE DB --- aut-num: AS57821 as-name: NONATTACHED-AS [...] mp-import: afi ipv4.unicast from AS31142 accept AS-KLEYREX-RS1 mp-export: afi ipv4.unicast to AS31142 announce AS-NONATTACHED --- snap ---
Yesterday I thought about importing the route servers prefixes and, of course, to filter them. Using rtconfig[2] I created a filter for BIRD[3] like this:
--- snip bird.conf --- if (prefix_too_long()) then reject; @rtconfig printPrefixes "if (net ~ [ %p/%l+ ]) then accept;\n" filter AS-KLEYREX-RS1 reject; --- snap ---
This takes about 10-20 minutes and results in an very large config file constiting of hundreds of prefixes in IPv4. The same config file for IPv6 would be smaller. However, legacy protocol IPv4 is not yet dead so I need to filter it somehow. BIRD sometimes segfaults when it is advised to read those large filters.
So, here's the question: How do you filter at exchanges? Where is the error in my workflow? Is strict route filtering a myth?
Thanks for helping!
Dan
[1] http://bgp.he.net/AS57821#_peers [2] http://irrtoolset.isc.org/wiki/RtConfig [3] http://bird.network.cz