Page 1 of 1

Filters in iBGP v7 loopback

Posted: Fri Jan 12, 2024 3:20 pm
by tomog
hello, can anyone check the correctness of the filters ? v7 version for iBGP

after the internal ip address works, does not work after the external one

on v6 version works correctly

0 X ;;; KATOWICE 205 Slave
chain=IN-iBGP1
rule="if (dst in 0.0.0.0/0 && dst-len == 0) { set distance 205; set bgp-local-pref 300; accept; }"

1 X ;;; KATOWICE 190 MASTER
chain=IN-iBGP1
rule="if (dst in 0.0.0.0/0 && dst-len == 0) { set distance 190; set bgp-local-pref 400; accept; }"

2 ;;; KATR
chain=IN-iBGP1
rule="if (dst-len==0 && dst in 0.0.0.0/0) { set distance 190; set bgp-local-pref 400; accept; }"

3 chain=IN-iBGP1 rule="reject"

4 chain=OUT-iBGP1 rule="if (dst-len>30 && dst-len<32 && dst in IP ADRESS) { reject }"

5 chain=OUT-iBGP1 rule="if (dst-len==32 && dst in IP adress ) { accept }"

6 chain=OUT-iBGP1 rule="if (dst-len==32 && dst in IP ADRESS) { accept }"

7 chain=OUT-iBGP1 rule="reject;"

8 X chain=OUT-iBGP1 rule="if (dst in IP ADRESS/31 && dst-len in 30-32) { reject; }"

9 X chain=OUT-iBGP1 rule="if (dst in IP ADRESS/24 && dst-len == 32) { accept; }"

10 X chain=OUT-iBGP1 rule="if (dst in IP ADRESS0/24 && dst-len == 32) { accept; }"

11 X ;;; WAR
chain=IN-iBGP2
rule="if (dst in 0.0.0.0/0 && dst-len == 0) { set distance 190; set bgp-local-pref 400; accept; }"

12 X ;;; WARSZAWA 205 Slave
chain=IN-iBGP2
rule="if (dst in 0.0.0.0/0 && dst-len == 0) { set distance 205; set bgp-local-pref 300; accept; }"

13 ;;; WARSZAWA 205 Slave
chain=IN-iBGP2
rule="if (dst-len==0 && dst in 0.0.0.0/0) { set distance 205; set bgp-local-pref 300; accept; }"

14 chain=IN-iBGP2 rule="reject;"

15 chain=OUT-iBGP2 rule="if (dst-len>30 && dst-len<32 && dst in IP ADRESS/31) { reject }"

16 chain=OUT-iBGP2 rule="if (dst-len>30 && dst-len<32 && dst in IP ADRESS/31) { accept }"

17 chain=OUT-iBGP2 rule="if (dst-len==32 && dst in IP ADRESS/24) { accept }"

18 X chain=OUT-iBGP2 rule="if (dst in IP ADRESS31 && dst-len in 30-32) { reject; }"

19 X chain=OUT-iBGP2 rule="if (dst in IP ADRESS24 && dst-len in 30-32) { accept; }"

20 X chain=OUT-iBGP2 rule="if (dst in IP ADRESS/24 && dst-len == 32) { accept; }"

21 chain=IN-IBGP-NAT rule="if (dst in IP ADRESS/8 && dst-len in 8-32) { accept; }"

22 chain=IN-IBGP-NAT rule="if (dst in IP ADRESS/16 && dst-len in 16-32) { accept; }"

23 chain=IN-IBGP-NAT rule="if (dst in IP ADRESS/10 && dst-len in 10-32) { accept; }"

24 chain=IN-IBGP-NAT rule="if (dst in IP ADRESS/12 && dst-len in 12-32) { accept; }"

25 chain=IN-IBGP-NAT rule="if (dst in IP ADRESS/16 && dst-len in 16-32) { accept; }"

26 chain=IN-IBGP-NAT rule="reject;"

27 chain=OUT-IBGP-NAT rule="if (dst in IP ADRESS/8 && dst-len in 8-32) { accept; }"

28 chain=OUT-IBGP-NAT rule="if (dst in IP ADRESS16 && dst-len in 16-32) { accept; }"

29 chain=OUT-IBGP-NAT rule="if (dst in IP ADRESS/10 && dst-len in 10-32) { accept; }"

30 chain=OUT-IBGP-NAT rule="if (dst in IP ADRESS/12 && dst-len in 12-32) { accept; }"

31 chain=OUT-IBGP-NAT rule="if (dst in IP ADRESS/16 && dst-len in 16-32) { accept; }"

32 chain=OUT-IBGP-NAT rule="reject;"