BPGd filter weirdness

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BPGd filter weirdness

bernd-34
Hi misc@,

I have defined a group in bgpd.conf like this:

iBGP_one="12.34.56.78"
iBGP_two="12.34.56.79"

group "iBGP_Peers" {
         remote-as       9876
         neighbor $iBGP_one {
                 descr           iBGP_one
         }
         neighbor $iBGP_two {
                 descr           iBGP_two
         }
         local-address   12.34.56.66
         announce        all
         depend on       em0
}

Now, setting filters using that group does not work; setting filters
based on the individual neighbor's IP address does work.

allow quick from group iBGP_Peers
# this does NOT work

allow quick from 12.34.56.78
allow quick from 12.34.56.79
# works

Running bgpd -nv -f /etc/bgpd.conf shows

allow quick from group iBGP_Peers

and

allow quick from 12.34.56.78
allow quick from 12.34.56.79

respectively. Where's the difference?

Thanks in advance,

Bernd

Reply | Threaded
Open this post in threaded view
|

Re: BPGd filter weirdness

Henning Brauer
* Bernd <[hidden email]> [2012-06-20 09:59]:

> I have defined a group in bgpd.conf like this:
>
> iBGP_one="12.34.56.78"
> iBGP_two="12.34.56.79"
>
> group "iBGP_Peers" {
>         remote-as       9876
>         neighbor $iBGP_one {
>                 descr           iBGP_one
>         }
>         neighbor $iBGP_two {
>                 descr           iBGP_two
>         }
>         local-address   12.34.56.66
>         announce        all
>         depend on       em0
> }
>
> Now, setting filters using that group does not work; setting filters
> based on the individual neighbor's IP address does work.
>
> allow quick from group iBGP_Peers
> # this does NOT work
>
> allow quick from 12.34.56.78
> allow quick from 12.34.56.79
> # works
>
> Running bgpd -nv -f /etc/bgpd.conf shows
>
> allow quick from group iBGP_Peers
>
> and
>
> allow quick from 12.34.56.78
> allow quick from 12.34.56.79
>
> respectively. Where's the difference?

hmm, I am using the group based filters myself a lot and of course
they work just fine.

sure you're not misdiagnosing something here?

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/