No BGP-Communities-Based filtering

Our older Quagga route servers were only capable of filtering based on attached communities, which did not provide a lot of flexibility in choosing one's desired peers. While moving to OpenBGPD initially and carrying over with BIRD, we switched to IRRdb-based filtering, which provides more flexibility with regard to imported and exported routes, as well as the possibility of asymmetric filtering. Please read the following chapter on IRRdb-based filtering for your configuration options. This also means that absolutely no configuration needs to be done on your equipment in regards to BGP communities; after you update your aut-num object with the appropriate entries, our parser script will pick it up and apply the necessary configuration on the route servers.

IRRdb-Based Filtering examples


ANY 
Send and receive prefixes to/from any RS participant:
aut-num: AS1200
descr: Amsterdam Internet Exchange (AMS-IX) 
[...] 
import:       from AS6777 accept ANY 
export:       to AS6777 action community .= { 6777:6777 }; announce AS1200 
[...]


ANY except 
Send and receive prefixes to/from any RS participant EXCEPT AS1103 & AS12859:
aut-num: AS1200 
descr: Amsterdam Internet Exchange (AMS-IX) 
[...] 
import:       from AS6777 accept ANY AND NOT <^[AS1103 AS12859]> 
export:       to AS6777 action community .= { 6777:6777, 6777:1103, 6777:12859 };
                               announce AS1200 
[...]


RESTRICTIVE 
Send and receive prefixes ONLY to/from AS15703 :
aut-num: AS1200 
descr: Amsterdam Internet Exchange (AMS-IX) 
[...] 
import:       from AS6777 accept <^AS15703> 
export:       to AS6777 action community .= { 6777:15703 }; announce AS1200 
[...]

We honor separate policies for IPv4 and IPv6, should you have distinct mp-{import,export} attributes. In cases where both IPv4 and IPv6 sessions exist but only a IPv4 policy is described in your relevant object, it is also applied for the IPv6 sessions.


"EXPORT TO ANY" community tag 6777:6777

The presence of the community tag 6777:6777 signifies that you want to export your prefixes to ALL route-server's members, EXCEPT those you specify in another community tag. The tag can be placed anywhere within the export clause (it does not need to be the first). The presence of the community tag 6777:6777 signifies that you want to export your prefixes to ALL route-server's members, EXCEPT those you specify in another community tag. The tag can be placed anywhere within the export clause (it does not need to be the first). If our parser do not see 6777:6777 in your export policy, the implication is you only EXPORT to the networks that you specify with the list of community tags.

Using AS-SET objects for filtering

AS-SETs can be used in the import/export rules as well. Relevant objects for participating peers in the Route Server project are grouped into these AS-SETs:

Relevant objects for participating peers in the Route Server project are grouped into these AS-SETs: AS-AMS-IX-RS (list of connected peers), AS-AMS-IX-RS-SETS (list of advertised AS-SETs), AS-AMS-IX-RS-V6 (list of connected IPv6 peers) and AS-AMS-IX-RS-SETS-V6 (list of advertised AS-SETs for IPv6 peers)

.