RtConfig in IRRToolset v5.0.0

Bruce Morgan Bruce.Morgan at aarnet.edu.au
Thu Apr 8 02:48:31 UTC 2010


Hi Nick,

The issue with expanding AS-4739 was user error.

With the ipv6 expressions I get the same result using RtConfig 4.8.5 as with
5.0.0

The expression afi ipv6 unicast accept AS6262^64
returns: ipv6 prefix-list ipv6-pl100 permit 2405:B000::/32
Instead of ipv6 prefix-list ipv6-pl100 permit 2405:B000::/32 le 64
While accept AS6262^0-64 or even accept AS6262^32-64
returns Warning: filter matches ANY/NOT ANY

In IPv4 land accept AS6262^32 returns
no ip prefix-list pl100
ip prefix-list pl100 permit 130.116.0.0/16 ge 32 le 32
Etc, etc
While accept AS6262^0-24 returns
ip prefix-list pl100 permit 130.116.0.0/16 le 24
Etc, etc ... All good.

Also should be able to filter on incoming boundaries but this appears not to
be the case with afi ipv6.unicast. RtConfig just goes away for a very long
time. 

While "afi ipv6.unicast from AS6262 accept { 0.0.0.0/0^0-24}" produces a
somewhat convoluted prefix list:
ip prefix-list pl100 permit 0.0.0.0/0 le 3
ip prefix-list pl100 permit 0.0.0.0/1 ge 4 le 24
ip prefix-list pl100 permit 128.0.0.0/2 ge 4 le 24
ip prefix-list pl100 permit 192.0.0.0/3 ge 4 le 24
ip prefix-list pl100 permit 240.0.0.0/4 le 24
ip prefix-list pl100 deny 0.0.0.0/0 le 32
(I ask myself why not just 0.0.0.0/0 le 24? Surely a partial subset of
reserved IPv4 address space has nothing to do with my expression)

"afi ipv6.unicast from AS6262 accept { ::/0^0-48}" just hangs


Regards

Bruce

On 8/04/10 4:41 AM, "Nick Hilliard" <nick at inex.ie> wrote:

> On 07/04/2010 16:57, Bruce Morgan wrote:
>> I¹ve been moving over to IRRToolsetv5 this past week and while the
>> coding is very much improved, I have noticed some strange behaviour.
>> While peval still works fine rtconfig seems to treat the AS-SET AS-4739
>> as empty and returns ANY/NOT ANY on the prefixes. Not sure whether it is
>> parsing it as a non-existent AS rather than an AS-SET. Change the AS-SET
>> to another name, such as AS4739:AS-CUSTOMER and all works fine.
> 
> Hi Bruce,
> 
> Could you post an example here?  I've just checked with some mangled up
> test objects which use import / export and which refer to as-set:
> AS-4739, and it appears to work ok:
> 
>> muffin:/home/nick> cat test.cfg
>> as-set:     AS-4739
>> members:    AS4739, AS4806, AS4851, AS18346, AS9588, AS10213, AS17498,
>> AS23708, AS24037, AS23645, AS7600, AS24098, AS7553, AS9734, AS9795, AS24130,
>> AS9438, AS24013, AS9661, AS24064, AS24500, AS24238, AS24565, AS37990,
>> AS24339, AS38049, AS24557, AS17737, AS38234, AS24553, AS7551, AS20940,
>> AS9290, AS9650, AS10104, AS17732, AS17920, AS23863, AS24438, AS38242,
>> AS38832, AS45137, AS45208, AS45511, AS45534, AS45665, AS38796, AS40009,
>> AS45448, AS45570, AS7699, AS38570, AS38826, AS45797, AS55302, AS23913,
>> AS38883
>> 
>> aut-num:        AS65432
>> import:         from AS4739 192.168.100.39 at 192.168.100.60 accept AS4739
>> muffin:/home/nick> echo '@rtconfig import AS65432 192.168.100.60 AS4739
>> 192.168.100.39' | rtconfig -f test.cfg
> [...]
> 
> I haven't checked this in depth, but the output of this looks roughly
> correct to me.
> 
>> Basically I would like similar policy functionality in IPv6 space as
>> IPv4 but the current rendition of rtconfig doesn¹t want to parse it
>> properly and only returns the original /32 prefix eg
>> 
>> from AS65518 at 2001:388:1::83 action community.append(7575:2131);
>> accept AS6262^0-64 AND <^PeerAS+$>;
> 
> You should probably restrict this expression using "afi ipv6.unicast".
> 
> But the output definitely looks wrong.  Simplified test case:
> 
>> muffin:/home/nick> cat test-ipv4.cfg
>> aut-num:        AS65432
>> mp-import:      afi ipv4.unicast from AS2128 at 192.168.100.60 accept
>> AS2128^0-24
>> muffin:/home/nick> cat test-ipv6.cfg
>> aut-num:        AS65432
>> mp-import:      afi ipv6.unicast from AS2128 at 2001::1 accept AS2128^0-64
>> muffin:/home/nick> cat test-ipv6-nolength.cfg
>> aut-num:        AS65432
>> mp-import:      afi ipv6.unicast from AS2128 at 2001::1 accept AS2128
>> muffin:/home/nick> echo '@rtconfig import AS65432 192.168.100.60 AS2128
>> 192.168.100.28' | rtconfig -f test-ipv4.cfg -cisco_use_prefix_lists
>> muffin:/home/nick> echo '@rtconfig import AS65432 2001::1 AS2128 2001::2' |
>> rtconfig -f test-ipv6.cfg -cisco_use_prefix_lists
>> muffin:/home/nick> echo '@rtconfig import AS65432 2001::1 AS2128 2001::2' |
>> rtconfig -f test-ipv6-nolength.cfg -cisco_use_prefix_lists
> 
> The last rtconfig should return:
> 
>> ipv6 prefix-list ipv6-pl100 permit 2001:7F8:18::/48  le 64
> 
> Instead, it returns "ANY/NOT ANY".
> 
> Do you know if this was this working on 4.8.5?  I don't have a copy to hand.
> 
> Nick
> _______________________________________________
> irrtoolset mailing list
> irrtoolset at lists.isc.org
> https://lists.isc.org/mailman/listinfo/irrtoolset

-- 
street address:  AARNet, POD 3, 20 Dick Perry Ave, Kensington, WA 6151,
Australia 
m. 0408 882 390     t. +61 8 9289 2212      e. bruce.morgan at aarnet.edu.au
w. www.aarnet.edu.au

important 
This email and any files transmitted with it are confidential, and the
rights of confidentiality in such information are not waived or lost by its
mistaken delivery to you.  Any dissemination, copying, use or disclosure of
the email and/or such files without the permission of AARNet, or the sender,
is strictly prohibited.  If you have received this email in error, please
contact the sender immediately and delete all copies of this transmission.






More information about the irrtoolset mailing list