route-set + IPv6 and filter-set bug
nick at inex.ie
Thu Jul 15 14:54:50 UTC 2010
On 15/07/2010 01:41, Nick Hilliard wrote:
> Unfortunately, if the whois server
> doesn't support returning mp-filter objects, then there's not a whole lot
> that irrtoolset can do to work around it.
Ok, I'm lying. Actually it can. If you instruct rtconfig to use ripe
syntax when querying the whois server, it will fix this particular problem.
> cupcake% ./rtconfig -protocol ripe
> rtconfig> @RtConfig access_list filter afi ipv6 RS-TELESA-SCW
> no ipv6 access-list ipv6-100
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE::/48 any
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE::/49 any
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE:8000::/49 any
> ipv6 access-list ipv6-100 deny any any
> rtconfig> @RtConfig access_list filter afi ipv4 RS-TELESA-SCW
> no access-list 100
> access-list 100 permit ip 22.214.171.124 0.0.1.0 255.255.254.0 0.0.1.0
> access-list 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
However, you should be aware that if you do this, you may run into protocol
compatibility problems, and you will certainly run into one of the major
draw-backs of the RIPE whois server, which is that it doesn't perform
server-side object set expansion.
If your route-sets and as-sets are small, this is not a problem. If they
are huge, it's a show-stopper.
More information about the irrtoolset