route-set + IPv6 and filter-set bug

Nick Hilliard nick at inex.ie
Thu Jul 15 14:54:50 UTC 2010


On 15/07/2010 01:41, Nick Hilliard wrote:
> Unfortunately, if the whois server
> doesn't support returning mp-filter objects, then there's not a whole lot
> that irrtoolset can do to work around it.

Ok, I'm lying. Actually it can.  If you instruct rtconfig to use ripe 
syntax when querying the whois server, it will fix this particular problem.

> cupcake% ./rtconfig  -protocol ripe
> rtconfig> @RtConfig access_list filter afi ipv6 RS-TELESA-SCW
> !
> no ipv6 access-list ipv6-100
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE::/48 any
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE::/49 any
> ipv6 access-list ipv6-100 permit 2001:1294:CAFE:8000::/49 any
> ipv6 access-list ipv6-100 deny any any
> rtconfig> @RtConfig access_list filter afi ipv4 RS-TELESA-SCW
> !
> no access-list 100
> access-list 100 permit ip 189.89.8.0   0.0.1.0   255.255.254.0   0.0.1.0
> access-list 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
> rtconfig>

However, you should be aware that if you do this, you may run into protocol 
compatibility problems, and you will certainly run into one of the major 
draw-backs of the RIPE whois server, which is that it doesn't perform 
server-side object set expansion.

If your route-sets and as-sets are small, this is not a problem.  If they 
are huge, it's a show-stopper.

Nick



More information about the irrtoolset mailing list