filter/test_bgp_filtering.conf

   1 router id 62.168.0.1;
   2
   3 function net_martian()
   4 {
   5   return net ~ [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+,
   6     127.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ];
   7 }
   8
   9 function net_local()
  10 {
  11   return net ~ [ 12.10.0.0/16+, 34.10.0.0/16+ ];
  12 }
  13
  14 function rt_import(int asn; int set peer_asns; prefix set peer_nets)
  15 {
  16   if ! (net ~ peer_nets) then return false;
  17   if ! (bgp_path.last ~ peer_asns) then return false;
  18   if bgp_path.first != asn then return false;
  19   if bgp_path.len > 64 then return false;
  20   if bgp_next_hop != from then return false;
  21   return true;
  22 }
  23
  24 function rt_import_all(int asn)
  25 {
  26   if net_martian() || net_local() then return false;
  27   if bgp_path.first != asn then return false;
  28   if bgp_path.len > 64 then return false;
  29   if bgp_next_hop != from then return false;
  30   return true;
  31 }
  32
  33 function rt_import_rs(int asn)
  34 {
  35   if net_martian() || net_local() then return false;
  36   if bgp_path.len > 64 then return false;
  37   return true;
  38 }
  39
  40 function rt_export()
  41 {
  42   if proto = "static_bgp" then return true;
  43   if source != RTS_BGP then return false;
  44   if net_martian() then return false;
  45   if bgp_path.len > 64 then return false;
  46   # return bgp_next_hop ~ [ 100.1.1.1, 100.1.1.2, 200.1.1.1 ];
  47   return bgp_path.first ~ [ 345, 346 ];
  48 }
  49
  50
  51 function rt_export_all()
  52 {
  53   if proto = "static_bgp" then return true;
  54   if source != RTS_BGP then return false;
  55   if net_martian() then return false;
  56   if bgp_path.len > 64 then return false;
  57   return true;
  58 }
  59
  60 filter bgp_in_uplink_123
  61 {
  62   if ! rt_import_all(123) then reject;
  63   accept;
  64 }
  65
  66 filter bgp_out_uplink_123
  67 {
  68   if ! rt_export() then reject;
  69   accept;
  70 }
  71
  72
  73 filter bgp_in_peer_234
  74 {
  75   if ! rt_import(234, [ 234, 1234, 2345, 3456 ],
  76         [ 12.34.0.0/16, 23.34.0.0/16, 34.56.0.0/16 ])
  77   then reject;
  78   accept;
  79 }
  80
  81 filter bgp_out_peer_234
  82 {
  83   if ! rt_export() then reject;
  84   accept;
  85 }
  86
  87 filter bgp_in_rs
  88 {
  89   if ! rt_import_rs(bgp_path.last) then reject;
  90   accept;
  91 }
  92
  93 filter bgp_out_rs
  94 {
  95   if ! rt_export() then reject;
  96   accept;
  97 }
  98
  99
 100 filter bgp_in_client_345
 101 {
 102   if ! rt_import(345, [ 345 ], [ 34.5.0.0/16 ]) then reject;
 103   accept;
 104 }
 105
 106 filter bgp_out_client_345
 107 {
 108   if ! rt_export_all() then reject;
 109   accept;
 110 }
 111
 112
 113