mirror of https://codeberg.org/CRXN/docs.git
Merge pull request 'update docs for interconnection' (#41) from mark22k/crxn-docs:interconnection into master
Reviewed-on: https://codeberg.org/CRXN/docs/pulls/41
This commit is contained in:
commit
7d7b0cbd45
|
@ -1,6 +1,6 @@
|
||||||
|
|
||||||
# Implement max-len filter
|
# Implement max-len filter
|
||||||
|
|
||||||
To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `babeld`, you will get a babeld-compatible list.
|
To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `babeld with-deny`, you will get a babeld-compatible list. The list includes rules to accept all maxlen-valid prefixes and filter all other CRXN prefixes.
|
||||||
|
|
||||||
This list can now be inserted into the configuration file instead of `in ip fd00::/8 le 64 ge 44 allow`. It is recommended to automate this process.
|
This list can now be saved in the configuration file before `in ip fd00::/8 le 64 ge 44 allow`. It is recommended to automate this process.
|
||||||
|
|
|
@ -1,23 +1,33 @@
|
||||||
|
|
||||||
# Implement max-len filter
|
# Implement max-len filter
|
||||||
|
|
||||||
To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `bird`, you will get a bird-compatible list.
|
To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length and a list with the prefixes without maxlen to distinguish if the prefix belongs to CRXN or to dn42. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `bird`, you will get a bird-compatible list with the maximum lengths. If you run the script with the `bird prefix-list` parameter, you will get a prefix list without the maximum lengths.
|
||||||
|
|
||||||
```
|
```
|
||||||
define CRXN_IPs = [
|
define CRXN_IPs = [
|
||||||
include "<path-to-file>";
|
include "<path-to-file-1>";
|
||||||
|
];
|
||||||
|
|
||||||
|
define CRXN_MAXLEN = [
|
||||||
|
include "<path-to-file-2>";
|
||||||
];
|
];
|
||||||
|
|
||||||
function is_crxn_net() {
|
function is_crxn_net() {
|
||||||
return net ~ CRXN_IPs;
|
return net ~ CRXN_IPs;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function is_maxlen_valid() {
|
||||||
|
return net ~ CRXN_MAXLEN;
|
||||||
|
}
|
||||||
```
|
```
|
||||||
This bird configuration can be used to load the file. You have to replace `<path-to-file>` with the path of the filter file. The function `is_crxn_net` then checks whether a route complies with the rules or not.
|
This bird configuration can be used to load the file. You have to replace `<path-to-file-1>` with the path of the filter file without maximum lengths and `<path-to-file-2>` with the path of the filter file with maximum lengths. Function `is_crxn_net` then checks if the prefix belongs to the CRXN network and function `is_maxlen_valid` then checks if the prefix is maxlen-valid.
|
||||||
|
|
||||||
```
|
```
|
||||||
if (! is_crxn_net() ) then {
|
if (is_crxn_net() && (! is_maxlen_valid())) then {
|
||||||
print "[CRXN] Invalid crxn route: ", net;
|
print "[CRXN] Invalid crxn route: ", net;
|
||||||
reject;
|
reject;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
This configuration can then be added to your import filter before 'accept'. The line with `print` is optional. If you leave this line, every hjack attempt will be logged in the bird log output.
|
This instruction checks whether a prefix belongs to the CRXN network and then whether the prefix is maxlen-valid. If it is not maxlen-valid, it is filtered and a message is issued.
|
||||||
|
|
||||||
|
This configuration can then be added to your import filter before `accept`. The line with `print` is optional. If you leave this line, every hjack attempt will be logged in the bird log output.
|
||||||
|
|
Loading…
Reference in New Issue