Understanding route-map rules from a BIRD perspective

Hey, currently configuring a VyOS based BGP Router.

Sort of confused how the rules are supposed to work. I’m used to the accept/reject from BIRD, but not sure how to do the equivalent of reject.
IE I have a as-path filter, and I want to reject anything that isn’t in there.

I guess I can do something like “on-match goto 1000” and then make rule 1000 action permit?
But for on-match to work, do I still need action permit?
Is there some more elegant way to do this?

Route-maps have an implicit deny, so if you have a single rule with action permit, matching on that as-path filter, then anything not matching it will be denied.

Thanks, I have several rules behind each other, first matches a as-path rule, then check RPKI, etc.
So if the as-path doesn’t match, I want it to reject as it COULD match RPKI and then go through.

For RPKI I have the same thing, if it is valid, then allow it to go to the next rule, otherwise reject.
Luckily for RPKI I can do match rpki invalidaction deny. But for as-path it’s harder.

Gotcha, so I assume you only want to allow NLRIs with a match on the as-path, and drop everything else. If it does match that as-path, you want to do further processing. For that, you’d just have something like this for your first 2 rules:

set policy route-map BGP_RM_IN rule 10 action 'permit'
set policy route-map BGP_RM_IN rule 10 match as-path 'someaspath'
set policy route-map BGP_RM_IN rule 10 on-match goto 1000
set policy route-map BGP_RM_IN rule 20 action 'deny'

Everything matching the as-path will hit on rule 10, and be sent to rule 1000 for further processing. If they don’t have that as-path in their as-path, then they hit rule 20, which denies the prefixes.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.