pierky / arouteserver

A tool to automatically build (and test) feature-rich configurations for BGP route servers.
https://arouteserver.readthedocs.org/
GNU General Public License v3.0
288 stars 46 forks source link

Honor PeeringDB info_never_via_route_servers flag #55

Closed job closed 4 years ago

job commented 4 years ago

Since a few days PeeringDB has a special flag info_never_via_route_servers that network operators can use to indicate that any route announcements containing their ASN anywhere in the AS_PATH propagated via route servers, should be rejected.

PeeringDB feature description: https://github.com/peeringdb/peeringdb/issues/394

Example of an ASN that marked itself as 'never via route servers' https://www.peeringdb.com/api/net?asn=2914

All ASNs that marked themselves as info_never_via_route_servers = True should be added to the cfg.filtering.transit_free configuration leaf.

Arouteserver should honor this flag by default

pierky commented 4 years ago

WIP - dev branch, https://github.com/pierky/arouteserver/commit/b220acb842e636cb4101c81e79692696e60fbbfc

job commented 4 years ago

I tested the code, works well for YYCIX!

allow quick from 2001:504:2f::852:1 AS { 174, 209, 286, 577, 701, 1239, 1299, 2828, 2914, 3257, 3320, 3356, 3549, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set { localpref 1 community delete NO_ADVERTISE ext-community delete $INTCOMM_PREF_OK_ROA ext-community delete $INTCOMM_ROUTE_OK_WL ext-community delete $INTCOMM_PREF_OK_ARINDB ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB ext-community delete $INTCOMM_ORIGIN_OK ext-community delete $INTCOMM_ORIGIN_KO ext-community delete $INTCOMM_PREFIX_OK ext-community delete $INTCOMM_PREFIX_KO ext-community delete $INTCOMM_IRR_REJECT ext-community delete $INTCOMM_RPKI_UNKNOWN ext-community delete $INTCOMM_RPKI_INVALID ext-community delete $INTCOMM_RPKI_VALID ext-community delete $INTCOMM_NO_EXPORT ext-community delete $INTCOMM_NO_ADVERTISE large-community 53339:9:0 large-community 53339:9:8}