search

pierky / arouteserver

A tool to automatically build (and test) feature-rich configurations for BGP route servers.
https://arouteserver.readthedocs.org/
GNU General Public License v3.0
284 stars 46 forks source link

Use `as-set` table instead of { } list for never_via_routeserver #90

Closed job closed 2 years ago

job commented 2 years ago

Currently arouteserver generates snippets like these:

deny quick from 172.16.255.30 AS { 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3265, 3292, 3320, 3491, 3630, 3754, 5511, 6079, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 17451, 17665, 18520, 19151, 20115, 20161, 23888, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 39967, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 51095, 51530, 52946, 52973, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 62164, 62567, 62623, 63290, 131398, 132996, 133317, 134022, 135848, 136106, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141120, 141134, 141411, 141856, 141892, 142369, 146958, 202561, 202793, 207353, 207484, 209699, 210777, 212706, 212953, 213202, 262191, 262311, 262888, 263258, 263328, 263686, 263856, 263945, 263980, 264212, 264424, 265336, 265630, 267026, 267214, 267373, 267442, 268091, 268772, 268872, 268952, 269156, 269287, 269367, 269512, 269535, 269574, 269654, 269906, 270407, 270544, 270653, 270781, 270796, 270828, 271053, 271172, 271200, 271203, 328445, 328572, 328582, 328748, 328959, 393573, 393684, 396477, 399338 }

There likely are performance implications resulting from this approach, might be better to use an as-set https://man.openbsd.org/bgpd.conf#as-set

as-set neverviarouteserver { 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3265, 3292, 3320, 3491, 3630, 3754, 5511, 6079, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 17451, 17665, 18520, 19151, 20115, 20161, 23888, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 39967, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 51095, 51530, 52946, 52973, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 62164, 62567, 62623, 63290, 131398, 132996, 133317, 134022, 135848, 136106, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141120, 141134, 141411, 141856, 141892, 142369, 146958, 202561, 202793, 207353, 207484, 209699, 210777, 212706, 212953, 213202, 262191, 262311, 262888, 263258, 263328, 263686, 263856, 263945, 263980, 264212, 264424, 265336, 265630, 267026, 267214, 267373, 267442, 268091, 268772, 268872, 268952, 269156, 269287, 269367, 269512, 269535, 269574, 269654, 269906, 270407, 270544, 270653, 270781, 270796, 270828, 271053, 271172, 271200, 271203, 328445, 328572, 328582, 328748, 328959, 393573, 393684, 396477, 399338 }

deny quick from 172.16.255.30 AS as-set neverviarouteserver

This approach would make the configuration smaller, and the filter processing hopefully faster because as-set is optimized

pierky commented 2 years ago

Hi @job, thanks for pointing this out.

I've just pushed a new commit that should take this improvement into account. CI/CD is running, if everything goes well 1.12.0-alpha3 should be out in a hour or so. Just in case you wanna give it a try, instructions on how to install pre-releases can be found here: https://arouteserver.readthedocs.io/en/latest/INSTALLATION.html#development-and-pre-release-versions

Thanks.

pierky commented 2 years ago

@job, a new release is out, it includes the improvement. Thanks for the suggestion!