[Babel-users] CRXN/DN42: interconnecting overlay networks with Babel and BGP

Marek Küthe m.k at mk16.de
Mon Feb 20 14:58:44 GMT 2023 

The bird filter engine is clearly more complex and diverse. I have now
solved the problem (at least partially) with the following filters:
```
redistribute ip fd5c:3e37:2666:ea00::/56 eq 56 allow
redistribute local deny
redistribute deny

in ip fd5c:3e37:2666:ea00::/56 deny

in ip fd5c:3e37:2666::/48 le 56 allow
in ip fd5c:3e37:2666::/48 deny
in ip fd92:58b6:2b2::/48 le 48 allow
in ip fd92:58b6:2b2::/48 deny
in ip fd08:8441:e254::/48 le 64 allow
in ip fd08:8441:e254::/48 deny
in ip fd40:aa42:4f39::/48 le 64 allow
in ip fd40:aa42:4f39::/48 deny
in ip fd96:cd8b:f25d::/48 le 64 allow
in ip fd96:cd8b:f25d::/48 deny
in ip fda2:a9b0:a02b::/48 le 64 allow
in ip fda2:a9b0:a02b::/48 deny
in ip fdae:d3e4:83e4::/48 le 64 allow
in ip fdae:d3e4:83e4::/48 deny
in ip fdc2:9471:e3ba::/48 le 64 allow
in ip fdc2:9471:e3ba::/48 deny
in ip fdd2:cbf2:61bd::/48 le 64 allow
in ip fdd2:cbf2:61bd::/48 deny
in ip fdf1:1dc1:f54d::/48 le 64 allow
in ip fdf1:1dc1:f54d::/48 deny
in ip fd96:21ef:a9ba::/48 le 64 allow
in ip fd96:21ef:a9ba::/48 deny
in ip fdd4:975c:1440::/48 le 64 allow
in ip fdd4:975c:1440::/48 deny
in ip fda7:3ae7:e04d::/64 le 64 allow
in ip fda7:3ae7:e04d::/64 deny

in ip fd00::/8 le 64 ge 44 allow

in deny
```
If it is a CRXN prefix, the maxlen is checked and the prefix is
accepted or filtered accordingly. For non-CRXN prefixes it is only
checked if they are between /64 and /44. If so, they are also accepted.
The problem here is that now non-CRXN and non-dn42 routes can be
propagated and they are not filtered. The only possibility would be to
extend the babeld configuration file by 3000 lines accordingly. Hence
my question some time ago at the Mailling list if there is some kind of
"include" statement in babeld.

On Sun, 19 Feb 2023 15:53:03 +0100
Juliusz Chroboczek <jch at irif.fr> wrote:

> https://mk16.de/blog/the-crxn-dn42-interconnection-is-up/
> 
> Interestingly, the two networks use overlapping prefixes, which requires
> enumerating hundreds of prefixes in their filters.  This is a case where
> BIRD's support for Babel is likely to be useful: babeld's filtering
> engine is simply not designed for large numbers of filtering rules.
> 
> -- Juliusz
> 
> _______________________________________________
> Babel-users mailing list
> Babel-users at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users


-- 
Marek Küthe
m.k at mk16.de
er/ihm he/him
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20230220/4a91419d/attachment.sig>

More information about the Babel-users mailing list