rpki delete

This commit is contained in:
root 2025-02-25 00:47:03 +00:00
parent ba816e155a
commit 4cd6757a79

View File

@ -22,24 +22,24 @@ roa4 table r4; # ROA RPKI
# RPKI # RPKI
# See: https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/ # See: https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/
protocol rpki { #protocol rpki {
roa4 { table r4; }; # roa4 { table r4; };
{{ range files "bird/rpki/hosts" }} # {{.}} # {{ range files "bird/rpki/hosts" }} # {{.}}
{{ file (print "bird/rpki/hosts/" .) }} # {{ file (print "bird/rpki/hosts/" .) }}
{{ end }} # {{ end }}
# Time period in seconds between a failed query the next attempt # Time period in seconds between a failed query the next attempt
retry keep ${bgp_rpki_retry:-90}; # retry keep ${bgp_rpki_retry:-90};
# Tells how long to wait before attempting to poll the cache # Tells how long to wait before attempting to poll the cache
refresh keep ${bgp_rpki_refresh:-900}; # refresh keep ${bgp_rpki_refresh:-900};
# How long to keep any records locally cached before they are deleted # How long to keep any records locally cached before they are deleted
# The "refresh" interval will control how often records are refreshed # The "refresh" interval will control how often records are refreshed
# and not considered expired. # and not considered expired.
expire keep ${bgp_rpki_expire:-172800}; # expire keep ${bgp_rpki_expire:-172800};
} #}
# Filters # Filters
# Define a series of filters for Lixonet routing policies: # Define a series of filters for Lixonet routing policies:
@ -57,9 +57,9 @@ protocol rpki {
# ROA_UNKNOWN if there is no relevant ROA, ROA_VALID if there is # ROA_UNKNOWN if there is no relevant ROA, ROA_VALID if there is
# a matching ROA, or ROA_INVALID if there are some relevant ROAs # a matching ROA, or ROA_INVALID if there are some relevant ROAs
# but none of them match. # but none of them match.
function is_rpki_invalid_v4 () { #function is_rpki_invalid_v4 () {
return roa_check(r4, net, bgp_path.last_nonaggregated) = ROA_INVALID; # return roa_check(r4, net, bgp_path.last_nonaggregated) = ROA_INVALID;
} #}
# Returns TRUE if the given tested network is the exact global network prefix for # Returns TRUE if the given tested network is the exact global network prefix for
# Lixonet. Used to filter the "unreachable" static route we typically static. # Lixonet. Used to filter the "unreachable" static route we typically static.