Archive for the ‘IP Network’ Category

0242 | bgp route-map processing flow

Monday, February 10th, 2020 Posted in IP Network | No Comments »

จดกันลืม

  • list รายการ prefix แล้วส่งไปตรวจสอบกับ route-map ว่ามี match รึเปล่า

ตัวอย่าง

2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1000, prefix: 192.0.2.0/24, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1010, prefix: 192.0.2.0/24, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1020, prefix: 192.0.2.0/24, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1030, prefix: 192.0.2.0/24, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, prefix: 192.0.2.0/24, result: deny
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1000, prefix: 192.0.2.2/32, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1010, prefix: 192.0.2.2/32, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1020, prefix: 192.0.2.2/32, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1030, prefix: 192.0.2.2/32, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, prefix: 192.0.2.2/32, result: deny
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1000, prefix: 10.24.0.0/22, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1010, prefix: 10.24.0.0/22, result: no match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, sequence: 1020, prefix: 10.24.0.0/22, result: match
2020/02/10 12:45:34 BGP: Route-map: v4-test-out, prefix: 10.24.0.0/22, result: permit

ref: https://github.com/FRRouting/frr/blob/master/lib/routemap.c

0234 | named allow recursion query for only specific zone

Thursday, October 18th, 2018 Posted in IP Network, Linux, Misc | No Comments »

first> define dummy ip address (e.g. 192.0.2.1) set it to loopback interface

ip addr add 192.0.2.1/32 dev lo

second> named configuration:

  • define acl for blackhole query to the dummy ip address defined
acl acl_blackhole { 192.0.2.1; };
  • declare view for blackhole dns request
view blackhole {
    match-destinations { acl_blackhole; };
    recursion no;
}
  • declare default view for accepting the query. recursion should be yes for allowing the query
view default {
    recursion yes;
    forward only;
    forwarders { 192.0.2.1; }; # by default forward to blackhole

    zone "example.com." IN {
        type forward;
        forward only;
        #  specify your real recursion dns server here
        forwarders { 1.0.0.1; 1.1.1.1; }; 
    }
}