Bird 1.6: The Unofficial Guide

We all know the lovely routing daemon called Bird. However, the official documentation can be a bit lacking and daunting. Here’s my collection of useful examples

Useful links

Useful commands

Show Tier 1 in path

bird> show route where bgp_path ~ [ 174, 209, 701, 702, 1239, 1299, 2914, 3257, 3320, 3356, 3549, 3561, 4134, 5511, 6453, 6461, 6762, 7018 ]

Shows all routes with Tier 1 ASNs in AS_PATH (adapted from here). Useful in combination with the “protocol <xyz>” filter to check whether your peering partner leaks transit routes.

Exact path matching

bird> show route where bgp_path ~ [= 174 60068 =] all

Shows all routes where the AS_PATH is exactly “174 60068”. Will not match “1234 174 60068” or “174 60068 1234”.

Path matching “starts with”

bird> show route where bgp_path ~ [= 174 60068 * =] all

Shows all routes where the AS_PATH starts with “174 60068”. Will not match “1234 174 60068”. Will match “174 60068 1234”.

Path matching “ends with”

bird> show route where bgp_path ~ [= * 174 60068 =] all

Shows all routes where the AS_PATH ends with “174 60068”. Will not match “174 60068 1234”. Will match “1234 174 60068”.

Path matching “contains”

bird> show route where bgp_path ~ [= * 174 60068 * =] all

Shows all routes where the AS_PATH contains “174 60068”. Will match “174 60068 1234”, “1234 174 60068”, “1234 174 60068 1234”.

Paths with a specific BGP next hop

bird> show route where bgp_path_nexthop = 1.2.3.4 all

Show all routes where the BGP.next_hop points at 1.2.3.4

Example configurations

BGP communities

Adding new extended and large communities:

bgp_ext_community.add((rt,1234,567890));
bgp_large_community.add((123,456,789));

Matching on extended and large communities:

if ((123, 456, 789) ~ bgp_large_community) then ...;
if ((rt, 1234, 567890) ~ bgp_ext_community) then ...;

Stripping BGP large communities with wildcards:

bgp_large_community.delete([(123456, *, *)]);

Peering sanity

Rejecting RPKI invalid routes:

roa table master;
if roa_check(master, net, bgp_path.last) = ROA_INVALID then {
    print "Reject: INVALID RPKI route: ", net, " ", bgp_path;
    reject;
}

Don’t import routes which would be unreachable:

if dest = RTD_UNREACHABLE then reject;

Enforcing that peers don’t strip their ASN out of the path (6939 is an example peer ASN):

if (bgp_path.first != 6939) then reject;

Preventing overly long AS_PATHs:

if bgp_path.len > 64 then reject;

 

 

1 Comment

Add yours

  1. Great!

    I would add this: CLI command for finding all prefixes with a given large community:

    To find matching: 64496:1000:1

    show route where (bgp_large_community ~ [(64496, 1000, 1)])

    or for a specific table:

    show route table table_name where (bgp_large_community ~ [(64496, 1000, 1)])

Leave a Reply...