[54813] in North American Network Operators' Group
As-Path filtering based on ranges, not regex
daemon@ATHENA.MIT.EDU (Vincent Gillet)
Fri Jan 17 10:51:17 2003
Date: Fri, 17 Jan 2003 16:45:24 +0100
From: Vincent Gillet <vgi@zoreil.com>
To: nanog@merit.edu
In-Reply-To: <sc42b6e6.090@gw.ardsley.com>
Errors-To: owner-nanog-outgoing@merit.edu
Hi,
I would like to filter bgp updates based on AS origin.
I know that i can match origin with regex as :
_1239$
In fact, i would like to match as-path that originate from
ASes from 856 to 1239.
pseudo regex would be something like : _[856..1239]$
Juniper has this feature. Cisco does not AFAIK.
Purpose is try matching AS originated from Ripe/Apnic blocks.
The only way to do that would be to use many as-path
that match each digits :-((
This is the way i already do to match bogus ASes :
ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
This is not very nice.
For Juniper :
as-path PRIVATE-DENY ".* (64512-65535) .*";
This is much clearer.
Does anybody heard about "as-range" feature on Cisco box ?
Thanks
Vincent.
