[58491] in North American Network Operators' Group
Re: BGP Path Filtering
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Fri May 16 05:02:35 2003
Date: Fri, 16 May 2003 10:01:16 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Mark Radabaugh <mark@amplex.net>
Cc: nanog@merit.edu
In-Reply-To: <004801c31b52$f4994720$086df640@amplex.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 15 May 2003, Mark Radabaugh wrote:
>
> I'm having a hard time finding best practices for filtering outbound bgp
> announcements when providing transit to bgp-speaking customers. While we
> currently multi-home to several providers it appears we will soon need to
> provide transit for customers with their own AS's.
>
> I find lots of references (and understand) the basic
>
> ip as-path access-list 3 permit ^$
>
> and it would seem that should we wish to provide transit for a bgp customer
> AS12345 we would use:
>
> ip as-path access-list 3 permit ^12345$
>
> but I think this breaks if AS12345 prepends their advertisement.
yes it will
> Next up is:
>
> ip as-path access-list 3 permit ^12345_[0-9]$*
>
> Which seems correct to me. Is this still best practice (or even correct)?
no, perhaps you mean ..[0-9]*$ but that still wont allow multiple prepends as it
wont match the space only the numbers
try
ip as-path access-list 3 permit ^(_12345_)+$
which will allow one or more of their as's
ASN is pretty crude tho, consider using a prefix list to filter each prefix and
include length
Steve
>
> Mark Radabaugh
> Amplex
> (419) 720-3635
>
>
>
