As-Path filtering based on ranges, not regex
Vincent Gillet
vgi at zoreil.com
Fri Jan 17 15:45:24 UTC 2003
Hi,
I would like to filter bgp updates based on AS origin.
I know that i can match origin with regex as :
_1239$
In fact, i would like to match as-path that originate from
ASes from 856 to 1239.
pseudo regex would be something like : _[856..1239]$
Juniper has this feature. Cisco does not AFAIK.
Purpose is try matching AS originated from Ripe/Apnic blocks.
The only way to do that would be to use many as-path
that match each digits :-((
This is the way i already do to match bogus ASes :
ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
This is not very nice.
For Juniper :
as-path PRIVATE-DENY ".* (64512-65535) .*";
This is much clearer.
Does anybody heard about "as-range" feature on Cisco box ?
Thanks
Vincent.
More information about the NANOG
mailing list