As-Path filtering based on ranges, not regex

• Previous message (by thread): Less than 2% of computer attacks on military are successful
• Next message (by thread): As-Path filtering based on ranges, not regex
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I would like to filter bgp updates based on AS origin.

I know that i can match origin with regex as :

_1239$

In fact, i would like to match as-path that originate from
ASes from 856 to 1239.

pseudo regex would be something like : _[856..1239]$

Juniper has this feature. Cisco does not AFAIK.
Purpose is try matching AS originated from Ripe/Apnic blocks.
The only way to do that would be to use many as-path
that match each digits :-((

This is the way i already do to match bogus ASes :

	ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
	ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_

This is not very nice.

For Juniper :

	as-path PRIVATE-DENY ".* (64512-65535) .*";

This is much clearer.

Does anybody heard about "as-range" feature on Cisco box ?

Thanks

Vincent.

• Previous message (by thread): Less than 2% of computer attacks on military are successful
• Next message (by thread): As-Path filtering based on ranges, not regex
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]