BGP Path Filtering
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri May 16 09:01:16 UTC 2003
On Thu, 15 May 2003, Mark Radabaugh wrote:
>
> I'm having a hard time finding best practices for filtering outbound bgp
> announcements when providing transit to bgp-speaking customers. While we
> currently multi-home to several providers it appears we will soon need to
> provide transit for customers with their own AS's.
>
> I find lots of references (and understand) the basic
>
> ip as-path access-list 3 permit ^$
>
> and it would seem that should we wish to provide transit for a bgp customer
> AS12345 we would use:
>
> ip as-path access-list 3 permit ^12345$
>
> but I think this breaks if AS12345 prepends their advertisement.
yes it will
> Next up is:
>
> ip as-path access-list 3 permit ^12345_[0-9]$*
>
> Which seems correct to me. Is this still best practice (or even correct)?
no, perhaps you mean ..[0-9]*$ but that still wont allow multiple prepends as it
wont match the space only the numbers
try
ip as-path access-list 3 permit ^(_12345_)+$
which will allow one or more of their as's
ASN is pretty crude tho, consider using a prefix list to filter each prefix and
include length
Steve
>
> Mark Radabaugh
> Amplex
> (419) 720-3635
>
>
>
More information about the NANOG
mailing list