Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: As-Path filtering based on ranges, not regex

  • From: Andy Johnson
  • Date: Fri Jan 17 12:13:33 2003

Vincent,

    I'm fairly certain it can match a range, just as you yourself posted you
could do. There is no difference between using a range to find 0-9, than
there is finding 64512-65535. So your line would look something like this:

    ip as-path access-list 150 permit _[64512-65535]$


-Andy

----- Original Message -----
From: "Vincent Gillet" <vgi@zoreil.com>
To: <nanog@merit.edu>
Sent: Friday, January 17, 2003 10:45 AM
Subject: As-Path filtering based on ranges, not regex


>
> Hi,
>
> I would like to filter bgp updates based on AS origin.
>
> I know that i can match origin with regex as :
>
> _1239$
>
> In fact, i would like to match as-path that originate from
> ASes from 856 to 1239.
>
> pseudo regex would be something like : _[856..1239]$
>
> Juniper has this feature. Cisco does not AFAIK.
> Purpose is try matching AS originated from Ripe/Apnic blocks.
> The only way to do that would be to use many as-path
> that match each digits :-((
>
> This is the way i already do to match bogus ASes :
>
> ip as-path access-list 150 permit
_(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
> ip as-path access-list 150 permit
_(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
>
> This is not very nice.
>
> For Juniper :
>
> as-path PRIVATE-DENY ".* (64512-65535) .*";
>
> This is much clearer.
>
> Does anybody heard about "as-range" feature on Cisco box ?
>
> Thanks
>
> Vincent.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.