[c-nsp] BGP Filtering Policy with regular expressions
Jonathan Crawford
jcrawford at servious.org
Mon Jan 21 05:25:06 EST 2008
Your regex should accomplish what you want... as long as you are prefix
filtering your peers incoming and/or filtering your outgoing prefix
announcements then you should be ok... if you are not then you are leaving
yourself open to the possibility of a peer accidentally or intentionally
announcing someone else's network to/through you.
I'd personally look into using communities for controlling re-announcement
as another option to use in place of or with as-path filtering.
-Jonathan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Michalis Palis
Sent: Monday, January 21, 2008 1:34 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] BGP Filtering Policy with regular expressions
Hello all
I am trying to write a BGP policy using regular expressions for outgoing
filtering. I need to allow customer AS numbers to be announced by our
network as well as any prepends they send or any AS behind our customer's
AS.
e.g allow
12345 678 9123
12345 12345
etc....
I did try the follwing which seems to work but I am not sure if I will have
any security problems.
^12345_ for AS12345 and anything behind AS12345
Any suggestions will be appreciated
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list