[c-nsp] How to filter private AS from inbound BGP updates?
Wolfgang Roth
Wolfgang.Roth at brave.de
Mon Dec 5 15:20:55 EST 2005
Hi all,
I want to discard inbound BGP updates from our upstreams if there is any
private AS (64512 - 65535) in the update.
What is the best way to achieve this? Here is my suggestion:
ip as-path access-list 1 permit 6451[2-9]
ip as-path access-list 1 permit 645[2-9][0-9]
ip as-path access-list 1 permit 64[6-9][0-9][0-9]
ip as-path access-list 1 permit 65[0-4][0-9][0-9]
ip as-path access-list 1 permit 655[0-2][0-9]
ip as-path access-list 1 permit 6553[0-5]
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map filter-private-as in
route-map filter-private-as deny 10
match as-path 1
Is that correct or does anybody has a better idea?
I know that 'neighbor 1 remove-private-AS' would filter private AS from
outbound BGP updates and that the other side could use this statement - but
apparently my upstreams don't!
Thank you
Wolfgang
More information about the cisco-nsp
mailing list