[c-nsp] How to filter private AS from inbound BGP updates?
Peter Salanki
peter.salanki at bahnhof.net
Mon Dec 5 17:40:08 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What kind of funky upstream do you have sending you private AS-es?
5 dec 2005 kl. 21.20 skrev Wolfgang Roth:
> Hi all,
>
> I want to discard inbound BGP updates from our upstreams if there
> is any
> private AS (64512 - 65535) in the update.
>
> What is the best way to achieve this? Here is my suggestion:
>
> ip as-path access-list 1 permit 6451[2-9]
> ip as-path access-list 1 permit 645[2-9][0-9]
> ip as-path access-list 1 permit 64[6-9][0-9][0-9]
> ip as-path access-list 1 permit 65[0-4][0-9][0-9]
> ip as-path access-list 1 permit 655[0-2][0-9]
> ip as-path access-list 1 permit 6553[0-5]
>
> router bgp 1
> neighbor 1.1.1.1 remote-as 1
> neighbor 1.1.1.1 route-map filter-private-as in
>
> route-map filter-private-as deny 10
> match as-path 1
>
> Is that correct or does anybody has a better idea?
>
> I know that 'neighbor 1 remove-private-AS' would filter private AS
> from
> outbound BGP updates and that the other side could use this
> statement - but
> apparently my upstreams don't!
>
> Thank you
>
>
> Wolfgang
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFDlMHJiQKhdiFGiogRAocLAJwJhMlOGJf9QFmw+cB34x1Cc+sI0gCeKPKP
4f46TGnSK91uj/PjFbPGCsU=
=6g6P
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list