[c-nsp] How to filter private AS from inbound BGP updates?

Peter Salanki peter.salanki at bahnhof.net
Mon Dec 5 17:40:08 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What kind of funky upstream do you have sending you private AS-es?

5 dec 2005 kl. 21.20 skrev Wolfgang Roth:

> Hi all,
>
> I want to discard inbound BGP updates from our upstreams if there  
> is any
> private AS (64512 - 65535) in the update.
>
> What is the best way to achieve this? Here is my suggestion:
>
> ip as-path access-list 1 permit 6451[2-9]
> ip as-path access-list 1 permit 645[2-9][0-9]
> ip as-path access-list 1 permit 64[6-9][0-9][0-9]
> ip as-path access-list 1 permit 65[0-4][0-9][0-9]
> ip as-path access-list 1 permit 655[0-2][0-9]
> ip as-path access-list 1 permit 6553[0-5]
>
> router bgp 1
>  neighbor 1.1.1.1 remote-as 1
>  neighbor 1.1.1.1 route-map filter-private-as in
>
> route-map filter-private-as deny 10
>  match as-path 1
>
> Is that correct or does anybody has a better idea?
>
> I know that 'neighbor 1 remove-private-AS' would filter private AS  
> from
> outbound BGP updates and that the other side could use this  
> statement - but
> apparently my upstreams don't!
>
> Thank you
>
>
> Wolfgang
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDlMHJiQKhdiFGiogRAocLAJwJhMlOGJf9QFmw+cB34x1Cc+sI0gCeKPKP
4f46TGnSK91uj/PjFbPGCsU=
=6g6P
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list