[c-nsp] BGP Filtering Policy with regular expressions

chip chip.gwyn at gmail.com
Mon Jan 21 12:16:28 EST 2008


I've always gone for the "Belt & Suspenders" approach.
Filter by ASN:  ^(12345_)+
Filter by Prefix: permit ip host xxx.xxx.xxx.0 host 255.255.255.0
Apply Communities:  set community YOURASN:CUSTOMER-COMMUNITY


--chip

-- 
Just my $.02, your mileage may vary,  batteries not included, etc....


On Jan 21, 2008 5:42 AM, John van Oppen <john at vanoppen.com> wrote:

> The solution to what you are describing is really using community
> strings to tag routes coming from customers then filtering announcements
> based on those tags.  Google is your friend here.   If not, hit me
> off-list for some cisco config examples.
>
>
>
>
> John van Oppen
> Spectrum Networks LLC
> 206.973.8302 (Direct)
> 206.973.8300 (main office)
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Michalis Palis
> Sent: Monday, January 21, 2008 1:34 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] BGP Filtering Policy with regular expressions
>
> Hello all
>
> I am trying to write a BGP policy using regular expressions for outgoing
> filtering. I need to allow customer AS numbers to be announced by our
> network as well as any prepends they send or any AS behind  our
> customer's AS.
>
> e.g allow
>
> 12345 678 9123
> 12345 12345
>
> etc....
>
> I did try the follwing which seems to work but I am not sure if I will
> have any security problems.
>
> ^12345_      for AS12345 and anything behind AS12345
>
>
> Any suggestions will be appreciated
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list