-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thursday, February 26th, 2026 at 08:10, Saku Ytti <saku@ytti.fi> wrote:
Thank you, very useful. I assume you've previously used. non-EOS platform, were you running a similar scale there?
No - we built a greenfield network a few years back so EOS only here and no prior NOSes to compare to.
Is EOS using ASN as atom or character as atom? Your example has some ambiguity to me.
permit (1|2|3|4|5|6|7|8)$ any
This would work with both atoms. But
permit (11|22|33|44|55|66|77|88)$ any
has a very different meaning depending if character or ASN is an atom.
Sorry, I could have explained that better. Firstly ignore the "any" on that end, that is matching the BGP origin type (IGP/EGP/unknown). To explain the line: (1|2|3|4|5|6|7|8)$ As I'm sure you know, $ matches "ends with". Each number before that between a vertical pipe is an "OR" and matches an entire ASN. So we're matching an AS path that end's with AS1 or ends with AS2 or ends with AS3, etc. This doesn't also match; ends with AS11 or ends with AS111 etc. There is (likely!) some optimisation we could do here, but like many things, it's working, I have a bunch of stuff that is broken, so no time to look into improving the efficiency of something that's working (i.e., I'm sure where we have continuous ranges of ASNs we could use regex ranges, but no time right now). You mentioned in a previous email about problems committing such large configs. For us, prefix filters and AS path filters are files on the router's disk. So in the device's config, it's just one line of config which references the file on the disk, the prefix filters and AS path filters aren't part of the running config. This massively reduces the config size.
90% of our "running config" then comes from the BGP policy ("RCF" in EOS terminology). RCF can also be files on disk. For us RCF is not in files on disk today, still in "running config". This is something that needs fixing; we have 175k lines of RCF on some edge routers. We've worked with Arista to get big functional changes into EOS (RCF now supports functions, and takes arguments like AS numbers, communities, etc., to avoid repeating code). This wasn't present when we started, hence the giant policies. We'll work on replacing this with functions, and then after that, see if we still need to separate RCF from running config out to files on disk. But so far, committing such large configs works fine and the plan is to address this before it becomes "not fine".
Cheers, James. -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsG5BAEBCgBtBYJpoUR+CRCoEx+igX+A+0UUAAAAAAAcACBzYWx0QG5vdGF0 aW9ucy5vcGVucGdwanMub3JnyWO1GROF+CNVyaX6XUhdfMPEodJA7oyBPfpP efZcFf4WIQQ+k2NZBObfK8Tl7sKoEx+igX+A+wAACg8QAJqjTegkRutKON4p vu83goG0tLUqtPyM7LwhNN3AzepnrKHTkZ6yduKEMz7FQIkCNDdq1dTIIo/f q/kQmH2PDa6C3uzF+yiJlv/mFTIWAq09JG3FOJJGAJtpXmyk2GrcbDoKl6xo tT2LBfCJ4anzthT/tyfqETfFdJ7Y1rXYTaVt8ET0xq/Xhc2I/wlTTS7A5tAs A+T2OicD9XW1HPjvb2FzyERORiHQc6n90+rX3OwvDC80fPo0eucknhPlIURK 41xntgbJpe0slpAyvdq5ezQISpCFVu8VtwL0MdZ3s77H3ElSU4Mr5Sr91OQu hP26uZRJovTNPl64EDOpdg8SqoFYB4eNO2y+qMkd9hu6Kvr8o0+p8iPT2F73 kfQlG48DmlFaEOK3EUqmb6no45D+XW0xdwJYPq4xP/13bPFlZSen+JTgUVIm czCVuL36W8y4JpMT2hFhQUmX0pKCmCogJvGFzKqBUX7dLMRzRW75h9/hyQ+a +wkn57WnkVd54HTmC2cnhUqE/zobcrMqxMSRNPO1J7oewUga1ginNZFbrY6d bDE0RYY0NfyiW99Rv11TmGm+cM2T4lWkbBuwfiPuAIsm8ZcIiMcsgNUh+ULQ yY03yudLcGp7G8XhIQMFa+CuWLnp9c5Z8uD2RNMDsG1uuPsInyuidjYx+2PF JpKOnC26 =mjUI -----END PGP SIGNATURE-----