As-Path filtering based on ranges, not regex
Hi, I would like to filter bgp updates based on AS origin. I know that i can match origin with regex as : _1239$ In fact, i would like to match as-path that originate from ASes from 856 to 1239. pseudo regex would be something like : _[856..1239]$ Juniper has this feature. Cisco does not AFAIK. Purpose is try matching AS originated from Ripe/Apnic blocks. The only way to do that would be to use many as-path that match each digits :-(( This is the way i already do to match bogus ASes : ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_ ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_ This is not very nice. For Juniper : as-path PRIVATE-DENY ".* (64512-65535) .*"; This is much clearer. Does anybody heard about "as-range" feature on Cisco box ? Thanks Vincent.
Vincent, I'm fairly certain it can match a range, just as you yourself posted you could do. There is no difference between using a range to find 0-9, than there is finding 64512-65535. So your line would look something like this: ip as-path access-list 150 permit _[64512-65535]$ -Andy ----- Original Message ----- From: "Vincent Gillet" <vgi@zoreil.com> To: <nanog@merit.edu> Sent: Friday, January 17, 2003 10:45 AM Subject: As-Path filtering based on ranges, not regex
Hi,
I would like to filter bgp updates based on AS origin.
I know that i can match origin with regex as :
_1239$
In fact, i would like to match as-path that originate from ASes from 856 to 1239.
pseudo regex would be something like : _[856..1239]$
Juniper has this feature. Cisco does not AFAIK. Purpose is try matching AS originated from Ripe/Apnic blocks. The only way to do that would be to use many as-path that match each digits :-((
This is the way i already do to match bogus ASes :
ip as-path access-list 150 permit
_(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
This is not very nice.
For Juniper :
as-path PRIVATE-DENY ".* (64512-65535) .*";
This is much clearer.
Does anybody heard about "as-range" feature on Cisco box ?
Thanks
Vincent.
On Fri, Jan 17, 2003 at 12:10:59PM -0500, Andy Johnson wrote:
Vincent,
I'm fairly certain it can match a range, just as you yourself posted you could do. There is no difference between using a range to find 0-9, than there is finding 64512-65535.
There is in regular expressions.
So your line would look something like this:
ip as-path access-list 150 permit _[64512-65535]$
[0123] is a one-character regular expression matching the digit 0, 1, 2, or 3. [3-5] is a one-character regular expression matching 3, 4, or 5. [64512-65535] is a one-character regular expression matching 1,2,3,4,5 or 6. (It's way more complex than it needs to be, of course. You've got 6 listed in there twice; five is listed 4 times and also included in the 2-6 range, and so on.) So your expression above is going to match paths ending with AS 1, 2, 3, 4, 5, or 6. -- Brett
participants (3)
-
Andy Johnson
-
Brett Frankenberger
-
Vincent Gillet