North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: As-Path filtering based on ranges, not regex
Vincent, I'm fairly certain it can match a range, just as you yourself posted you could do. There is no difference between using a range to find 0-9, than there is finding 64512-65535. So your line would look something like this: ip as-path access-list 150 permit _[64512-65535]$ -Andy ----- Original Message ----- From: "Vincent Gillet" <[email protected]> To: <[email protected]> Sent: Friday, January 17, 2003 10:45 AM Subject: As-Path filtering based on ranges, not regex > > Hi, > > I would like to filter bgp updates based on AS origin. > > I know that i can match origin with regex as : > > _1239$ > > In fact, i would like to match as-path that originate from > ASes from 856 to 1239. > > pseudo regex would be something like : _[856..1239]$ > > Juniper has this feature. Cisco does not AFAIK. > Purpose is try matching AS originated from Ripe/Apnic blocks. > The only way to do that would be to use many as-path > that match each digits :-(( > > This is the way i already do to match bogus ASes : > > ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_ > ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_ > > This is not very nice. > > For Juniper : > > as-path PRIVATE-DENY ".* (64512-65535) .*"; > > This is much clearer. > > Does anybody heard about "as-range" feature on Cisco box ? > > Thanks > > Vincent.
|