Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6112
Views
3
Helpful
5
Replies

AS-Path Filtering Using BGP

Go to solution
intertouch
Level 1
Level 1

‎02-06-2006 10:02 PM - edited ‎03-03-2019 11:40 AM

I have two E3 connection to AS4788 and AS9933;

what is the configuration like if I want to do a filtering base on AS_Path? I just want to accept the ip prefixes originated from AS4788 and all the ASs that have direct connection to AS4788. The rest, I would like to block.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
olorunloba
Level 5
Level 5

‎02-07-2006 01:44 AM

Use the following as-path access-list

ip as-path access-list 1 permit ^4788$

ip as-path access-list 1 permit ^4788_[0-9]+$

The first line matches routes originating from AS 4788 and the second macthes an AS connected to AS 4788.

Hope this helps

View solution in original post

0 Helpful
5 Replies 5

Go to solution
nihal.akbulut
Level 1
Level 1

‎02-06-2006 11:06 PM

Hi,

the filter should be like this;

ip as-path access-list 1 permit ^4788$

ip as-path access-list 1 permit _4788$

first statement permits directly connected perfixes to AS4788, second one permits prefixes those originated in AS4788. there is an implicit deny at the end, so all prefixes except you permitted above will be denied.

hope this helps

Go to solution
intertouch
Level 1
Level 1
In response to nihal.akbulut

‎02-07-2006 12:02 AM

This was what I implemented:

ip as-path access-list 104 permit ^4788$

ip as-path access-list 104 permit _4788$

route-map itt_in-ISP permit 10

match as-path 104

!

However, when I did a sh ip bgp, I got this:

61.94.195.0/24 203.121.17.63 0 4788 701 3549 9304 7632 7713 17974 ?

*> 62.152.64.0/19 203.121.17.63 0 4788 2914 35422 13062 i

*> 64.82.192.0/18 203.121.17.63 0 4788 1239 20115 20115 20115 27419 i

*> 64.82.216.0/22 203.121.17.63 0 4788 1239 20115 20115 20115 18812 i

*> 64.82.234.0/24 203.121.17.63 0 4788 1239 20115 20115 20115 18812 i

How come I still have those ASs that have no direct connection to AS1238?

0 Helpful

Go to solution
intertouch
Level 1
Level 1
In response to intertouch

‎02-07-2006 12:13 AM

Please ignore the message above. In fact, when I implemented the filter, the ip prefixes just stop coming in..why is that so?

0 Helpful

Go to solution
olorunloba
Level 5
Level 5
In response to intertouch

‎02-07-2006 01:54 AM

Since you are directly connected to AS 4788, the two lines would reduce to routes from AS4788. In your situation, I guess that the provider of AS 4788 is not advertising any of her prefixes to you.

Note the meaning of the meta charaters

^ matches the beginning of the line

$ matches the end of a line

_ (underscore) matches a comma, the beginning of a line, end of a line or a space.

Hence the first line of the access list matches route with AS path 4788. Hence originated from AS 4788.

The second line matches any AS path which ends with AS 4788 (the underscore makes it specific to AS 4788). But because you are directly connected to AS 4788, the only routes that can be mathched are routes from AS 4788 itself.

0 Helpful

Go to solution
olorunloba
Level 5
Level 5

‎02-07-2006 01:44 AM

Use the following as-path access-list

ip as-path access-list 1 permit ^4788$

ip as-path access-list 1 permit ^4788_[0-9]+$

The first line matches routes originating from AS 4788 and the second macthes an AS connected to AS 4788.

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents