10-29-2014 02:07 PM - edited 03-05-2019 12:04 AM
Hi all,
I'm trying to create an IOS as-path filter that is asdot+ compatible and that only allows a maximum of 3 as-paths, without taking into considerations any prepends that may appear in the as-path.
The following example illustrates what I'm after (3 x AS-PATH: AS777, AS3.157 and AS75):
777 3.157 3.157 3.157 3.157 3.157 3.157 3.157 3.157 3.157 75
The following as-path filter will work --
ip as-path access-list 200 permit ^(777_)+([0-9]+)|([0-9]+\.[0-9]+)*$
however it will also accept any ASes that are possibly behind AS75, AS76 for example:
777 3.157 3.157 3.157 3.157 3.157 3.157 3.157 3.157 3.157 75 76
What I'm looking for is therefore a way of
1. providing support for asdot+ in an IOS as-path filter
2. allowing a maximum of 3 AS-PATHS into my AS from a NAP
3. Ignore prepends and only count them as a single AS.
In IOS-XR/Juniper terms, I'm trying to replicate the as-path unique-length ge 3 in an IOS as-path.
Doing this in an peer specific inbound route-map is probably easier if your IOS version supports the unique-length option, however this is a valid solution only when you have a few, but not when you have several hundred.
Can anyone think of a way of doing this?
Kind regards,
Andrew
10-29-2014 05:05 PM
I haven't tested this, but have you tried removing the * at the end an specify 75 instead?
From:
ip as-path access-list 200 permit ^(777_)+([0-9]+)|([0-9]+\.[0-9]+)*$
To:
ip as-path access-list 200 permit ^(777_)+([0-9]+)|([0-9]+\.[0-9]+)_75$
HTH,
John
10-29-2014 05:17 PM
Hi John,
Thanks for your response. AS75 was a hypothetical AS. In all honestly, I'm not at all sure of the ASes that I'll receive from any given peer.
KR,
Andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide