Preventing transit traffic using regular expressions

rsamuel708 · ‎08-15-2008

I'm in the process of building a config to multihome my organization to AS4323 and AS7018. I'm looking for tips and config examples to prevent transit to our routers between the two provider AS's.

Can anyone share any specific examples using regular expressions to do this?

Thanks in advance.

/rls

Edison Ortiz · ‎08-15-2008

Here is some good reading on AS Regular Expressions:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#asregexp

What you need to do is match the as-path list from traffic that matches the start of the AS_PATH, for instance AS 7018 and block that traffic from going to neighbor in the AS 4323.

You need to do the same in the 7018 AS neighbor for traffic coming from the 4323 AS

HTH,

__

Edison.

Richard Burts · ‎08-15-2008

rls

There is a very simple AS path list which will accomplish what you want:

ip as-path access-list 1 permit ^$

Use this AS path list to filter outbound to the external peers. It will permit only prefixes which originate in your AS and will not permit any transit traffic.

The logic behind it is this:

^$ permits only an empty AS path (has no AS in the path). At the point where the filter is applied your advertisements do not yet have your AS in them, so your prefixes are empty and any prefix received from any external peer will have some content in the AS path. So this AS path list is the easy way to be sure that you do not become transit.

HTH

Rick

HTH

Rick