Print
Parent Category: Tutorials
Hits: 6054

There are quite often situations when you want to discard inbound BGP updates from your upstreams if there is any private AS (64512 - 65535) in the update.

What is the best way to achieve this? Here is first example:

ip as-path access-list 1 permit _6451[2-9]_
ip as-path access-list 1 permit _645[2-9][0-9]_
ip as-path access-list 1 permit _64[6-9][0-9][0-9]_
ip as-path access-list 1 permit _65[0-4][0-9][0-9]_
ip as-path access-list 1 permit _655[0-2][0-9]_
ip as-path access-list 1 permit _6553[0-5]_

router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map filter-private-as in

route-map filter-private-as deny 10
match as-path 1


Or an other example:

ip as-path access-list 1 deny _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
ip as-path access-list 1 permit .*

router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map filter-private-as in

route-map filter-private-as permit 10
match as-path 1

Note:

We use Hosting and VPS Hosting, from: www.star-host.org

We like and trust them.

Good prices, high security.