|
|
|
There are quite often situations when you want to discard inbound BGP updates from your upstreams if there is any private AS (64512 - 65535) in the update.
What is the best way to achieve this? Here is first example:
ip as-path access-list 1 permit _6451[2-9]_
ip as-path access-list 1 permit _645[2-9][0-9]_
ip as-path access-list 1 permit _64[6-9][0-9][0-9]_
ip as-path access-list 1 permit _65[0-4][0-9][0-9]_
ip as-path access-list 1 permit _655[0-2][0-9]_
ip as-path access-list 1 permit _6553[0-5]_
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map filter-private-as in
route-map filter-private-as deny 10
match as-path 1
Or an other example:
ip as-path access-list 1 deny _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
ip as-path access-list 1 permit .*
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map filter-private-as in
route-map filter-private-as permit 10
match as-path 1
|
|
|
|
Note:
We use Hosting and VPS Hosting, from:
www.star-host.org
We like and trust them.
Good prices, high security.
|