Hi,
I would like to filter bgp updates based on AS origin.
I know that i can match origin with regex as :
_1239$
In fact, i would like to match as-path that originate from
ASes from 856 to 1239.
pseudo regex would be something like : _[856..1239]$
Juniper has this feature. Cisco does not AFAIK.
Purpose is try matching AS originated from Ripe/Apnic blocks.
The only way to do that would be to use many as-path
that match each digits :-((
This is the way i already do to match bogus ASes :
ip as-path access-list 150 permit _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9])_
ip as-path access-list 150 permit _(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_
This is not very nice.
For Juniper :
as-path PRIVATE-DENY ".* (64512-65535) .*";
This is much clearer.
Does anybody heard about "as-range" feature on Cisco box ?
Thanks
Vincent.
Vincent,
I'm fairly certain it can match a range, just as you yourself posted you
could do. There is no difference between using a range to find 0-9, than
there is finding 64512-65535. So your line would look something like this:
ip as-path access-list 150 permit _[64512-65535]$
-Andy
Vincent,
I'm fairly certain it can match a range, just as you yourself posted you
could do. There is no difference between using a range to find 0-9, than
there is finding 64512-65535.
There is in regular expressions.
So your line would look something like this:
ip as-path access-list 150 permit _[64512-65535]$
[0123] is a one-character regular expression matching the digit 0, 1,
2, or 3.
[3-5] is a one-character regular expression matching 3, 4, or 5.
[64512-65535] is a one-character regular expression matching
1,2,3,4,5 or 6. (It's way more complex than it needs to be, of course.
You've got 6 listed in there twice; five is listed 4 times and also
included in the 2-6 range, and so on.)
So your expression above is going to match paths ending with AS 1, 2,
3, 4, 5, or 6.
-- Brett