Import filter on 2nd ASN in AS path?
Robert Scheck
bird at robert-scheck.de
Mon Mar 25 21:44:02 CET 2019
Hello folks,
can I somehow import filter only on the 2nd AS number in the AS path? I
know with the snippet below (heavily inspired by bgpfilterguide.nlnog.net),
I can filter on AS numbers that appear somewhere in the AS path, however
this import filter catches by nature also some pseudo-legitimate networks.
define BOGON_ASNS = [ 0, 23456, 64496..64511, 64512..65534, 65535, 65536..65551, 65552..131071, 4200000000..4294967294, 4294967295 ];
if (bgp_path ~ BOGON_ASNS) then {
print "Detected bogon AS path: ", net, " ", bgp_path, ", (neighbour ", from, ")";
}
There are unfortunately some transits with broken export filters which e.g.
export their DSL/FTTC and FTTH networks using private ASNs and I would like
to explicitly filter these (example path: AS-TRANSIT AS-BOGON1 AS-BOGON2).
The documentation has hints for first and last ASN in path, but this would
catch in above example only AS-TRANSIT or AS-BOGON2, but not AS-BOGON1. Any
pointers?
Thank you.
Regards,
Robert
More information about the Bird-users
mailing list