Hi!
Did you try using BGP path mask? Like
if (bgp.path ~ [= ? bogon bogon * =]) …
Writing this from my phone. Please consult documentation or filter/test.conf
file in source tree for exact syntax and examples.
Maria
On March 26, 2019 10:34:39 AM GMT+01:00, Alexander Zubkov <gr...@qrator.net>
wrote:
>Hi,
>
>You can try to delete AS-TRANSIT from the path and get first.
>Something like (this is just a sketch):
>
>delete(bgp_path, AS-TRANSIT).first ~ BOGON_ASNS
>
>On Mon, Mar 25, 2019 at 9:50 PM Robert Scheck <b...@robert-scheck.de>
>wrote:
>>
>> Hello folks,
>>
>> can I somehow import filter only on the 2nd AS number in the AS path?
>I
>> know with the snippet below (heavily inspired by
>bgpfilterguide.nlnog.net),
>> I can filter on AS numbers that appear somewhere in the AS path,
>however
>> this import filter catches by nature also some pseudo-legitimate
>networks.
>>
>> define BOGON_ASNS = [ 0, 23456, 64496..64511, 64512..65534, 65535,
>65536..65551, 65552..131071, 4200000000..4294967294, 4294967295 ];
>>
>> if (bgp_path ~ BOGON_ASNS) then {
>> print "Detected bogon AS path: ", net, " ", bgp_path, ", (neighbour
>", from, ")";
>> }
>>
>> There are unfortunately some transits with broken export filters
>which e.g.
>> export their DSL/FTTC and FTTH networks using private ASNs and I
>would like
>> to explicitly filter these (example path: AS-TRANSIT AS-BOGON1
>AS-BOGON2).
>>
>> The documentation has hints for first and last ASN in path, but this
>would
>> catch in above example only AS-TRANSIT or AS-BOGON2, but not
>AS-BOGON1. Any
>> pointers?
>>
>> Thank you.
>>
>>
>> Regards,
>> Robert
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
