On Sat, Jul 16, 2005 at 08:23:17PM +0200, Henning Brauer wrote:
> * Xavier Beaudouin <[EMAIL PROTECTED]> [2005-07-16 20:04]:
> > I wish to add a filter to avoid that bogus AS that should be reserved
> > for private network to be accepted by my router.
> >
> > The problem is that :
> >
> > # filter bogus AS
> > allow from any AS { 64512, 65534 } set nexthop blackhole
> >
> > Doesn't allow ranges... Is there any better way to handle such setup ?
>
> no, but adding ranges might be a good idea...
>
Btw. you don't want to do that because there are some valid networks that
have reserved AS numbers in their path.
# bgpctl show rib | grep "65[0-9][0-9][0-9]" | awk '{print $2}'
194.146.116.0/24
199.222.136.0/22
200.32.76.0/24
200.32.77.0/24
200.61.32.0/20
201.30.243.0/24
203.177.192.0/24
209.125.232.0/23
209.218.6.0/23
213.154.225.0/24
213.154.230.0/24
213.154.242.0/23
213.154.242.0/24
213.154.243.0/24
216.53.126.0/23
216.217.68.0/22
I don't know why you want to filter them out. Unless you are using these
AS yourself internally -- in that case you should probably block the
specific AS.
IMO having AS number ranges does not make that much sense -- there is
almost no policy on AS number allocation.
--
:wq Claudio
