On 2014-08-20, Laurent CARON <lca...@unix-scripts.info> wrote:
> While reviewing my BGP filters, i realized I don't filter private AS# in
> the AS-PATH.
>
> According to OpenBGPd's man page, it is possible to use:
>
> deny from any AS { 64512 64513 .... 65535 }
>
> It would however be quite unmaintainable and not really clean.
That would deny (reject) routes, it would not strip private ASN from the
AS-path, openbgp doesn't have a way to do that.
If you actually mean rejecting the routes (not modifying the path on
routes which you want to permit), and if it's customers (or possibly
peers) that you're talking about, explicitly permit what you expect to
see, deny all others. it's the only sane way. (Obviously make use of IRR
or other automated means to setup filters, if appropriate).
