===== reject_bogon_asns =====
policy-options {
as-path-group bogon-asns {
/* RFC7607 */
as-path zero ".* 0 .*";
/* RFC 4893 AS_TRANS */
as-path as_trans ".* 23456 .*";
/* RFC 5398 and documentation/example ASNs */
as-path examples1 ".* [64496-64511] .*";
as-path examples2 ".* [65536-65551] .*";
/* RFC 6996 Private ASNs*/
as-path reserved1 ".* [64512-65534] .*";
as-path reserved2 ".* [4200000000-4294967294] .*";
/* RFC 6996 Last 16 and 32 bit ASNs */
as-path last16 ".* 65535 .*";
as-path last32 ".* 4294967295 .*";
/* RFC IANA reserved ASNs*/
as-path iana-reserved ".* [65552-131071] .*";
}
policy-statement import_from_ebgp {
term bogon-asns {
from as-path-group bogon-asns;
then reject;
}
term .....
}
}
===== reject_bogon_prefixes =====
whois -h whois.radb.net fltr-martian
policy-options {
prefix-list BOGONS_v4 {
0.0.0.0/8;
10.0.0.0/8;
100.64.0.0/10;
127.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
192.0.2.0/24;
192.88.99.0/24;
192.168.0.0/16;
198.18.0.0/15;
198.51.100.0/24;
203.0.113.0/24;
224.0.0.0/4;
240.0.0.0/4;
}
policy-statement BGP_FILTER_IN {
term IPv4 {
from {
prefix-list BOGONS_v4;
}
then reject;
}
}
}
===== reject_transit_paths =====
policy-options {
policy-statement bgp-import-policy {
term no-transit-leaks {
from as-path no-transit-import-in;
then reject;
}
}
}
as-path no-transit-import-in ".* (174|209|701|702|1239|1299|2914|3257|3320|3356|3549|3561|4134|5511|6453|6461|6762|7018) .*";
===== reject_small_prefixes =====
policy-options {
policy-statement bgp-import-policy {
term reject_too_small_prefixes_v4 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then {
reject;
}
}
}
}