Ferramentas do usuário
docs:bgp-filter-examples
Diferenças
Aqui você vê as diferenças entre duas revisões dessa página.
| Próxima revisão | Revisão anterior | ||
|
docs:bgp-filter-examples [2019/01/22 11:08] marcelo criada |
docs:bgp-filter-examples [2019/01/22 11:21] marcelo [reject_bogon_prefixes] |
||
|---|---|---|---|
| Linha 1: | Linha 1: | ||
| - | sdaff | + | ===== reject_bogon_asns ===== |
| + | <code> | ||
| + | policy-options { | ||
| + | as-path-group bogon-asns { | ||
| + | /* RFC7607 */ | ||
| + | as-path zero ".* 0 .*"; | ||
| + | /* RFC 4893 AS_TRANS */ | ||
| + | as-path as_trans ".* 23456 .*"; | ||
| + | /* RFC 5398 and documentation/example ASNs */ | ||
| + | as-path examples1 ".* [64496-64511] .*"; | ||
| + | as-path examples2 ".* [65536-65551] .*"; | ||
| + | /* RFC 6996 Private ASNs*/ | ||
| + | as-path reserved1 ".* [64512-65534] .*"; | ||
| + | as-path reserved2 ".* [4200000000-4294967294] .*"; | ||
| + | /* RFC 6996 Last 16 and 32 bit ASNs */ | ||
| + | as-path last16 ".* 65535 .*"; | ||
| + | as-path last32 ".* 4294967295 .*"; | ||
| + | /* RFC IANA reserved ASNs*/ | ||
| + | as-path iana-reserved ".* [65552-131071] .*"; | ||
| + | } | ||
| + | policy-statement import_from_ebgp { | ||
| + | term bogon-asns { | ||
| + | from as-path-group bogon-asns; | ||
| + | then reject; | ||
| + | } | ||
| + | term ..... | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | ===== reject_bogon_prefixes ===== | ||
| + | <code>whois -h whois.radb.net fltr-martian</code> | ||
| + | <code> | ||
| + | policy-options { | ||
| + | prefix-list BOGONS_v4 { | ||
| + | 0.0.0.0/8; | ||
| + | 10.0.0.0/8; | ||
| + | 100.64.0.0/10; | ||
| + | 127.0.0.0/8; | ||
| + | 169.254.0.0/16; | ||
| + | 172.16.0.0/12; | ||
| + | 192.0.2.0/24; | ||
| + | 192.88.99.0/24; | ||
| + | 192.168.0.0/16; | ||
| + | 198.18.0.0/15; | ||
| + | 198.51.100.0/24; | ||
| + | 203.0.113.0/24; | ||
| + | 224.0.0.0/4; | ||
| + | 240.0.0.0/4; | ||
| + | } | ||
| + | policy-statement BGP_FILTER_IN { | ||
| + | term IPv4 { | ||
| + | from { | ||
| + | prefix-list BOGONS_v4; | ||
| + | } | ||
| + | then reject; | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | ===== reject_transit_paths ===== | ||
| + | <code> | ||
| + | policy-options { | ||
| + | policy-statement bgp-import-policy { | ||
| + | term no-transit-leaks { | ||
| + | from as-path no-transit-import-in; | ||
| + | then reject; | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | |||
| + | as-path no-transit-import-in ".* (174|209|701|702|1239|1299|2914|3257|3320|3356|3549|3561|4134|5511|6453|6461|6762|7018) .*"; | ||
| + | </code> | ||
| + | ===== reject_small_prefixes ===== | ||
| + | <code> | ||
| + | policy-options { | ||
| + | policy-statement bgp-import-policy { | ||
| + | term reject_too_small_prefixes_v4 { | ||
| + | from { | ||
| + | route-filter 0.0.0.0/0 prefix-length-range /25-/32; | ||
| + | } | ||
| + | then { | ||
| + | reject; | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
docs/bgp-filter-examples.txt · Última modificação: 2019/01/22 11:21 por marcelo
Ferramentas da página
