AS53062

User Tools

Site Tools

Trace: bgp-filter-examples
docs:bgp-filter-examples

Differences

This shows you the differences between two versions of the page.


docs:bgp-filter-examples [2025/09/25 12:44] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +===== reject_bogon_asns =====
 +<code>
 +policy-options {
 +    as-path-group bogon-asns {
 +        /* RFC7607 */
 +        as-path zero ".* 0 .*";
 +        /* RFC 4893 AS_TRANS */
 +        as-path as_trans ".* 23456 .*";
 +        /* RFC 5398 and documentation/example ASNs */
 +        as-path examples1 ".* [64496-64511] .*";
 +        as-path examples2 ".* [65536-65551] .*";
 +        /* RFC 6996 Private ASNs*/
 +        as-path reserved1 ".* [64512-65534] .*";
 +        as-path reserved2 ".* [4200000000-4294967294] .*";
 +        /* RFC 6996 Last 16 and 32 bit ASNs */
 +        as-path last16 ".* 65535 .*";
 +        as-path last32 ".* 4294967295 .*";
 +        /* RFC IANA reserved ASNs*/
 +        as-path iana-reserved ".* [65552-131071] .*";
 +    }
 +    policy-statement import_from_ebgp {
 +        term bogon-asns {
 +            from as-path-group bogon-asns;
 +            then reject;
 +        }
 +        term .....
 +    }
 +}
 +</code>
 +===== reject_bogon_prefixes =====
 +<code>whois -h whois.radb.net fltr-martian</code>
 +<code>
 +policy-options {
 +    prefix-list BOGONS_v4 {
 +        0.0.0.0/8;
 +        10.0.0.0/8;
 +        100.64.0.0/10;
 +        127.0.0.0/8;
 +        169.254.0.0/16;
 +        172.16.0.0/12;
 +        192.0.2.0/24;
 +        192.88.99.0/24;
 +        192.168.0.0/16;
 +        198.18.0.0/15;
 +        198.51.100.0/24;
 +        203.0.113.0/24;
 +        224.0.0.0/4;
 +        240.0.0.0/4;
 +    }
 +    policy-statement BGP_FILTER_IN {
 +        term IPv4 {
 +            from {
 +                prefix-list BOGONS_v4;
 +            }
 +            then reject;
 +        }
 +    }
 +}
 +</code>
 +
 +===== reject_transit_paths =====
 +<code>
 +policy-options {
 +  policy-statement bgp-import-policy {
 +    term no-transit-leaks {
 +        from as-path no-transit-import-in;
 +        then reject;
 +    }
 +   }
 + }
 +
 + as-path no-transit-import-in ".* (174|209|701|702|1239|1299|2914|3257|3320|3356|3549|3561|4134|5511|6453|6461|6762|7018) .*";
 +</code>
 +===== reject_small_prefixes =====
 +<code>
 +policy-options {
 +  policy-statement bgp-import-policy {
 +    term reject_too_small_prefixes_v4 {
 +        from {
 +            route-filter 0.0.0.0/0 prefix-length-range /25-/32;
 +        }
 +        then {
 +            reject;
 +        }
 +    }
 +  }
 +}
 +</code>
  
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki