Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Preventing transit traffic using regular expressions

I'm in the process of building a config to multihome my organization to AS4323 and AS7018. I'm looking for tips and config examples to prevent transit to our routers between the two provider AS's.

Can anyone share any specific examples using regular expressions to do this?

Thanks in advance.

/rls

2 REPLIES
Hall of Fame Super Bronze

Re: Preventing transit traffic using regular expressions

Here is some good reading on AS Regular Expressions:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#asregexp

What you need to do is match the as-path list from traffic that matches the start of the AS_PATH, for instance AS 7018 and block that traffic from going to neighbor in the AS 4323.

You need to do the same in the 7018 AS neighbor for traffic coming from the 4323 AS

HTH,

__

Edison.

Hall of Fame Super Silver

Re: Preventing transit traffic using regular expressions

rls

There is a very simple AS path list which will accomplish what you want:

ip as-path access-list 1 permit ^$

Use this AS path list to filter outbound to the external peers. It will permit only prefixes which originate in your AS and will not permit any transit traffic.

The logic behind it is this:

^$ permits only an empty AS path (has no AS in the path). At the point where the filter is applied your advertisements do not yet have your AS in them, so your prefixes are empty and any prefix received from any external peer will have some content in the AS path. So this AS path list is the easy way to be sure that you do not become transit.

HTH

Rick

188
Views
5
Helpful
2
Replies
CreatePlease to create content