From: Bogdan Sass (bogdan.sass@catc.ro)
Date: Tue May 13 2008 - 14:21:00 ART
Larry wrote:
> What about prepending??? To play it safe if those were the only 2 I
> would choose _2$. That would be anything originating in AS2 no matter
> what they through into the path. If you are neighboring with AS2 you
> know that they are directly connected... I have been burned before on
> the prepending!!!
I agree with you there. I thought about prepending also, and I guess
one could always try (_2)+$ . But this was not among the options presented.
Even Cisco recommends the same approach (ignoring prepending):
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtml
If you want to deny all the networks that have originated in AS 4 and
permit all other routes to enter AS 3 from Router 3, you can apply an
inbound filter at Router 3, as follows:
ip as-path access-list 1 deny _4$
ip as-path access-list 1 permit .*
>
> On 5/13/08, *Bogdan Sass* <bogdan.sass@catc.ro
> <mailto:bogdan.sass@catc.ro>> wrote:
>
> Bogdan Sass wrote:
>
> irfanccie@hotmail.co.uk <mailto:irfanccie@hotmail.co.uk> wrote:
>
> Hi All
>
> IF your AS is 1 and neighbor AS2 , and there there is a
> requirement to only
> allow networks originated only from directly connected AS2
> would the reg exp
> be
>
> ip as-path access-list permit ^2$
>
> or
>
> ip as-path access-list permit _2$
>
>
> please help
>
> thanks
>
>
> As I see it, ^2$ will allow networks containing only AS2 in
> the AS_PATH (networks originated from AS2), while _2$ will
> allow all networks that have an AS_PATH ending in AS2 (all
> networks received from AS2).
>
> So for your question, the answer would be ^2$
>
-- Bogdan Sass CCAI,CCNP,CCSP,JNCIA-ER Information Systems Security Professional "Curiosity was framed - ignorance killed the cat"
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:16 ART