Hi Jakob, This is really great and exactly what I had in mind when proposed auto-policy based on AS_PATH check. Can you commit it to IOS so it is build-in with a knob to use ?
Cheers, R. On Sat, May 6, 2017 at 12:09 AM, Jakob Heitz (jheitz) <[email protected]> wrote: > Even if violating router-os's are updated, leaks will continue for a long > time. > > I hope I can help on the filtering side. No RFC or vendor code change > required. > > > > I wrote an app in C that takes the output of "show bgp" and creates > > a set of route-policies that will prevent the leaks. > > It looks at the as-paths, finds your neighbors and then all their > upstreams. > > Then it writes as-path policies to allow only those upstreams for your > neighbors. > > You then use the policy in your neighbor inbound policies to either drop > > or set a low localpref. There is a way to show the routes that are > disallowed. > > Sorry, it only works with Cisco. > > The source is free for anyone to do whatever they want. > > Other vendors can adapt it at will. > > > > Compile it at a Linux command line; "cc showbgp2policy.c". > > Sorry about the C, but python is not my mother tongue. > > Start with num_policies of 30 and see how it looks. > > > > > > Thanks, > > Jakob. > > > > _______________________________________________ > GROW mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/grow > >
_______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
