Hello Guys and happy news year to all !
I have recently setups a news BGP router for peering purpose using
OpenBSD.
In order to do input filtering I have tried to use an as-set looking
like that :
## use as-set to reject bogon AS number
as-set bogon-as { 0 23456 64496-131071 64512-65534 65535 65536-65551
65552-131071 4200000000-4294967295 4294967295 }
But this configuration did not work.
It seems that bgpd cannot handle as rang in as-set unlike the filter
directive.
As anyone tries that before me ? Can you confirm that filter is the best
solution for now ?
I have fallen back on this configuration :
## use filter to reject bogon AS numbers
deny quick from any AS 0 # reserved
[RFC7607]
deny quick from any AS 23456 # AS_TRANS
[RFC6793]
deny quick from any AS 64496 - 131071 # reserved for
documentation [RFC5398]
deny quick from any AS 64512 - 65534 # reserved for
private usage [RFC5398]
deny quick from any AS 65535 # reserved
[RFC7300]
deny quick from any AS 65536 - 65551 # reserved for
documentation [RFC5398]
deny quick from any AS 65552 - 131071 # reserved by IANA
deny quick from any AS 4200000000 - 4294967295 # reserved for
private usage [RFC6996]
deny quick from any AS 4294967295 # reserved
[RFC7300]
Best Regards,
Stéphane