We've had problems in various NOS in generating large prefix-lists. In absolute configuration size, as well as prefix-set sizes.
I'd like to hear about operational experiences, how long AS-PATH policies people have successfully run and in which NOS. I am not interested in exact AS_PATH contents, I am only interested that it contains a named set of AS numbers, in any order and any repetition. In Junos speak ^[1 42 500 1212]*$ How many ASN can I iterate, before I become market leading and have to work with vendors to fix bugs? The interest is because of RPKI we could get rid of prefix-lists, but we might still want to verify AS_PATH. Consider AS-YTTI having AS43792. a) They advertise google with invalid origin b) They advertise google with valid origin Maybe these come from some BGP optimization tool they run. A) is dropped by RPKI, B) is passed. But B) can be dropped by prefix-list filter or AS-PATH filter which doesn't allow Google ASN to exist in the AS_PATH. So I don't really need to check the prefix again, after it passed RPKI. AS_PATH check is equally strong. -- ++ytti _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/O5XX6BHOSMINX4HKT2SMVOI66SMYXFOR/
