I've always gotten plenty of mileage out of as-path regexes on Junos. Usually don't ever need to be more than 4 long.
On Mon, Feb 23, 2026 at 11:52 AM Saku Ytti via NANOG <[email protected]> wrote: > We've had problems in various NOS in generating large prefix-lists. In > absolute configuration size, as well as prefix-set sizes. > > I'd like to hear about operational experiences, how long AS-PATH > policies people have successfully run and in which NOS. > > > I am not interested in exact AS_PATH contents, I am only interested > that it contains a named set of AS numbers, in any order and any > repetition. In Junos speak ^[1 42 500 1212]*$ > > How many ASN can I iterate, before I become market leading and have to > work with vendors to fix bugs? > > > > The interest is because of RPKI we could get rid of prefix-lists, but > we might still want to verify AS_PATH. Consider AS-YTTI having > AS43792. > > a) They advertise google with invalid origin > b) They advertise google with valid origin > > Maybe these come from some BGP optimization tool they run. A) is > dropped by RPKI, B) is passed. > But B) can be dropped by prefix-list filter or AS-PATH filter which > doesn't allow Google ASN to exist in the AS_PATH. > > So I don't really need to check the prefix again, after it passed > RPKI. AS_PATH check is equally strong. > > -- > ++ytti > _______________________________________________ > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/O5XX6BHOSMINX4HKT2SMVOI66SMYXFOR/ > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/IBCN6PRJZMA3VEABH6SICCQF5GHPPLCP/
