On Mon, Aug 17, 2009 at 03:37:07PM -0600, randal k wrote: > Yep, we started seeing this right around 12:20pm MST. We saw it from a > customer's rapidly-flapping BGP peer. We told them to configure bgp > maxas-limit, but apparently CRS1s don't have that command. > > Anybody have a handy route-map that will deny anything with a as-path > longer than say 15-20? ;-) Been a while since I had to throw this on cisco, but I since it lacks sane repeat constraint, you have to either choose to iterate over your acceptable space or deny on the longer-than-acceptable. For the latter, ^[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_([0-9]+_)+ clobbers 15 ASNs and longer.
-- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE