Skip to content

Build regexes from as-numbers for BGP filtering on Brocade Netiron or compatible (Cisco) platforms.

Notifications You must be signed in to change notification settings

ipcjk/asnbuilder

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

this tool will download the assigned as-numbers from the IANA-website
and will generate as-path-lists for

brocade mlxe, mlx, cer or comparable routers.

these lists will / can block NIC regions by as-numbers,
doing like this, will save FIB-entries of your routers any may help you
survice the 512K or 768K router limits in future.

attention: you will need to install a default route to reach the
blocked regions. either install a route manually or ask your uplink
providers to announce bgp default routes to your router.

This list shall match as second of the last rules, after accepting the
default route, the ASN of your uplink and  the AS-numbers you may want
to reach with specific preferences or you may risk blocking your uplink
or connectivity.

Include the list inside a route-map second to the last

# Block e.g. APNIC
route-map uplink-in deny 50
match as-path region-summary

# Accept all other routes (e.g. ARIN, RIPE)
route-map uplink-in permit 50
set local-preference 90

Another example, generate and match a custom ASN "blacklist" from file:

asnbuilder -custom customASN.txt  -region custom  -acltitle saveFIB > saveTheFIB.txt

route-map uplink-in deny 5
match as-path saveFIB

# Build
go build main.go

# Options and params
./main -help
Usage of ./main:
  -acltitle string
    	Title for generated as-path list (default "region-summary")
  -permitOrDeny int
    	Deny = 0, Permit = 1 (default 1)
  -region string
    	Comma separated list with region for generated prefix
  -summary
    	Print summary of downloaded lists only

# Run example
./main -region "APNIC"
ip as-path access-list region-summary permit _13107[2-9]|_1310[8-9][0-9]|_131[1-9][0-9][0-9]|_1320[0-8][0-9]|_13209[0-5]$
ip as-path access-list region-summary permit _13209[6-9]|_132[1-9][0-9][0-9]|_1330[0-9][0-9]|_1331[0-1][0-9]$
ip as-path access-list region-summary permit _1331[2-9][0-9]|_133[2-5][0-9][0-9]|_1336[0-2][0-9]|_13363[0-1]$
ip as-path access-list region-summary permit _13363[2-9]|_1336[4-9][0-9]|_133[7-9][0-9][0-9]|_134[0-4][0-9][0-9]|_1345[0-4][0-9]|_13455[0-6]$
ip as-path access-list region-summary permit _13455[7-9]|_1345[6-9][0-9]|_134[6-9][0-9][0-9]|_135[0-4][0-9][0-9]|_1355[0-7][0-9]|_135580$
ip as-path access-list region-summary permit _13558[1-9]|_13559[0-9]|_135[6-9][0-9][0-9]|_136[0-4][0-9][0-9]|_13650[0-5]$
ip as-path access-list region-summary permit _13650[6-9]|_1365[1-9][0-9]|_136[6-9][0-9][0-9]|_137[0-4][0-9][0-9]|_1375[0-2][0-9]$
ip as-path access-list region-summary permit _173$
ip as-path access-list region-summary permit _681$
ip as-path access-list region-summary permit _1221$
ip as-path access-list region-summary permit _1233$
ip as-path access-list region-summary permit _1237$
ip as-path access-list region-summary permit _1250$
ip as-path access-list region-summary permit _1659$
ip as-path access-list region-summary permit _1704$
ip as-path access-list region-summary permit _176[8-9]$
ip as-path access-list region-summary permit _1781$
ip as-path access-list region-summary permit _1851$
ip as-path access-list region-summary permit _2042$
ip as-path access-list region-summary permit _2144$
ip as-path access-list region-summary permit _2385$
ip as-path access-list region-summary permit _249[7-9]|_25[0-1][0-9]|_252[0-8]$
ip as-path access-list region-summary permit _2537$
ip as-path access-list region-summary permit _2554$
ip as-path access-list region-summary permit _2563$
ip as-path access-list region-summary permit _2569|_2570$
ip as-path access-list region-summary permit _2697$
ip as-path access-list region-summary permit _2706$
ip as-path access-list region-summary permit _2713$
ip as-path access-list region-summary permit _2756$
ip as-path access-list region-summary permit _2764$
ip as-path access-list region-summary permit _2772$
ip as-path access-list region-summary permit _2823$
ip as-path access-list region-summary permit _2907$
ip as-path access-list region-summary permit _2915$
ip as-path access-list region-summary permit _292[5-6]$
ip as-path access-list region-summary permit _3357$
ip as-path access-list region-summary permit _3363$
ip as-path access-list region-summary permit _3382$
ip as-path access-list region-summary permit _3391$
ip as-path access-list region-summary permit _3395$
ip as-path access-list region-summary permit _3460$
ip as-path access-list region-summary permit _3462$
ip as-path access-list region-summary permit _3488$
ip as-path access-list region-summary permit _3510$
ip as-path access-list region-summary permit _3550$
ip as-path access-list region-summary permit _355[8-9]$
ip as-path access-list region-summary permit _3583$
ip as-path access-list region-summary permit _3605$
ip as-path access-list region-summary permit _3608$
ip as-path access-list region-summary permit _366[1-2]$
ip as-path access-list region-summary permit _3689|_369[0-3]$
ip as-path access-list region-summary permit _3711$
ip as-path access-list region-summary permit _3717$
ip as-path access-list region-summary permit _374[7-8]$
ip as-path access-list region-summary permit _375[7-8]$
ip as-path access-list region-summary permit _3773$
ip as-path access-list region-summary permit _3775$
ip as-path access-list region-summary permit _3784$
ip as-path access-list region-summary permit _378[6-7]$
ip as-path access-list region-summary permit _3813$
ip as-path access-list region-summary permit _3825$
ip as-path access-list region-summary permit _3836$
ip as-path access-list region-summary permit _3839|_3840$
ip as-path access-list region-summary permit _3929$
ip as-path access-list region-summary permit _3969$
ip as-path access-list region-summary permit _3976$
ip as-path access-list region-summary permit _4007$
ip as-path access-list region-summary permit _4040$
ip as-path access-list region-summary permit _4049$
ip as-path access-list region-summary permit _4058$
ip as-path access-list region-summary permit _4060$
ip as-path access-list region-summary permit _4134$
ip as-path access-list region-summary permit _4142$
ip as-path access-list region-summary permit _4158$
ip as-path access-list region-summary permit _417[4-5]$
ip as-path access-list region-summary permit _4197$
ip as-path access-list region-summary permit _4202$
ip as-path access-list region-summary permit _4251$
ip as-path access-list region-summary permit _4274$
ip as-path access-list region-summary permit _4352$
ip as-path access-list region-summary permit _438[1-2]$
ip as-path access-list region-summary permit _4431$
ip as-path access-list region-summary permit _443[3-4]$
ip as-path access-list region-summary permit _4515$
ip as-path access-list region-summary permit _4528$
ip as-path access-list region-summary permit _4538$
ip as-path access-list region-summary permit _4594$
ip as-path access-list region-summary permit _4605$
ip as-path access-list region-summary permit _460[8-9]|_46[1-9][0-9]|_47[0-9][0-9]|_48[0-5][0-9]|_486[0-5]$
ip as-path access-list region-summary permit _4961$
ip as-path access-list region-summary permit _501[7-8]$
ip as-path access-list region-summary permit _5051$
ip as-path access-list region-summary permit _5085$
ip as-path access-list region-summary permit _5087$
ip as-path access-list region-summary permit _5709$
ip as-path access-list region-summary permit _6068$
ip as-path access-list region-summary permit _6163$
ip as-path access-list region-summary permit _6262$
ip as-path access-list region-summary permit _6619$
ip as-path access-list region-summary permit _6648$
ip as-path access-list region-summary permit _7131$
ip as-path access-list region-summary permit _7175$
ip as-path access-list region-summary permit _746[7-9]|_74[7-9][0-9]|_7[5-6][0-9][0-9]|_77[0-1][0-9]|_772[0-2]$
ip as-path access-list region-summary permit _7855$
ip as-path access-list region-summary permit _7901$
ip as-path access-list region-summary permit _921[6-9]|_92[2-9][0-9]|_9[3-9][0-9][0-9]|_10[0-1][0-9][0-9]|_102[0-3][0-9]$
ip as-path access-list region-summary permit _10807$
ip as-path access-list region-summary permit _11467$
ip as-path access-list region-summary permit _1740[8-9]|_174[1-9][0-9]|_17[5-9][0-9][0-9]|_18[0-3][0-9][0-9]|_184[0-2][0-9]|_1843[0-1]$
ip as-path access-list region-summary permit _19705$
ip as-path access-list region-summary permit _2355[2-9]|_235[6-9][0-9]|_23[6-9][0-9][0-9]|_24[0-4][0-9][0-9]|_245[0-6][0-9]|_2457[0-5]$
ip as-path access-list region-summary permit _3788[8-9]|_3789[0-9]|_379[0-9][0-9]|_38[0-8][0-9][0-9]|_3890[0-9]|_3891[0-1]$
ip as-path access-list region-summary permit _4505[6-9]|_450[6-9][0-9]|_45[1-9][0-9][0-9]|_460[0-7][0-9]$
ip as-path access-list region-summary permit _5529[6-9]|_55[3-9][0-9][0-9]|_56[0-2][0-9][0-9]|_563[0-1][0-9]$
ip as-path access-list region-summary permit _5836[8-9]|_583[7-9][0-9]|_58[4-9][0-9][0-9]|_59[0-2][0-9][0-9]|_593[0-8][0-9]|_5939[0-1]$
ip as-path access-list region-summary permit _6348[8-9]|_6349[0-9]|_63[5-9][0-9][0-9]$
ip as-path access-list region-summary permit _640[0-8][0-9]|_6409[0-8]$
ip as-path access-list region-summary permit _6429[7-9]|_643[0-8][0-9]|_6439[0-5]$

About

Build regexes from as-numbers for BGP filtering on Brocade Netiron or compatible (Cisco) platforms.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published