About RIPE NCC | Contact  | Search | Sitemap    
Homepage RIPE NCC  
RIPE NCC Mail Archives
     
Next Sectionyou are here: home -> Mailing Lists
Mailing Lists:
RIPE NCC Navigation Ends
Link to NCC Lists Archive NCC Lists Archive
Link to RIPE Lists Archive RIPE Lists Archive
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Hierarchical AS-path acl generation?

  • From: Pekka Savola < >
  • Date: Mon, 28 Oct 2002 13:23:26 +0200 (EET)
Hello,

We're mainly interested in the AS-path access-list features of IRRToolSet.
However, I note that it doesn't seem to be able to define hierarchical 
as-path lists; this appears to be due to too simple RPSL syntax.

For example:

as-set:       AS8434:AS-CUSTOMERS
descr:        Utfors Bredband AB
members:      AS8434
members:      AS2865, AS-ALCOM, AS20574, AS-PORT
members:      AS20734, AS20691, AS21200, AS21171
members:      AS21297, AS-JIPPII, AS20513, AS24713
members:      AS13243, AS-LIDERO, AS15950, AS13212
members:      AS24819, AS24959

Which has e.g.:

as-set:       AS-PORT
descr:        Please use AS16150:AS-CUSTOMERS instead!
members:      AS16150:AS-CUSTOMERS

And:

as-set:       AS16150:AS-CUSTOMERS
descr:        Port80 and customer ASNs
members:      AS16150
members:      AS112

Now, RtConfig gives like:

#@localhost aspath_access_list filter <^AS8434:AS-CUSTOMERS$>
!
no ip as-path access-list  1
ip as-path access-list 1 permit ^_(112|719|790|1234|1248|2129|2865|3238|3274|3327|5469|5487|6667|8434|8812|12712|12917|13189|13212|13243|13276|15424|15501|15893|15950|16023|16051|16117|16150|16259|20513|20542|20569|20574|20691|20734|20774)$
ip as-path access-list 1 permit ^_(20904|21171|21200|21297|21348|21490|21856|24713|24714|24809|24819|24959|25033|25037)$

The important piece of this is:

(112|...|16150)

What I'd like to be able to do is accomplish the following kind of output:

(...|16150 (112)?|...)

(Well actually like '16150+ (112+)?' but that's not the point)

So that "customers" would always become behind the transit AS.

It appears that this is impossible due to the RPSL syntax: with AS-PORT I 
believe there is no way to specify this is a new "branch" and this AS 
should be used to add more "leafs" to the AS-path tree.

One way to work around this restriction might be to integrate information
gained from ASxxxx (export/import gives you the "transit" AS) and AS-yyyy
(the policy)

Ok, after all the rambling I'd like to ask a few questions:

 1) have others experienced this problem as well, and how have you worked 
around it (you could always use prefix lists, but in the as-path list 
context)?

 2) has there been an effort to try enhancing the language to define the 
policy?

 3) can this be worked around in IRRToolSet (doubtful)?

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE NCC | Service Announcements | Site Map | LIR Portal | About RIPE | Contact | Legal | © RIPE NCC. All rights reserved.
RIPE NCC Homepage Go to the RIPE NCC LIRPortal Go to the RIPE Community pages