I would like to ask about blocking multiple asn without filtering each time.

Currently, I have BGP connection with multiple ISPs, each ISP will announce other ISPs' asn. My problem is that I don't want some asn.

Currently, I block like this, I will do this every time there is an unwanted asn.

rule="if (bgp-as-path XXXXX) {reject;}"

But what I want is, is there a Filter or something? To block in a single rule, but multiple asn.

(For example, blocking with address-list in firewall) Can filter in bgp do something like this? Like (asn-list) something like this.

I work in ISP (Internet Service Provider).

Sorry if my English is not good.

Thank you all for helping me this time.

You may use like this: for the num-list range you may use a not single, but a range of ASNs:

You may use

Code: Select all

/routing/filter/num-list

like this:

Code: Select all

/routing filter num-list
add comment=disabled=no list=BAD-AS range=200993
add comment=disabled=no list=BAD-AS range=200994

/routing filter rule
add chain=some_chain disabled=no rule="if (bgp-as-path [[:BAD-AS:]]) {reject}

for the num-list range you may use a not single, but a range of ASNs:

Code: Select all

add comment="RFC 6996" disabled=no list=BOGON-AS range=4200000000-4294967294

Thankyou somuch i will try it

rule="if (bgp-as-path XXXXX) {reject;}"

rule="if (bgp-as-path XXXXX || bgp-as-path AAAA || bgp-as-path BBBB || bgp-as-path CCCC) {reject;};"
Or as others suggested, numbered lists.

rule="if (bgp-as-path XXXXX) {reject;}"

rule="if (bgp-as-path XXXXX || bgp-as-path AAAA || bgp-as-path BBBB || bgp-as-path CCCC) {reject;};"
Or as others suggested, numbered lists.

Thankyou Somuch this is work Perfect !!

This is work for me check status route is filtered Perfect thankyou all