How do I stop a confedera ...
    26 December 07

    How do I stop a confederation from being used as transit?

    Posted byBrian McGahan

    Suppose we have the following scenario:


    R1 is AS 100
    R2, R3, R4 are AS 200
    R5 is AS 300

    R2, R3, R4 are confederated, with sub as's 65002, 65003, and 65004 respectively. They are also originating prefixes A, B, & C respectively. If AS 200 does not want to be transit, we must only advertise out prefixes originated in these three sub AS's.

    From R2's perspective, we see the following prefixes, and the following AS-Path's:

    A - EMPTY
    B - (65003)
    C - (65003,65004)

    From R4's perspective, we see the following prefixes, and the following AS-Path's:

    A - (65002,65003)
    B - (65003)
    C - EMPTY

    Now we must consider how to match all of these cases in a single line. Remember that parentheses are special characters within the as-path list.

    Our minimum case to match would be:


    This is our empty AS-PATH, which is prefixes locally originated in our sub-as.

    Our maximum case to match would be:


    where X is any number of AS's, or a comma. Remember that we need to escape the parens.

    To satisfy our condition of X, we should be matching 1 or more instance of any character, which equates to:


    Therefore our maximum case is now:


    However, we must match the minimum case at the same time. Therefore, our current expression \(.+\) is either true or false. True or false (0 or 1 instance) is covered by the expression ?.

    Therefore, our final regular expression will read:



    Advertise only prefixes which match this expression outbound on your border routers, and your confederated AS's will not be transit.

    Hey! Don’t miss anything - subscribe to our newsletter!

    © 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo