How do I stop a confederation from being used as transit?
Suppose we have the following scenario:
R1 is AS 100
R2, R3, R4 are AS 200
R5 is AS 300
R2, R3, R4 are confederated, with sub as's 65002, 65003, and 65004 respectively. They are also originating prefixes A, B, & C respectively. If AS 200 does not want to be transit, we must only advertise out prefixes originated in these three sub AS's.
From R2's perspective, we see the following prefixes, and the following AS-Path's:
A - EMPTY
B - (65003)
C - (65003,65004)
From R4's perspective, we see the following prefixes, and the following AS-Path's:
A - (65002,65003)
B - (65003)
C - EMPTY
Now we must consider how to match all of these cases in a single line. Remember that parentheses are special characters within the as-path list.
Our minimum case to match would be:
This is our empty AS-PATH, which is prefixes locally originated in our sub-as.
Our maximum case to match would be:
where X is any number of AS's, or a comma. Remember that we need to escape the parens.
To satisfy our condition of X, we should be matching 1 or more instance of any character, which equates to:
Therefore our maximum case is now:
However, we must match the minimum case at the same time. Therefore, our current expression \(.+\) is either true or false. True or false (0 or 1 instance) is covered by the expression ?.
Therefore, our final regular expression will read:
Advertise only prefixes which match this expression outbound on your border routers, and your confederated AS's will not be transit.