Recently, in order to establish BGP Peers with some friends who are new to the field, I also taught them how to use AS-SET for filtering.
What is AS-SET
AS-SET is an object that can add ASN and AS-SET.
Usually used to filter routes exchanged through the BGP protocol. (such as BGP Peer Neighbor, Internet Exchange Route Server, etc.)
We usually query all Route Objects in this AS-SET through Whois and recursion.
For example, today we want to filter a certain BGP Peer through AS-STEVEYI.
First, query which ASN is in this AS-SET through whois, and then continue to query other AS-SETs in this AS-SET (here is AS-STEVEYI-C).
$ steveyiyo@steveyi-MBP ~ % whois -r AS-STEVEYI as-set: AS-STEVEYI descr: SteveYi Network Service members: AS17413 members: AS60614 members: AS141173 members: AS209557 remarks: --- DownStream --- members: AS-STEVEYI-C remarks: ---------- tech-c: YT1698-RIPE admin-c: YT1698-RIPE mnt-by: STEVEYI-MNT created: 2020-09-10T18:57:46Z last-modified: 2021-03-26T15:31:21Z source: RIPE
Then, we can query the corresponding Route Object record through RADB.
We can build the filter based on this rule!
First, I recommend a tool for building filters - bgpq3
It can generate filters for ASN or AS-SET, and supports many routing packages or routing systems!
# Can be installed directly through apt $ sudo apt install bgpq3
# Generate IPv4 prefix-list $ bgpq3 -4l AS-STEVEYI_v4 AS-STEVEYI -R 24 -m 24 # Generate IPv6 prefix-list $ bgpq3 -6l AS-STEVEYI_v6 AS-STEVEYI -R 48 -m 48
Then, we can create a
route-map to filter a certain BGP Peer
# vtysh config route-map AS-STEVEYI_v4 permit 5 match ip address prefix-list AS-STEVEYI_v4 set community 60614:100