Closed job closed 4 years ago
I tested the code, works well for YYCIX!
allow quick from 2001:504:2f::852:1 AS { 174, 209, 286, 577, 701, 1239, 1299, 2828, 2914, 3257, 3320, 3356, 3549, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set { localpref 1 community delete NO_ADVERTISE ext-community delete $INTCOMM_PREF_OK_ROA ext-community delete $INTCOMM_ROUTE_OK_WL ext-community delete $INTCOMM_PREF_OK_ARINDB ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB ext-community delete $INTCOMM_ORIGIN_OK ext-community delete $INTCOMM_ORIGIN_KO ext-community delete $INTCOMM_PREFIX_OK ext-community delete $INTCOMM_PREFIX_KO ext-community delete $INTCOMM_IRR_REJECT ext-community delete $INTCOMM_RPKI_UNKNOWN ext-community delete $INTCOMM_RPKI_INVALID ext-community delete $INTCOMM_RPKI_VALID ext-community delete $INTCOMM_NO_EXPORT ext-community delete $INTCOMM_NO_ADVERTISE large-community 53339:9:0 large-community 53339:9:8}
Since a few days PeeringDB has a special flag
info_never_via_route_servers
that network operators can use to indicate that any route announcements containing their ASN anywhere in theAS_PATH
propagated via route servers, should be rejected.PeeringDB feature description: https://github.com/peeringdb/peeringdb/issues/394
Example of an ASN that marked itself as 'never via route servers' https://www.peeringdb.com/api/net?asn=2914
All ASNs that marked themselves as
info_never_via_route_servers = True
should be added to thecfg.filtering.transit_free
configuration leaf.Arouteserver should honor this flag by default