Block list of AS`s (BGP)

Hi
Pleas help me with my isue.
I need to block list from 150 AS`s. How can i do it.

Hi @Opacha
You can configure the community-list:
https://docs.vyos.io/en/latest/configuration/policy/community-list.html#bgp-community-list

Use the as-path-list policy together with a route-map denying the ASNs that match your regex.

policy {
    as-path-list BLOCK-ASNS {
        rule 10 {
            action permit
            description "IANA reserved"
            regex _6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_
        }
    }
    route-map BGP-BLOCK-ASNS-IN-v4 {
        rule 10 {
            action deny
            match {
                as-path BLOCK-ASNS
            }
        }
    }
}

protocols {
    bgp 65000 {
        neighbor 192.0.2.1 {
            description "Peering1"
            remote-as 65001
            address-family {
                ipv4-unicast {
                    route-map {
                        import BGP-BLOCK-ASNS-IN-v4
                    }
                }
            }
        }
	}
}

1 Like

I suggest you subscribe (free) to the CYMRU bogons filter lists The Bogon Reference - Team Cymru I receive 1468 prefixes we dump to null including all of the iana reserved and they keep up on bad actors. IPv4 and IPv6

I’ve been using CYMRU for a long time. I just used the IANA reserved prefixes as an example to demonstrate how to use as-path-list.