nanog mailing list archives
Re: How long AS-PATH policies have you used
From: Saku Ytti via NANOG <nanog () lists nanog org>
Date: Sat, 7 Mar 2026 09:06:26 +0200
Thank you Jakob. This is exactly what I need, and indeed scaling will be terrific. Meaning, you can immediately prove it scales to the entire DFZ and has a margin. That is, if you change AS-SET prefix-list to AS-SET asn origin + synthesized you get configuration which will always commit, pathological AS-SET are an Internet problem, not a Me problem. While improving security, because non ROAd route objects will get their origin checked as well. On Sat, 7 Mar 2026 at 04:20, Jakob Heitz (jheitz) via NANOG <nanog () lists nanog org> wrote:
That was fixed in IOS-XR about 5 years ago.
Previously, we could only do it with as-path-set in route-policy.
as-path-set allows whole paths to be specified, so it's slow.
If all you want is to match on a single ASN, it can be done much faster using a tree lookup instead of linear.
So, I invented the as-set for route-policy configuration.
Here is a config sample:
as-set asset1
2914,
174,
3356
end-set
!
route-policy asd
if as-path originates-from asset1 then
pass
endif
end-policy
If that doesn't meet your needs, let me know.
Kind Regards,
Jakob Heitz
Date: Tue, 24 Feb 2026 20:15:00 +0200
From: Saku Ytti <saku () ytti fi>
For SROS, IOSXR 90k would be quite a ridiculous attempt, and it's
probably cheaper just to expand to a million lines of prefix-list,
since prefix-list scale is more tested than AS_PATH scale.
In SROS as-path-group can contain only 128 lines, so if you match a
single ASN per line, you'd need 700 terms just to check the origin,
unless you use regexp OR in the lines to put multiple origins per
line.
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/EAP7ZNT32OGAQM4PMTNQQE76DMTEWNMV/
-- ++ytti _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/Q263NVIISFQ4QYHVQUX4T42AH4Q4JZEA/
Current thread:
- Re: How long AS-PATH policies have you used Jakob Heitz (jheitz) via NANOG (Mar 06)
- Re: How long AS-PATH policies have you used Saku Ytti via NANOG (Mar 06)