Skip to content
/ peerlock Public

Proof of Concept to help generate AS_PATH filters

32 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

job/peerlock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
example_output
example_output
 
 
README
README
 
 
make.sh
make.sh
 
 
peerlock.py
peerlock.py
 
 
template-email.txt
template-email.txt
 
 
template-pdf.txt
template-pdf.txt
 
 

Repository files navigation

PEERLOCK DOCUMENTATION
======================

This repository contains the templates that NTT uses to generate
information packs about BGP Peerlock

https://peerlock.net/

PEERLOCK PROOF OF CONCEPT SCRIPT
================================

NANOG: https://archive.nanog.org/meetings/abstract?id=2860

Example docs: https://instituut.net/~job/peerlock_manual.pdf

You'll need to connect this to your database and evaluate if the constraints
make sense for you.

--------

$ ./peerlock.py -J

INFO: generating towards vendor JunOS
OK: constraint 3: rule 1: protected_asn 174 connects in rtr_north_america, rtr_europe
OK: constraint 3: rule 2: protected_asn 1299 connects in rtr_north_america, rtr_europe
OK: constraint 3: rule 3: protected_asn 3356 connects in rtr_north_america, rtr_asia, rtr_europe
ERROR: constraint 3: in filter rule 4: protected_asn 7018 is not connected in enough regions.
OK: constraint 1: rule 5: allowed_upstream 3356 connects in enough regions: rtr_north_america, rtr_asia, rtr_europe
OK: constraint 1: rule 6: allowed_upstream 1299 connects in enough regions: rtr_north_america, rtr_europe
OK: constraint 1: rule 7: allowed_upstream 3356 connects in enough regions: rtr_north_america, rtr_asia, rtr_europe
OK: constraint 3: rule 8: protected_asn 2914 connects in rtr_north_america, rtr_asia, rtr_europe, rtr_south_america
OK: constraint 1: rule 9: allowed_upstream 2914 connects in enough regions: rtr_north_america, rtr_asia, rtr_europe, rtr_south_america
OK: constraint 4: rule 9: allowed_upstream 2914 connects in europe

INFO: tested all rules, router configs will follow:

router: rtr_north_america
  policy-options {
    as-path lock-AS101-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS102-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS103-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS104-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS202-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS500-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS174-in ".* (1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS1299-in ".* (174|2914|3356|3491|7018) .*";
    as-path lock-AS3356-in ".* (174|1299|2914|7018) .*";
    as-path lock-AS3549-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS6762-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS7018-in ".* (174|1299|2914|3356|3491|6830) .*";
    as-path lock-AS3491-in ".* (174|1299|2914|3356|6830|7018) .*";
    as-path lock-AS6830-in ".* (174|1299|2914|3356|3491|7018) .*";
    as-path lock-AS1239-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS2914-in ".* (174|1299|3356|3491|6830|7018) .*";
  }

router: rtr_asia
  policy-options {
    as-path lock-AS101-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS102-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS104-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS201-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS700-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS3356-in ".* (174|1299|2914|7018) .*";
    as-path lock-AS6762-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS3491-in ".* (174|1299|2914|3356|6830|7018) .*";
    as-path lock-AS38561-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS1239-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS2914-in ".* (174|1299|3356|3491|6830|7018) .*";
  }

router: rtr_europe
  policy-options {
    as-path lock-AS101-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS102-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS103-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS201-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS600-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS174-in ".* (1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS1299-in ".* (174|2914|3356|3491|7018|65000) .*";
    as-path lock-AS2914-in ".* (174|1299|3356|3491|6830|7018) .*";
    as-path lock-AS3356-in ".* (174|1299|2914|7018|65000) .*";
    as-path lock-AS3549-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS6762-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS3491-in ".* (174|1299|2914|3356|6830|7018|65000) .*";
    as-path lock-AS6830-in ".* (174|1299|2914|3356|3491|7018|65000) .*";
    as-path lock-AS1239-in ".* (174|1299|2914|3356|3491|6830|7018|65000) .*";
    as-path lock-AS65000-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
  }

router: rtr_south_america
  policy-options {
    as-path lock-AS101-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS800-in ".* (174|1299|2914|3356|3491|6830|7018) .*";
    as-path lock-AS2914-in ".* (174|1299|3356|3491|6830|7018) .*";
  }

About

Proof of Concept to help generate AS_PATH filters

Resources

Readme
Activity

Stars

32 stars

Watchers

6 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages