add bogon ASNs from NTT initiative

personal-filters/fischa/README.rst

@@ -40,13 +40,13 @@ Verify config and apply::
     commit check
     commit and-quit
 
-Now you can use the filter at the beginning of your policy chain either below the peergroup or neighbor::
+Now you can use the filter at the beginning of your policy chain either below the peergroup or neighbor (don't forget to add reject-bad-as-path as well)::
 
     configure
     edit protocols bgp group $some_peergroup neighbor $some_neighbor
-    set import [ reject-bad-routes-v4 $some_policy $some_other_policy ]
+    set import [ reject-bad-routes-v4 reject-bad-as-path $some_policy $some_other_policy ]
 
     edit protocols bgp group $some_peergroup
-    set import [ reject-bad-routes-v4 $some_policy $some_other_policy ]
+    set import [ reject-bad-routes-v4 reject-bad-as-path $some_policy $some_other_policy ]
 
 NOTE: Remember to check if you got the right policy for IPv4 or IPv6 applied. Otherwise it won't work.

personal-filters/fischa/reject-bad-routes-v4

@@ -43,6 +43,33 @@ policy-options {
     prefix-list ixp-lans-v4 {
         80.81.192.0/22;
     }
+    /* see http://as2914.net/bogon_asns/configuration_examples.txt */
+    as-path-group bogon-asns {
+        /* RFC7607 */
+        as-path zero ".* 0 .*";
+        /* RFC 4893 AS_TRANS */
+        as-path as_trans ".* 23456 .*";
+        /* RFC 5398 and documentation/example ASNs */
+        as-path examples1 ".* [64496-64511] .*";
+        as-path examples2 ".* [65536-65551] .*";
+        /* RFC 6996 Private ASNs*/
+        as-path reserved1 ".* [64512-65534] .*";
+        as-path reserved2 ".* [4200000000-4294967294] .*";
+        /* RFC 6996 Last 32 and 64 bit ASNs */
+        as-path last32 ".* 65535 .*";
+        as-path last64 ".* 4294967295 .*";
+        /* RFC IANA reserved ASNs*/
+        as-path iana-reserved ".* [65552-131071] .*";
+    }
+    policy-statement reject-bad-as-path {
+        term bogon-asns {
+            from as-path-group bogon-asns;
+            then {
+                trace;
+                reject;
+            }
+        }
+    }
     policy-statement reject-bad-routes-v4 {
         term reject-default-route {
             from {

personal-filters/fischa/reject-bad-routes-v6

@@ -37,6 +37,33 @@ policy-options {
     prefix-list ixp-lans-v6 {
         2001:7f8::/64;
     }
+    /* see http://as2914.net/bogon_asns/configuration_examples.txt */
+    as-path-group bogon-asns {
+        /* RFC7607 */
+        as-path zero ".* 0 .*";
+        /* RFC 4893 AS_TRANS */
+        as-path as_trans ".* 23456 .*";
+        /* RFC 5398 and documentation/example ASNs */
+        as-path examples1 ".* [64496-64511] .*";
+        as-path examples2 ".* [65536-65551] .*";
+        /* RFC 6996 Private ASNs*/
+        as-path reserved1 ".* [64512-65534] .*";
+        as-path reserved2 ".* [4200000000-4294967294] .*";
+        /* RFC 6996 Last 32 and 64 bit ASNs */
+        as-path last32 ".* 65535 .*";
+        as-path last64 ".* 4294967295 .*";
+        /* RFC IANA reserved ASNs*/
+        as-path iana-reserved ".* [65552-131071] .*";
+    }
+    policy-statement reject-bad-as-path {
+        term bogon-asns {
+            from as-path-group bogon-asns;
+            then {
+                trace;
+                reject;
+            }
+        }
+    }
     policy-statement reject-bad-routes-v6 {
         term reject-default-route {
             from {