And finally, an ip as-path access-list :
The ip as-path access-list is what the python code at
http://arneill-py.sacramento.ca.us/cbbc/asnblock.py.txt
generates.
It is not an example on how to write python, but it works. Needs
privilege 15 user, as it changes the router's configuration.
The code is adaptive : it reads the current ip as-path access-list,
delete what is no longer in the list, and add new entries.
Warning !
CPU usage can be quite high, especially the first time it runs. 100% CPU
for several minutes is to be expected.
Any change in the as-path access-list triggers a recompute of the entire
BGP table, one million entries times the number of full-feeds.
I run the Spamhaus script once a day in the middle of the night.
CPU utilization for five
seconds: 100%/1%; one minute: 99%; five minutes: 85%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
780 567549287 123908850 4580 94.68% 90.04% 75.57% 0 BGP Router
That's on a Cisco 4321; cheezy processor. Better hardware suffers less.
c4321-michel#guestshell
[guestshell@guestshell ~]$ lscpu
Architecture: x86_64
Thread(s) per core: 1 Core(s) per socket: 4
Vendor ID: GenuineIntel CPU family: 6
Model name: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
CPU MHz: 2400.059 L1d cache: 24K
L1i cache: 32K L2 cache: 1024K