Merge pull request #81 from jof/vyos-no-transit-leaks

No Transit Leaks: Add a VyOS example
NLNOG · Nov 1, 2024 · 2364903 · 2364903
2 parents f1f57f9 + 2f9277b
commit 2364903
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/guides/no_transit_leaks.md b/guides/no_transit_leaks.md
@@ -124,6 +124,16 @@ deny from $IXP transit-as {174,701,1299,2914,3257,3320,3356,3491,4134,5511,6453,
 bgp as-path access-list peerings deny .* (174|701|1299|2914|3257|3320|3356|3491|4134|5511|6453|6461|6762|6830|7018) .*
 ```
 
+## VyOS
+```
+set policy as-path-list TRANSIT-ASNS rule 10 action 'permit'
+set policy as-path-list TRANSIT-ASNS rule 10 description 'Well-known transit ASNs'
+set policy as-path-list TRANSIT-ASNS rule 10 regex '.* (174|701|1299|2914|3257|3320|3356|3491|4134|5511|6453|6461|6762|6830|7018) .*'
+
+set policy route-map PEERING-IN rule 20 action 'deny'
+set policy route-map PEERING-IN rule 20 match as-path 'TRANSIT-ASNS'
+```
+
 ## Nokia SR OS
 
 ```