Add README, list aggregation, explicit reject (Juniper)

README.md

@@ -0,0 +1,69 @@
+# filterlist
+
+filterlist is a shell script that generates filter lists for BGP peering
+sessions. Information is gathered by either AS or AS-SET as returned from RADb.
+You may select any whois server that you want, however AS-SET resolution is
+always performed against *whois.radb.net*
+
+**Features:**
+* IPv4 and IPv6 Support
+* AS-SET resolution
+* De-duplication of prefixes
+* Prefix aggregation if the [aggregate](http://freecode.com/projects/aggregate/) command is available
+* Name your filter list
+* Auto-generate part of the filter list name based on the ASN / AS-SET
+
+**Supported filter types:**
+* brocade
+* cisco
+* force10
+* juniper
+* quagga
+* redback
+
+
+## Usage
+
+```bash
+Usage: ./filter.sh [OPTS] AS-SET
+    -t | --type [ juniper | cisco | brocade | force10 | redback | quagga ]
+    -n | --name [ Filter Name ]
+    -g | --gen
+    -a | --aggregate [ Max Len ]
+    -h | --host [ WHOIS server ]
+         --ipv4
+         --ipv6
+```
+
+
+### Examples
+
+**Generate a Cisco IPv4 filter list for AS2**
+```bash
+$ ./filter.sh --type cisco --ipv4 2
+ip prefix-list filter 10 permit 1.1.2.0/24
+ip prefix-list filter 20 permit 2.0.0.0/16
+ip prefix-list filter 30 permit 64.62.96.0/24
+ip prefix-list filter 40 permit 201.62.50.0/24
+ip prefix-list filter 50 permit 201.62.51.0/24
+ip prefix-list filter 60 permit 201.71.32.0/24
+ip prefix-list filter 70 permit 201.71.33.0/24
+ip prefix-list filter 80 permit 201.71.34.0/24
+ip prefix-list filter 90 permit 201.71.35.0/24
+ip prefix-list filter 100 permit 205.143.159.0/24
+```
+
+**Generate an Aggregated IPv4 filter list for AS2**
+```bash
+$ ./filter.sh --type juniper -a 24 --ipv4 AS2
+set policy-options policy-statement filter term auto-generated from protocol bgp
+set policy-options policy-statement filter term auto-generated from route-filter 1.1.2.0/24 upto /24
+set policy-options policy-statement filter term auto-generated from route-filter 2.0.0.0/16 upto /24
+set policy-options policy-statement filter term auto-generated from route-filter 64.62.96.0/24 upto /24
+set policy-options policy-statement filter term auto-generated from route-filter 201.62.50.0/23 upto /24
+set policy-options policy-statement filter term auto-generated from route-filter 201.71.32.0/22 upto /24
+set policy-options policy-statement filter term auto-generated from route-filter 205.143.159.0/24 upto /24
+set policy-options policy-statement filter term auto-generated then accept
+set policy-options policy-statement filter then reject
+```
+

filter.sh

@@ -25,13 +25,20 @@ usage()
 	echo "Usage: $0 [OPTS] AS-SET"
 	echo "    -t | --type [ juniper | cisco | brocade | force10 | redback | quagga ]"
 	echo "    -n | --name [ Filter Name ]"
+	echo "    -g | --gen"
+	echo "    -a | --aggregate [ Max Len ]"
 	echo "    -h | --host [ WHOIS server ]"
 	echo "         --ipv4"
 	echo "         --ipv6"
 }
 
 # Initialise some variables, to make it safe to use
 FILTERNAME="filter"
+FILTERNAMEGEN=0
+AGGREGATE=0
+AGGREGATELEN=24
+ROUTE_FILTER_MATCH="exact"
+TERMNAME="auto-generated"
 INC=10
 IP_LIST=""
 WHOISSERVER="whois.radb.net"
@@ -48,6 +55,15 @@ while [[ $1 = -* ]]; do
 			FILTERNAME="$2"
 			shift 2
 			;;
+		-g|--gen)
+			FILTERNAMEGEN=1
+			shift
+			;;
+		-a|--aggregate)
+			AGGREGATE=1
+			AGGREGATELEN="$2"
+			shift 2
+			;;
 		-h|--host)
 			WHOISSERVER="$2"
 			shift 2
@@ -81,6 +97,11 @@ fi
 # Do we have an AS-SET or an ASN?
 IS_SET=$(echo $1 | cut -c3 | grep -)
 
+if [[ 1 == $FILTERNAMEGEN ]]
+then
+	FILTERNAME="${1}-${FILTERNAME}"
+fi
+
 # If we've got an AS-SET, use the handy !i and ,1 commands on RADB
 if [[ "-" == "$IS_SET" ]]
 then
@@ -106,18 +127,34 @@ done
 # Remove duplicate routes
 IP_LIST=$(printf "%s\n" $IP_LIST_UNSORTED | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq)
 
+# Perform aggregation if requested and available
+if [[ 1 -eq $AGGREGATE ]]
+then
+	AGGREGATE=$(which aggregate)
+	if [[ -n "$AGGREGATE" ]]
+	then
+		IP_LIST=$(printf "%s\n" $IP_LIST | $AGGREGATE -q -m $AGGREGATELEN)
+		ROUTE_FILTER_MATCH="upto /$AGGREGATELEN"
+	fi
+fi
+
 # If we're on Force10 or Redback (which uses similar syntax), create the prefix-list
 if [[ "$TYPE" == "force10" || "$TYPE" == "redback" ]]
 then
 	echo "ip prefix-list $FILTERNAME"
 fi
 
+if [[ "$TYPE" == "juniper" ]]
+then
+	echo "set policy-options policy-statement $FILTERNAME term $TERMNAME from protocol bgp"
+fi
+
 # Format the output nicely
 for i in $IP_LIST
 do
 	case "$TYPE" in
 		juniper)
-			echo "set policy-options policy-statement $FILTERNAME term auto-generated from route-filter $i exact"
+			echo "set policy-options policy-statement $FILTERNAME term $TERMNAME from route-filter $i $ROUTE_FILTER_MATCH"
 			;;
 		cisco)
 			if [[ "$IP_VERSION" == "4" ]]
@@ -161,6 +198,7 @@ done
 # Tell the Juniper router to accept those prefixes
 if [[ "$TYPE" == "juniper" ]]
 then
-	echo "set policy-options policy-statement $FILTERNAME term auto-generated then accept"
+	echo "set policy-options policy-statement $FILTERNAME term $TERMNAME then accept"
+	echo "set policy-options policy-statement $FILTERNAME then reject"
 fi