BGP regex for partial routes

Unanswered Question
Aug 28th, 2008
User Badges:

We only want to accept partial routes from a provider (AS 2828).

I can do _2828$ for all routes originated from the provider.


What can I do to also accept routes from the provider's directly connected customers?

How would you go about writing the regex for that?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 08/28/2008 - 10:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kevin,

you want to accept ^2828$ different from _2828$ for routes of AS 2828 if there is a direct eBGP session

and ^2828_pattern$


where pattern is : made of decimal digits and 1 to 5 digits without spaces in the middle

first digit is never 0 additional digits if any can be 0-9.

[1-9]([0-9])+

so the reg exp can be:

^2828_[1-9]([0-9])+$


to keep it simple

^2828_([0-9])+$


is a better choice

+ means 1 or more occurrences of what inside () [0-9] is a range of decimal digits


this is compact but doesn't allow control on what is received.


Hope to help

Giuseppe



paarlberg Fri, 08/29/2008 - 15:30
User Badges:

Here is what we use. It does a great job.


First, you need as-path access-lists, like such:


ip as-path access-list 21 permit ^[0-9]+$

ip as-path access-list 22 permit ^[0-9]+$

ip as-path access-list 22 permit ^[0-9]+_[0-9]+$

ip as-path access-list 23 permit ^[0-9]+$

ip as-path access-list 23 permit ^[0-9]+_[0-9]+$

ip as-path access-list 23 permit ^[0-9]+_[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+_[0-9]+$


(Regex breakdown: ^ means match, [0-9] indicates any numeral, + means

any number of the previous expression, _ is a space, and $ is

end-of-line)


In this case, ACL 21 allows only the first AS in the path, ACL 22 allows

a path 2 ASes deep, ACL 23 allows a path 3 ASes deep, and ACL 24 allows

a path 4 ASes deep.


Then, you need to set up your bgp neighbor filter to use one of these

ACLs:


router bgp xxxxx

neighbor 1.2.3.4 filter-list 22 in


In this case, we filter all inbound announcements with as-path ACL 22.

So if neighbor 1.2.3.4 sends the following routes over:


2.0.0.0/8 32 616 533

3.0.0.0/8 32 544

4.0.0.0/8 32

5.0.0.0/8 32 616 616 616 616


Only 4.0.0.0/8 and 5.0.0.0/8 would be accepted. ACL 21 would only

accept 4/8, ACLs 23 and 24 would accept 2/8, 3/8, and 4/8.


Actions

This Discussion