08-28-2008 08:30 AM - edited 03-03-2019 11:18 PM
We only want to accept partial routes from a provider (AS 2828).
I can do _2828$ for all routes originated from the provider.
What can I do to also accept routes from the provider's directly connected customers?
How would you go about writing the regex for that?
08-28-2008 10:30 AM
Hello Kevin,
you want to accept ^2828$ different from _2828$ for routes of AS 2828 if there is a direct eBGP session
and ^2828_pattern$
where pattern is : made of decimal digits and 1 to 5 digits without spaces in the middle
first digit is never 0 additional digits if any can be 0-9.
[1-9]([0-9])+
so the reg exp can be:
^2828_[1-9]([0-9])+$
to keep it simple
^2828_([0-9])+$
is a better choice
+ means 1 or more occurrences of what inside () [0-9] is a range of decimal digits
this is compact but doesn't allow control on what is received.
Hope to help
Giuseppe
08-29-2008 03:30 PM
Here is what we use. It does a great job.
First, you need as-path access-lists, like such:
ip as-path access-list 21 permit ^[0-9]+$
ip as-path access-list 22 permit ^[0-9]+$
ip as-path access-list 22 permit ^[0-9]+_[0-9]+$
ip as-path access-list 23 permit ^[0-9]+$
ip as-path access-list 23 permit ^[0-9]+_[0-9]+$
ip as-path access-list 23 permit ^[0-9]+_[0-9]+_[0-9]+$
ip as-path access-list 24 permit ^[0-9]+$
ip as-path access-list 24 permit ^[0-9]+_[0-9]+$
ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+$
ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+_[0-9]+$
(Regex breakdown: ^ means match, [0-9] indicates any numeral, + means
any number of the previous expression, _ is a space, and $ is
end-of-line)
In this case, ACL 21 allows only the first AS in the path, ACL 22 allows
a path 2 ASes deep, ACL 23 allows a path 3 ASes deep, and ACL 24 allows
a path 4 ASes deep.
Then, you need to set up your bgp neighbor filter to use one of these
ACLs:
router bgp xxxxx
neighbor 1.2.3.4 filter-list 22 in
In this case, we filter all inbound announcements with as-path ACL 22.
So if neighbor 1.2.3.4 sends the following routes over:
2.0.0.0/8 32 616 533
3.0.0.0/8 32 544
4.0.0.0/8 32
5.0.0.0/8 32 616 616 616 616
Only 4.0.0.0/8 and 5.0.0.0/8 would be accepted. ACL 21 would only
accept 4/8, ACLs 23 and 24 would accept 2/8, 3/8, and 4/8.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: