BGP REGEXP AS Path ACL

Answered Question
Dec 17th, 2009
User Badges:

Hi, folks:


Can someone please tell me what exactly are these regexp statements saying and is there a qualitative difference between the two?


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

I dont think there is, but if there is its probably something very nuanced...


ip as-path access-list 2 permit 25525+ 59591+


ip as-path access-list 2 permit ^(25525_)+(59591_)+$


Thanks!



Correct Answer by Jerry Ye about 7 years 7 months ago

_ is space. For example, if you want to match 225 225, you can do _225_225_ for excact match.


( ) is grouping the string character together. For example, if the AS path is 225 225 225 255 225 225 225 and 225 225 225, you would want to match both of them by doing (225_)+.


Here is the link for regular expression in IOS.


http://www.cisco.com/en/US/partner/docs/ios/termserv/configuration/guide/tsv_reg_express_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Regards,

jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jerry Ye Thu, 12/17/2009 - 21:02
User Badges:
  • Cisco Employee,

They are very different.


ip as-path access-list 2 permit ^(25525_)+(59591_)+$ means that the AS path is started with one or more 25525 and ended with one or more 59591


ip as-path access-list permit 25525+_59591+ (I am assuming you forgot to put _, otherwise it doesn't make any sense) means an AS path contains 25525 and then follow with 59591. Since you didn't group 25525 together with (), 25525+ also means 25525, 255255, 2552555, etc.; same thing apply to 59591.


Regards,

jerry

Giuseppe Larosa Thu, 12/17/2009 - 23:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Joe,


you had already opened a thread on a very similar AS path access-list some mounths ago.


I agree with Jerry the two expressions are different with one able to deal with AS path prepending and the second one matching AS paths where AS1 AS2 are present.


To be noted that before introduction of 32 bits AS numbers 25525+ could only match AS 25525, because as a regular expression it can match 25525 2552555 and so on but these last numbers are too big for a 16 bit AS number. This note is not true for 32 bit AS number.


The practical results can be similar.


Hope to help

Giuseppe

ex-engineer Fri, 12/18/2009 - 05:19
User Badges:

Giuseppe/Jerry:


Perhaps it would be better if I gave you the requirement. Kindly read the entire post. Thank you.


The objective of the as path ACL should be to match prefixes we receive from 25525 that originate in AS 59591, which can get prepended, and then is advertised directly to us by AS 25525, which may also get prepended.


So there will only be 2 different AS numbers in the AS path: the originating one (59591), which will probably be prepended in the received advertisement and the directly connected AS (25525), which advertises it to us.


The route table looks something like this:


*  x.x.x.x    z.z.z.z           0             0 25525 59591 59591 59591 59591 i
*>y.y.y.y    z.z.z.z            0            0 25525 59591 59591 59591 59591 i


Given this requirement, which as path list is correct? And can you explain why? Please make your explanation dummy-proof because I am a regexp dummy, for sure.


Giuseppe:


I know I posted a similar question a couple months back. I didnt quite underatand the answers then, and thats why Im reposting. I dont use bgp regexp too much - almost never. When I get more time, Ill read up on them.


Thanks

Giuseppe Larosa Fri, 12/18/2009 - 05:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Joe,

no problem, I was just noting the fact


if the objective is to match this AS path:


0 25525 59591 59591 59591 59591 i


you can use both


ip as-path access-list 2 permit 25525+ 59591+


ip as-path access-list 3 permit ^(25525_)+(59591_)+$


the first match because it finds the substring 25525 59591 inside the AS path string

the second matches because it matches the whole AS path string 25525 59591 59591 59591 59591 as a case included in

^(25525_)+(59591_)+$  the leading ^ means starting point in AS path one or more occurrences of ASN 25525 followed by one or more occurrences of ASN 59591.


Hope to help

Giuseppe

Jerry Ye Fri, 12/18/2009 - 06:30
User Badges:
  • Cisco Employee,

I will say the 2nd list, ip as-path access-list x permit ^(25525_)+(59591_)+$, is the correct one based on the following condition


"So there will only be 2 different AS numbers in the AS path: the originating one (59591), which will probably be prepended in the received advertisement and the directly connected AS (25525), which advertises it to us."


$ check the originating AS path

^ check the connected AS path


Regards,

jerry

ex-engineer Fri, 12/18/2009 - 08:17
User Badges:

Jerry:


Awesome answer! That is what I am looking for...the difference between the 2...


A last quick question...


What does adding "( )" and a "_" do?


Thanks!

Correct Answer
Jerry Ye Fri, 12/18/2009 - 08:29
User Badges:
  • Cisco Employee,

_ is space. For example, if you want to match 225 225, you can do _225_225_ for excact match.


( ) is grouping the string character together. For example, if the AS path is 225 225 225 255 225 225 225 and 225 225 225, you would want to match both of them by doing (225_)+.


Here is the link for regular expression in IOS.


http://www.cisco.com/en/US/partner/docs/ios/termserv/configuration/guide/tsv_reg_express_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Regards,

jerry

ex-engineer Fri, 12/18/2009 - 08:32
User Badges:

Jerry, you are the man....!


Stick around this board more often...youll be on eof the bright stars on here.


Thanks

Actions

This Discussion