Solved: BGP REGEXP AS Path ACL

visitor68 · ‎12-17-2009

Hi, folks:

Can someone please tell me what exactly are these regexp statements saying and is there a qualitative difference between the two?

I dont think there is, but if there is its probably something very nuanced...

ip as-path access-list 2 permit 25525+ 59591+

ip as-path access-list 2 permit ^(25525_)+(59591_)+$

Thanks!

Jerry Ye · ‎12-18-2009

_ is space. For example, if you want to match 225 225, you can do _225_225_ for excact match.

( ) is grouping the string character together. For example, if the AS path is 225 225 225 255 225 225 225 and 225 225 225, you would want to match both of them by doing (225_)+.

Here is the link for regular expression in IOS.

http://www.cisco.com/en/US/partner/docs/ios/termserv/configuration/guide/tsv_reg_express_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Regards,

jerry

View solution in original post

Jerry Ye · ‎12-17-2009

They are very different.

ip as-path access-list 2 permit ^(25525_)+(59591_)+$ means that the AS path is started with one or more 25525 and ended with one or more 59591

ip as-path access-list permit 25525+_59591+ (I am assuming you forgot to put _, otherwise it doesn't make any sense) means an AS path contains 25525 and then follow with 59591. Since you didn't group 25525 together with (), 25525+ also means 25525, 255255, 2552555, etc.; same thing apply to 59591.

Regards,

jerry

Giuseppe Larosa · ‎12-17-2009

Hello Joe,

you had already opened a thread on a very similar AS path access-list some mounths ago.

I agree with Jerry the two expressions are different with one able to deal with AS path prepending and the second one matching AS paths where AS1 AS2 are present.

To be noted that before introduction of 32 bits AS numbers 25525+ could only match AS 25525, because as a regular expression it can match 25525 2552555 and so on but these last numbers are too big for a 16 bit AS number. This note is not true for 32 bit AS number.

The practical results can be similar.

Hope to help

Giuseppe

clfranjo · ‎12-18-2009

Hi Giuseppe,

Attached is a problem we have with VLAN configuration of Cisco Switches. I would be grateful if you could send your answer to my email address clfranjo@yahoo.es.

Many thanks,

Carlos.

visitor68 · ‎12-18-2009

Giuseppe/Jerry:

Perhaps it would be better if I gave you the requirement. Kindly read the entire post. Thank you.

The objective of the as path ACL should be to match prefixes we receive from 25525 that originate in AS 59591, which can get prepended, and then is advertised directly to us by AS 25525, which may also get prepended.

So there will only be 2 different AS numbers in the AS path: the originating one (59591), which will probably be prepended in the received advertisement and the directly connected AS (25525), which advertises it to us.

The route table looks something like this:

* x.x.x.x z.z.z.z 0 0 25525 59591 59591 59591 59591 i
*>y.y.y.y z.z.z.z 0 0 25525 59591 59591 59591 59591 i

Given this requirement, which as path list is correct? And can you explain why? Please make your explanation dummy-proof because I am a regexp dummy, for sure.

Giuseppe:

I know I posted a similar question a couple months back. I didnt quite underatand the answers then, and thats why Im reposting. I dont use bgp regexp too much - almost never. When I get more time, Ill read up on them.

Thanks

Giuseppe Larosa · ‎12-18-2009

Hello Joe,

no problem, I was just noting the fact

if the objective is to match this AS path:

0 25525 59591 59591 59591 59591 i

you can use both

ip as-path access-list 2 permit 25525+ 59591+

ip as-path access-list 3 permit ^(25525_)+(59591_)+$

the first match because it finds the substring 25525 59591 inside the AS path string

the second matches because it matches the whole AS path string 25525 59591 59591 59591 59591 as a case included in

^(25525_)+(59591_)+$ the leading ^ means starting point in AS path one or more occurrences of ASN 25525 followed by one or more occurrences of ASN 59591.

Hope to help

Giuseppe

Jerry Ye · ‎12-18-2009

I will say the 2nd list, ip as-path access-list x permit ^(25525_)+(59591_)+$, is the correct one based on the following condition

"So there will only be 2 different AS numbers in the AS path: the originating one (59591), which will probably be prepended in the received advertisement and the directly connected AS (25525), which advertises it to us."

$ check the originating AS path

^ check the connected AS path

Regards,

jerry

visitor68 · ‎12-18-2009

Jerry:

Awesome answer! That is what I am looking for...the difference between the 2...

A last quick question...

What does adding "( )" and a "_" do?

Thanks!

Jerry Ye · ‎12-18-2009

_ is space. For example, if you want to match 225 225, you can do _225_225_ for excact match.

( ) is grouping the string character together. For example, if the AS path is 225 225 225 255 225 225 225 and 225 225 225, you would want to match both of them by doing (225_)+.

Here is the link for regular expression in IOS.

http://www.cisco.com/en/US/partner/docs/ios/termserv/configuration/guide/tsv_reg_express_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Regards,

jerry

visitor68 · ‎12-18-2009

Jerry, you are the man....!

Stick around this board more often...youll be on eof the bright stars on here.

Thanks

visitor68 · ‎12-18-2009

deleted duplicate post