Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP Reg. Expression

Hi !

I am a little bit confused with this reg. expression:

ip as-path access-list 3 deny ^[0-9]+ [0-9]+ [0-9]+ .+$

ip as-path access-list 3 permit .*

As far as I understand the first line says that the string has to look like :

xxxxx xxxxx xxxxx sd334s sdfwwed33 sdfdew234 and anything like that

the second line says permit any

right ?

But what we want to achieve is to filter updates with more than 3 AS`s .

We got this as-path access-list from our provider.




Re: BGP Reg. Expression

It looks okay--the first line should say match anything with:

They are using a + instead of a * because they want it to be one or more of [0-9], rather than 0 or more of [0-9] for the first three. You could turn it around and make it permits, instead, but you'll end up with an access list that's three lines long (like two or three lines is that big of a deal! :-) ):

ip as-path access-list xx permit ^[0-9]*$

ip as-path access-list xx permit ^[0-9]*_[0-9]*$

ip as-path access-list xx permit ^[0-9]*_[0-9]*_[0-9]*$

And leave the explicit deny at the end to drop the rest. Either way should work.



New Member

Re: BGP Reg. Expression

Hi !

as you said it matches


BUT every update looks like this:



AS AS ..

or AS AS AS ..

and so on....

so for my understanding the first line drops everything - not only those who have more than 3 entries.

or am I confused too much ?

Thx for your help



Re: BGP Reg. Expression

It shouldn't drop everything, because of the first three matches. A one hop as would match the first [0-9]+, but then it would fail on the " " (or _, which is what I use, rather than the actual space), since the next character is an end of line, rather than a space. A two hop AS Path would match on the [0-9]+_[0-9]+, but again, would fail on the second " " or _, since the next character is an end of line, rather than a space. A three hop would be similar, matching on the [0-9]+_[0-9]+_[0-9]+, but would fail on the third " " or _, since there's an end of line in the AS Path at this point, rather than a space.

A four hop AS Path, however, would match the first AS on the [0-9]+_, the second on the [0-9]+_, the thrid AS on the [0-9]+_, and the fourth AS on the .+, then the end of line on the $, so it would match and deny.

I hope this helps.