Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP regex for partial routes

We only want to accept partial routes from a provider (AS 2828).

I can do _2828$ for all routes originated from the provider.

What can I do to also accept routes from the provider's directly connected customers?

How would you go about writing the regex for that?

2 REPLIES
Hall of Fame Super Silver

Re: BGP regex for partial routes

Hello Kevin,

you want to accept ^2828$ different from _2828$ for routes of AS 2828 if there is a direct eBGP session

and ^2828_pattern$

where pattern is : made of decimal digits and 1 to 5 digits without spaces in the middle

first digit is never 0 additional digits if any can be 0-9.

[1-9]([0-9])+

so the reg exp can be:

^2828_[1-9]([0-9])+$

to keep it simple

^2828_([0-9])+$

is a better choice

+ means 1 or more occurrences of what inside () [0-9] is a range of decimal digits

this is compact but doesn't allow control on what is received.

Hope to help

Giuseppe

New Member

Re: BGP regex for partial routes

Here is what we use. It does a great job.

First, you need as-path access-lists, like such:

ip as-path access-list 21 permit ^[0-9]+$

ip as-path access-list 22 permit ^[0-9]+$

ip as-path access-list 22 permit ^[0-9]+_[0-9]+$

ip as-path access-list 23 permit ^[0-9]+$

ip as-path access-list 23 permit ^[0-9]+_[0-9]+$

ip as-path access-list 23 permit ^[0-9]+_[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+$

ip as-path access-list 24 permit ^[0-9]+_[0-9]+_[0-9]+_[0-9]+$

(Regex breakdown: ^ means match, [0-9] indicates any numeral, + means

any number of the previous expression, _ is a space, and $ is

end-of-line)

In this case, ACL 21 allows only the first AS in the path, ACL 22 allows

a path 2 ASes deep, ACL 23 allows a path 3 ASes deep, and ACL 24 allows

a path 4 ASes deep.

Then, you need to set up your bgp neighbor filter to use one of these

ACLs:

router bgp xxxxx

neighbor 1.2.3.4 filter-list 22 in

In this case, we filter all inbound announcements with as-path ACL 22.

So if neighbor 1.2.3.4 sends the following routes over:

2.0.0.0/8 32 616 533

3.0.0.0/8 32 544

4.0.0.0/8 32

5.0.0.0/8 32 616 616 616 616

Only 4.0.0.0/8 and 5.0.0.0/8 would be accepted. ACL 21 would only

accept 4/8, ACLs 23 and 24 would accept 2/8, 3/8, and 4/8.

576
Views
0
Helpful
2
Replies
CreatePlease login to create content