Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

regular expression

Hello everybody,

I have a simple question. I want to block all communities from a customer and permit only what I need.

How to achive the result?  Please help me, I have spent a lot of time on this task. Thank you in advance.

router bgp 5555

...

neighbor 2.2.2.2 route-map CUST-in in

...

!

route-map CUST-in permit 10

set comm-list FILTER delete

set community 5555:1111

!

ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777
ip community-list expanded CUST-ACCEPT permit .*:.*

!

result: I am still receiving 5555:666[0-9][0-9] or 5555:777[0-9][0-9] instead of strict 5555:666 and 5555:777.

sh ip bgp 200.200.200.0

...

Community: 5555:1111 5555:666 5555:6661 5555:777 5555:7773 5555:43882

!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: regular expression

Hello Dmitry,

I see you would like to avoid to match on BGP communities with an additional digit:

>> ip community-list expanded CUST-ACCEPT deny 5555:666

I would suggest to modify the statement in:

ip community-list expanded CUST-ACCEPT deny 5555:666_

the additional '_' should allow to specify that no additional digit should result in a match

Hope to help

Giuseppe

6 REPLIES
Hall of Fame Super Silver

Re: regular expression

Hello Kozorezdi,

you should match on the community-list instead of using the community-list to decide if it is good to delete the communities in received advertisement

so your route-map should look like

route-map CUST-in permit 10

match community CUST-ACCEPT

set community 5555:1111

you need a match statement to fillter

Hope to help

Giuseppe

Re: regular expression

Hi,

Well i am using this like...say my peer have as number 9730 then i am using below config

route-map BGP-OTIP-SIN-IN permit 95

set comm-list 154 delete

  set community 1234:7000 additive

Community (expanded) access list 154

    permit _9730:.+_

means any community tagges with 9730:any occurance will be deleted and then I add what I want

Hope this is helpful

Regards

Mahesh

Community Member

Re: regular expression

Thank you Mahesh.

In you case, if you need just remove the communities from the customer, you can just use set community 1234:7000 (without additive).  Have I missed someting?

I need more strict rule.  Customer will sent communities for my network  (my AS5555) and I don't need any other communities.  I need to receive  only:

ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777

I will deny everything else by:

ip community-list expanded CUST-ACCEPT permit .*:.*

but the customer can send and I will receive 5555:6665 or 5555:77742 and I need to fix it.

--

Have a  nice day,

Dmitry

Community Member

Re: regular expression

Thank you  Giuseppe.  It is not what I need.  I have wrote not the whole command, it should be: set community 5555:1111 additive.

Another words, I need to receive some communities from my customer and remove all other (and add my communities as well).

ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777
ip community-list expanded CUST-ACCEPT permit .*:.*

I will permit something like: 5555:62340 or 5555:41002, I will deny 5555:22340 or 5555:91002 - it is working.

I will permit 5555:666, but I will permit 5555:6669 - and I don't like it.  I need exactly 5555:666

Hope now, my question asked correctly.

--

Thank you in advance,

Dmitry

Hall of Fame Super Silver

Re: regular expression

Hello Dmitry,

I see you would like to avoid to match on BGP communities with an additional digit:

>> ip community-list expanded CUST-ACCEPT deny 5555:666

I would suggest to modify the statement in:

ip community-list expanded CUST-ACCEPT deny 5555:666_

the additional '_' should allow to specify that no additional digit should result in a match

Hope to help

Giuseppe

Community Member

Re: regular expression

Good everning Giuseppe,

Thank you very much!  I don't know why I haven't checked it before , but it is exactly what I need.

Thanks a lot!

Dmitry

524
Views
0
Helpful
6
Replies
CreatePlease to create content