GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: BGP AS-Path filtering posted 06/12/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Brian;

Thank you very much for you explanation.

Kind regards,

Joseph Biondino
Network Specialist
UNISYS
Network Command Centre

115 - 117 Wicks Rd
North Ryde NSW 2113
Phone: 02 9857 3149
Group:  02 9390 1107
Fax:     02 9857 3122

 -----Original Message-----
From: 	Brian McGahan [mailto:brian@xxxxxxxxxxxxxxx] 
Sent:	Thursday, 12 June 2003 1:25 PM
To:	Biondino, Joseph; ccielab@xxxxxxxxxxxxxx
Subject:	RE: BGP AS-Path filtering

Joseph,

	Since you have a confederated AS, the empty AS path will only
match routes originated in your own sub AS.  In addition to the empty
set, you need to match anything originated in your confederation peers'
sub ASes.  Confederated ASes are denoted by the parentheses, ( and ) in
the AS set.  Since the parentheses can only occur within the AS path of
routes learned from your own confederation peers, we can assume that
anything inside a parentheses is an AS which is part of your
confederation.  

	Our options of an AS path are as follows:

^$		Generated in our sub AS
^(any)$	Generated in other sub ASes of our confederation

	The parentheses, however, has a special meaning in regular
expression syntax.  It denotes a logical grouping.  In order to match
the actual characters '(' and ')', we must use the escape sequence \

	Our options are now as follows:

^$
^\(any\)$

	The character '.' in regular expression syntax denotes any
single character.  The character '*' denotes 0 or more instances of the
previous character.  Therefore the sequence '.*' matches 0 or more
instances of any character; in other words, anything.

	Our options are now as follows:

^$
^\(.*\)$

	A two line as-path list matching these two patterns will match
all locally generated routes, including those of our confederation
peers.  We could stop here, but it would be much more convoluted (and
fun) if we consolidated these two lines into one.

	If we look at these two character patterns, we can see that the
common characters are the '^' and the '$'.  These denote the beginning
and end of the string.  Therefore, the pattern that is different is
'\(.*\)'  First let's put this entire string inside another set of
parentheses so it will appear as one variable:

^(\(.*\))$

	Note that the above string is the same as: ^\(.*\)$

	Next we need to check whether or not this pattern, let's call it
X, exists in the string. 

^$	In this case X does not exist.  X is false.
^X$	In this case X does exist.  X is true.

	The character '?' in regular expression syntax denotes 0 or 1
instance of a character pattern, hence true or false.  If we say 'X?',
we are matching either X as true or X as false.  

	Finally, our pattern reduces to:

^(\(.*\))?$


	Tada!  Note that in order to enter a ? in IOS, you need to
escape it with a CTRL-V first.


HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@xxxxxxxxxxxxxxx

CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625


> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
Of
> Biondino, Joseph
> Sent: Wednesday, June 11, 2003 6:39 PM
> To: ccielab@xxxxxxxxxxxxxx
> Subject: BGP AS-Path filtering
> 
> Hi there;
> 
> Last night I was doing a BGP practice LAB where by one of the
requirements
> was to filter routes advertised to an external neighbour that didn't
> originate in the local AS (AS200).
> 
> An easy request it would seem, but the problem was that I was running
> confederations thus the ip as-path access-list reg exp of ^$ for local
> routes wouldn't work as in the BGP table of the advertising router the
as
> path of routes in the same AS but different sub-AS was (65078) ?
> 
> Is there a way to filter out these routes??
> 
> Kind regards,
> 
> Joseph Biondino
> Network Specialist
> UNISYS
> Network Command Centre
> 
> 115 - 117 Wicks Rd
> North Ryde NSW 2113
> Phone: 02 9857 3149
> Group:  02 9390 1107
> Fax:     02 9857 3122