RE: BGP AS-Path filtering posted 06/12/2003
- Subject: RE: BGP AS-Path filtering
- From: "Biondino, Joseph" <joseph.biondino@xxxxxxxxxxxxx>
- Date: Thu, 12 Jun 2003 13:31:07 +1000
- Content-class: urn:content-classes:message
Thank you very much for you explanation.
Network Command Centre
115 - 117 Wicks Rd
North Ryde NSW 2113
Phone: 02 9857 3149
Group: 02 9390 1107
Fax: 02 9857 3122
From: Brian McGahan [mailto:brian@xxxxxxxxxxxxxxx]
Sent: Thursday, 12 June 2003 1:25 PM
To: Biondino, Joseph; ccielab@xxxxxxxxxxxxxx
Subject: RE: BGP AS-Path filtering
Since you have a confederated AS, the empty AS path will only
match routes originated in your own sub AS. In addition to the empty
set, you need to match anything originated in your confederation peers'
sub ASes. Confederated ASes are denoted by the parentheses, ( and ) in
the AS set. Since the parentheses can only occur within the AS path of
routes learned from your own confederation peers, we can assume that
anything inside a parentheses is an AS which is part of your
Our options of an AS path are as follows:
^$ Generated in our sub AS
^(any)$ Generated in other sub ASes of our confederation
The parentheses, however, has a special meaning in regular
expression syntax. It denotes a logical grouping. In order to match
the actual characters '(' and ')', we must use the escape sequence \
Our options are now as follows:
The character '.' in regular expression syntax denotes any
single character. The character '*' denotes 0 or more instances of the
previous character. Therefore the sequence '.*' matches 0 or more
instances of any character; in other words, anything.
Our options are now as follows:
A two line as-path list matching these two patterns will match
all locally generated routes, including those of our confederation
peers. We could stop here, but it would be much more convoluted (and
fun) if we consolidated these two lines into one.
If we look at these two character patterns, we can see that the
common characters are the '^' and the '$'. These denote the beginning
and end of the string. Therefore, the pattern that is different is
'\(.*\)' First let's put this entire string inside another set of
parentheses so it will appear as one variable:
Note that the above string is the same as: ^\(.*\)$
Next we need to check whether or not this pattern, let's call it
X, exists in the string.
^$ In this case X does not exist. X is false.
^X$ In this case X does exist. X is true.
The character '?' in regular expression syntax denotes 0 or 1
instance of a character pattern, hence true or false. If we say 'X?',
we are matching either X as true or X as false.
Finally, our pattern reduces to:
Tada! Note that in order to enter a ? in IOS, you need to
escape it with a CTRL-V first.
Brian McGahan, CCIE #8593
Director of Design and Implementation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
> Biondino, Joseph
> Sent: Wednesday, June 11, 2003 6:39 PM
> To: ccielab@xxxxxxxxxxxxxx
> Subject: BGP AS-Path filtering
> Hi there;
> Last night I was doing a BGP practice LAB where by one of the
> was to filter routes advertised to an external neighbour that didn't
> originate in the local AS (AS200).
> An easy request it would seem, but the problem was that I was running
> confederations thus the ip as-path access-list reg exp of ^$ for local
> routes wouldn't work as in the BGP table of the advertising router the
> path of routes in the same AS but different sub-AS was (65078) ?
> Is there a way to filter out these routes??
> Kind regards,
> Joseph Biondino
> Network Specialist
> Network Command Centre
> 115 - 117 Wicks Rd
> North Ryde NSW 2113
> Phone: 02 9857 3149
> Group: 02 9390 1107
> Fax: 02 9857 3122