WB1 7.46 BGP Regular Expressions

7.46 BGP Regular Expressions

• Create a new Loopback 1 on each device R1 – R6 with IP addresses in the format Y.Y.Y.Y/32, where Y is your device number, and advertise them into BGP.
• Configure an AS-Path access-list on SW1 so that AS 300 cannot be used as transit for AS 100 to reach AS 200 or vice-versa; this access-list should be applied directly to its neighbors.
• Configure a local-preference modification on R5 such that traffic from AS 200 going to routes originated in AS 54 is always sent to R4, while traffic to routes that transit AS 54 but were not originated in AS 54 is always sent to R3.
• Additionally configure R3 so that routes learned from AS 254 are not advertised to R1

---------------------------------------------------

設定AS-Path access-list在SW1，讓AS300不能透過AS100到達AS200，反之亦然。

在R5上設定，讓AS200到達AS54是透過R4，但若是經過AS54的prefix則是透過R3

讓R3所學到的AS254 prefix不要傳遞給R1

---------------------------------------------------

R1:
interface Loopback 1
 ip address 1.1.1.1 255.255.255.255
!
router bgp 100
 network 1.1.1.1 mask 255.255.255.255

R2:
interface Loopback 1
 ip address 2.2.2.2 255.255.255.255
!
router bgp 200
 network 2.2.2.2 mask 255.255.255.255

R4:
interface Loopback 1
 ip address 4.4.4.4 255.255.255.255
!
router bgp 100
 network 4.4.4.4 mask 255.255.255.255

R6:
interface Loopback 1
 ip address 6.6.6.6 255.255.255.255
!
router bgp 100
 network 6.6.6.6 mask 255.255.255.255

SW1:
ip as-path access-list 1 permit ^$
!
route-map NO_TRANSIT permit 100
 match as-path 1
!
router bgp 300
 neighbor 155.1.67.6 route-map NO_TRANSIT out
 neighbor 155.1.37.3 route-map NO_TRANSIT out
 
R5:
interface Loopback 1
 ip address 5.5.5.5 255.255.255.255
!
ip as-path access-list 1 permit _54$
!
route-map FROM_R4 permit 10
 match as-path 1
 set local-preference 200
!
route-map FROM_R4 permit 100
!
router bgp 200
 network 5.5.5.5 mask 255.255.255.255
 neighbor 155.1.45.4 route-map FROM_R4 in

R3:
interface Loopback 1
ip address 3.3.3.3 255.255.255.255
!
no ip as-path access-list 1
ip as-path access-list 1 deny _54$
ip as-path access-list 1 permit _54_
!
ip as-path access-list 2 permit _254$
!
route-map FROM_R1 permit 10
 match as-path 1
 set local-preference 200
!
route-map FROM_R1 permit 100
!
!
!
route-map TO_R1 deny 10
 match as-path 2
!
route-map TO_R1 permit 100
!
!
!
router bgp 200
 network 3.3.3.3 mask 255.255.255.255
 neighbor 155.1.13.1 route-map FROM_R1 in
 neighbor 155.1.13.1 route-map TO_R1 out

---------------------------------------------------

We are going to discuss the most useful types of regexp patterns suitable for many “real-life” situations. You may read more about BGP regular expressions basics in our blog post Understanding BGP Regular Expressions.

First, recall the basic regular expression meta-characters or modifiers:

“.” – any character,
“?” – repeat the previous character one or zero times,
“*” – repeat the previous character zero or any times,
“+” – repeat the previous character one or more times,
“^” – match the beginning of a string,
“$” - match the end of a string,
“[]” - means range or elements,
“_” is the character to match the “space” separating AS numbers OR the end of the AS_PATH list.

Now the practical examples:

“^$” - means empty AS_PATH attribute, which identifies the prefixes advertised in the local AS.
“^254_” - means prefixes received from the directly adjacent AS 254. Notice that using “_” is important, as there could be another adjacent AS with the number starting with 254.
“_254_” - prefixes transiting AS 254. The “_” characters are needed to clearly separate the AS number.
“_254$” - means prefixes originated in the AS 254. This expression matches the rightmost position in the string, meaning that the expression could be of arbitrary length.
“^([0-9]+)_254” - routes from the AS 254 when it’s just “one-hop” away.
“^254_([0-9]+)” - prefixes from the clients of the directly connected AS 254.
“^(254_)+([0-9]+)” - prefixes from the clients of the adjacent AS 254, accounting for the fact that AS 254 may do AS_PATH prepending.
“^254_([0-9]+_)+” - prefixes from the clients of the adjacent AS 254, accounting for the fact that the clients may do AS_PATH prepending.
^\(65100\) – prefixes learned from the confederation peer 65100.

You configure BGP regular-expression using the IP AS-PATH access-lists: ip as-path access-list <N> {permit|deny} <Regexp>.

This access-list might be applied as a filter-list to a peer using the syntax: neighbor <IP> filter-list <N> {in|out}. However, the best approach is to match AS_PATH access-lists under a route-map applied to the peer (match aspath), as this allows for flexible policy editing.

If you are wondering about the order features are applied, it is as follows:
For inbound updates:
1. route-map
2. filter-list
3. prefix-list OR distribute-list
For outbound updates:
1. prefix-list OR distribute-list
2. filter-list
3. route-map
Keep in mind that you may test regular expression on the BGP table using the command show ip bgp regexp or show ip bgp quote-regexp. The latter command allows using the “|” character to additionally filter the output.