We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 557 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

315 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Notable Replies

  1. Rene,

    Very helpful in understanding these complex expressions. However, I do have question about the following which is configured on our internet hubs by our senior engineers.

    AS path access list 20
         deny ^10886_209_
         permit ^10886_

    ^10886_209_ It means deny prefixes from 10886 and any prefixes passes through 209
    is that correct?
    permit ^10886_ it means permit prefixes from 10886 and what does _ means at the end.
    Please clarify

    Thanks
    Hamood

  2. Hi Hamood,

    The _ matches the white space between the AS numbers. For example take a look at this output of a BGP table:

    Network Next Hop Metric LocPrf Weight Path
    * 1.0.0.0/24 203.202.143.34 0 7474 15169 i
    * 202.139.124.130 1 0 7474 15169 i
    * 203.13.132.29 0 7474 15169 i

    In the AS path there's a space between the AS numbers, we need to use the _ to match this.

    Let's look at your example:

    deny ^10886_209_

    The ^ indicates the beginning of the AS path, so AS 10886 is an AS that is directly connected to yours. Behind 10886 there is AS 209.

    This statement denies prefixes that you learn from AS 10886 and that AS 10886 has learned from AS 209. It doesn't matter where AS 209 learned it from...

    The permit ^10886_ statement means that you permit everything else that you learn from AS 10886.

    Does that help?

    Rene

  3. Hi Hamood,

    There's a big difference between using _ or $.

    The _ matches on the white space between two AS numbers, the $ means that it's the end of the string. If you would use ^10886$ then you are only matching an AS path that only has 10886 in it and nothing else.

    It's a good exercise to try this on a looking glass server :slight_smile:

    Rene

  4. Hi Mario,

    The [0-9] means any number between 0 and 9, this means 0,1,2,3,4,5,6,7,8 and 9 are valid. The * means that we repeat the previous number 0 or multiple times. Basically this means any number from 0 to infinity matches. In our example we have 16 bit AS numbers so that means any AS number from 0 to 65535 will be matched.

    The + is similar to the * but it means that we repeat the previous number 1 or multiple times. In practice, there's a big difference between the two...for example:

    When I use ^3257_[0-9]*$ then I'm matching everything that starts with AS 3257 with none or one AS behind it, which could be any number.

    When I use ^3257_[0-9]+$ then I'm matching everything that starts with AS 3257 but there has to be one additional AS behind it, which could be any number.

    The ? means that we repeat the previous number zero or one time, for example when you use [0-9]? it means that we try to match the previous value (anything between 0 and 9) but it's optional.

    Hope this helps! It takes some practice with looking glass servers to get the hang of this.

    Rene

  5. Hi Rene,

    Need your expertise on this one... I have a regex script to filter prep-pended AS's. The issue is when I test it with the "sh ip bgp regexp" cmd; no pre-pended routes are tagged (rightly fully so, because they aren't configured yet..). So my thought is the script is functional, but when I apply the access list w/ as-path filter all of my routes disappear...

    R1#sh ip bgp | B Net
    Network Next Hop Metric LocPrf Weight Path
    *> 1.0.0.0 0.0.0.0 0 32768 i
    *> 2.0.0.0 12.1.1.2 0 0 200 i
    *> 3.0.0.0 12.1.1.2 0 200 300 i
    *> 4.0.0.0 12.1.1.2 0 200 300 400 i

    TESTED BEFORE SCRIPT APPLIED:

    R1#sh ip bgp regexp ^([0-9]+)(_\1)+$
    R1#***NO ROUTES***

    Applied the as-path acl: "ip as-path access-list 1 permit ^([0-9]+)(_\1)+$"

    R1#sh run | s bgp
    router bgp 100
    bgp log-neighbor-changes
    network 1.0.0.0
    neighbor 12.1.1.2 remote-as 200
    neighbor 12.1.1.2 filter-list 1 in
    
    R1#sh ip bgp | B Net
    Network Next Hop Metric LocPrf Weight Path
    *> 1.0.0.0 0.0.0.0 0 32768 i

    Now all routes are gone, AS200 nor any other AS has been prepened.

     

     

     

Continue the discussion forum.networklessons.com

11 more replies

Participants