{"id":2866,"date":"2020-12-29T10:51:05","date_gmt":"2020-12-29T18:51:05","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=2866"},"modified":"2020-12-29T10:55:18","modified_gmt":"2020-12-29T18:55:18","slug":"understand-bgp-regular-expressions-and-examples","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=2866","title":{"rendered":"Understand BGP Regular Expressions and Examples"},"content":{"rendered":"\n

Regular Expressions are used often for BGP route manipulation or filtering. In this lesson, we\u2019ll take a look at some useful regular expressions. First, let\u2019s take a look at the different characters that we can use:<\/p>\n\n\n\n

Characters<\/h3>\n\n\n\n
?<\/strong><\/td>repeats the previous character one or zero times.<\/td><\/tr>
*<\/strong><\/td>repeats the previous character zero or many times.<\/td><\/tr>
+<\/strong><\/td>repeats the previous character one or more times.<\/td><\/tr>
^<\/strong><\/td>matches the beginning of a string.<\/td><\/tr>
$<\/strong><\/td>matches the end of a string.<\/td><\/tr>
[]<\/strong><\/td>is a range.<\/td><\/tr>
_<\/strong><\/td>matches the space between AS numbers or the end of the AS PATH list.<\/td><\/tr>
\\\\<\/strong><\/td>is an escape character. You\u2019ll need this for BGP confederations.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

The dollar sign ($) regular expression character should be placed at the end of a Border Gateway Protocol (BGP) autonomous system (AS) path filter to indicate the originating AS. Regular expressions are used to locate character strings that match a particular pattern. AS path filters are used to permit or deny routes that match the regular expression.<\/p>\n\n\n\n

The $ character indicates that the preceding characters should match the end of the string. The originating router will insert its AS number into the AS path, and subsequent routers will prepend their AS numbers to the beginning of the AS path string. The last AS number in the AS path is the originating AS. For example, the ip as-path access-list 1 permit ^111_999$ command permits paths that originate from AS 999.<\/p>\n\n\n\n

The caret (^) character should be placed at the beginning of a BGP AS path filter to indicate the AS from which the path was learned. The ^ character indicates that the subsequent characters should match the start of the string. The first number in an AS path indicates the AS from which the path was learned. For example, the ip aspath accesslist 1 permit ^111_999$ command permits paths that are learned from AS 111.<\/p>\n\n\n\n

The underscore (_) character is used to indicate a comma, a brace, the start or end of an input string, or a space. When used between two AS path numbers, the _ character indicates that the ASes are directly connected. For example, the ip aspath accesslist 1 permit ^111_999$ command indicates that AS 111 and AS 999 should be directly connected.<\/p>\n\n\n\n

The period (.) character is used to represent any single character. For example, the ip aspath accesslist 1 permit ^…_999$ command permits paths that originate from AS 999 and are learned from any threedigit AS.<\/p>\n\n\n\n

The bracket (]) character is used to indicate a set of characters or a range of characters. For example, the ip aspath accesslist 1 permit ^[09]_999$ command permits paths that originate from AS 999 and are learned from any AS numbered from 0 through 9, and the ip aspath accesslist 1 permit ^[123]_999$ command permits paths that originate from AS 999 and are learned from AS 1, AS 2, or AS 3.<\/p>\n\n\n\n

The asterisk (*) character indicates zero or more sequences of the previous expression. For example, the expression [09]* indicates a string of zero or more digits. Therefore, the ip aspath accesslist 1 permit ^111_ [09]*$ command permits paths that are learned from AS 111 and originate from any AS.<\/p>\n\n\n\n

Examples<\/h3>\n\n\n\n
\n
\n
^$<\/strong><\/td>matches an empty AS PATH so it will match all prefixes from the local AS.<\/td><\/tr>
^51_<\/strong><\/td>matches prefixes from AS 51 that is directly connected to our AS.<\/td><\/tr>
 _51_<\/strong><\/td>matches prefixes that transit AS 51.<\/td><\/tr>
 _51$<\/strong><\/td>matches prefixes that originated in AS 51, the $ ensures that it\u2019s the beginning of the AS PATH.<\/td><\/tr>
 ^([0-9]+)_51<\/strong><\/td>matches prefixes from AS 51 where AS 51 is behind one of our directly connected AS\u2019es.<\/td><\/tr>
 ^51_([0-9]+)<\/strong><\/td>matches prefixes from the clients of directly connected AS 51.<\/td><\/tr>
 ^(51_)+([0-9]+)<\/strong><\/td>matches prefixes from the clients of directly connected AS 51, where AS 51 might be doing AS PATH prepending.<\/td><\/tr>
 ^51_([0-9]+_)+<\/strong><\/td>matches prefixes from the clients of directly connected AS 51, where the clients might be doing AS PATH prepending.<\/td><\/tr>
^\\65200\\)<\/strong><\/td>matches prefixed from confederation peer 65200.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n<\/div>\n<\/div>\n\n\n\n

If you need some practice for these, I would suggest using a BGP looking glass server<\/a>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Using Regular Expressions in BGP<\/h3>\n\n\n\n

You can use regular expressions in the ip as-path access-list<\/a> <\/strong>command with Border Gateway Protocol (BGP). This document describes scenarios for using regular expressions. For more general information about regular expressions, see the Cisco Documentation on Regular Expressions<\/a>.<\/p>\n\n\n\n

Requirements<\/h3>\n\n\n\n

Readers of this document should be knowledgeable of the following:<\/p>\n\n\n\n