Solved: Re: BGP regular expresion match sequence

fcardoso · ‎06-12-2025

I want to block paths that contain exactly 8 consecutive repetitions of AS 64601, even if they are preceded or followed by other ASes (like in the example 5555 64601 64601 ... 66666)."

Tanks

Antonio

M02@rt37 · ‎06-14-2025

Hello @fcardoso

You seem to be right about that (another) limitation on that platform...

So, if you want to match 8 instances of 64601 with no shortcut with {8} quantifier ; you should list them one by one separated by _ ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎06-13-2025

Hello @fcardoso

You want to do this on which platform and which IOS ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

fcardoso · ‎06-13-2025

Yes, in IOS XE

The platform ia a ASR 903

M02@rt37 · ‎06-13-2025

Ok @fcardoso , Thanks.

Regarding this doc: https://www.cisco.com/c/en/us/td/docs/security/security_management/cs-mars/4-3/user/guide/local_controller/appreexp.html

you could use {n} regex like this:

ip as-path access-list 10 deny ^64601{8}_
ip as-path access-list 10 deny _64601{8}$
ip as-path access-list 10 deny ^64601{8}$

This entries will block any BGP path that contains exactly 8 consecutive occurences of AS 64601.

--

Apply this on a RM:

route-map FILTER_Deny-8x64601 deny 10
match as-path 10
route-map FILTER_Deny-8x64601 permit 20

router bgp #ASN#
neighbor #NEIGH.IP# route-map FILTER_Deny-8x64601 in

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

fcardoso · ‎06-13-2025

Hi, thanks very mutch for the help...

I did a simple text:

#sh bgp vpnv4 unicast vrf xxx

64601 64601 64601 64601 64601 64601 64601 64601 66666

64601 64601 64601 64601 64601

then:

#sh bgp vpnv4 unicast vrf xxx regexp ^64601{8}_

and it didn't work, did not receive anythink....

that is, the following sequence should have appeared:

64601 64601 64601 64601 64601 64601 64601 64601 66666

the ios version16.09.04 and the platform ASR-903 (RSP3_200) maybe is not compatible with metacharacters like {}...

Best regards

M02@rt37 · ‎06-14-2025

Hello @fcardoso

You seem to be right about that (another) limitation on that platform...

So, if you want to match 8 instances of 64601 with no shortcut with {8} quantifier ; you should list them one by one separated by _ ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎06-15-2025

I will check this point I will reply tonight.

Please confirm if you still interest for answer

MHM

fcardoso · ‎06-15-2025

Yes I'm still interested...

thank you very much for your help..

Antonio

MHM Cisco World · ‎06-15-2025

ip as-path access-list 20 deny _64601 +64601_

Try above

Update me

MHM

fcardoso · ‎06-16-2025

The expression currently denies all AS paths that contain AS 64601 anywhere in the path, even if it's not repeated. However, the intended behavior was to deny only the paths that include exactly 8 consecutive repetitions of AS 64601

Antonio

MHM Cisco World · ‎06-16-2025

^64601( /1){7}_

Or

_64601( /1){7}_

Check these two

Thanks

MHM

M02@rt37 · ‎06-16-2025

{n} seem to be not available on that platform...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.