Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
27344
Views
20
Helpful
5
Replies

BGP Regular Expression AS Path Filter

Go to solution
andtran
Level 1
Level 1

‎12-29-2011 12:51 PM - edited ‎03-01-2019 02:31 PM

Please confirm the followings regular expression:

ip as-path access-list 10 permit ^100_200$

Only allow networks originated from AS 100, and AS 200 directly attached to AS100.

ip as-path access-list 10 permit ^100_200_300$

Only allow networks originated from AS 100, and AS 200, AS300 directly attached to AS100

Thanks,

Andrew Tran

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
rsimoni
Cisco Employee
Cisco Employee

‎01-11-2012 12:25 AM 

ip as-path access-list 10 permit ^100_200$
Only allow networks originated from AS 100, and AS 200 directly attached to AS100.

not really; this allows prefixes ORIGINATED in AS 200 and LEARNED from AS 100. AS 100 and 200 are indeed directly attached.

ip as-path access-list 10 permit ^100_200_300$




Only allow networks originated from AS 100, and AS 200, AS300 directly attached to AS100

allows prefixes ORIGINATED in AS 300 and LEARNED from AS 100. AS 300 is attached to AS 200 which is attached to AS 100.

regards,

Riccardo

View solution in original post

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to andtran

‎01-11-2012 10:30 AM

Andrew,

ip as-path access-list 10 permit ^100$
ip as-path access-list 10 permit ^200$
The above as-path allows prefixes ORIGINATED in AS 100 and AS 200. Please confirm.

not exactly; those as-path acl's will allow prefixes ORIGINATED and LEARNED from AS 100 and AS 200 respectively, meaning that AS 100 and AS 200 are directly connected to your router. So if those as-path are attached to a route-map of a bgp neighborship one of them will not make too much sense as you will be peering either with as 100 or with as 200, not with the 2 AS's at the same time.

If yoi want to allow prefixes ORIGINATED from a given AS without caring of how many transit AS there are between you and the originating AS you need the following:

ip as-path access-list 10 permit _100$

The _ character will match any alpha-numeric string before 100.

Please rate and close the quesion if helpful

Riccardo

View solution in original post

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to andtran

‎01-12-2012 04:07 AM

Andrew,

that should allow prefixes originated in any AS which are learned from (directly connected to) AS 100 and prefixes originated in AS 100. You need to test it out on a real router anyway as I think that you could also use for the goal above the following 

^100_[0-9]*_$

Please rate and close the question when done. I COUNT ON IT

Riccardo

View solution in original post

0 Helpful
5 Replies 5

Go to solution
rsimoni
Cisco Employee
Cisco Employee

‎01-11-2012 12:25 AM 

ip as-path access-list 10 permit ^100_200$
Only allow networks originated from AS 100, and AS 200 directly attached to AS100.

not really; this allows prefixes ORIGINATED in AS 200 and LEARNED from AS 100. AS 100 and 200 are indeed directly attached.

ip as-path access-list 10 permit ^100_200_300$




Only allow networks originated from AS 100, and AS 200, AS300 directly attached to AS100

allows prefixes ORIGINATED in AS 300 and LEARNED from AS 100. AS 300 is attached to AS 200 which is attached to AS 100.

regards,

Riccardo

Go to solution
andtran
Level 1
Level 1
In response to rsimoni

‎01-11-2012 09:31 AM

To reduce the BGP route table due to cpu/memory resources, I'd like to allow prefixes ORIGINATED in specific ASNs

ip as-path access-list 10 permit ^100$

ip as-path access-list 10 permit ^200$

The above as-path allows prefixes ORIGINATED in AS 100 and AS 200. Please confirm.

Thanks,

Andrew Tran

0 Helpful

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to andtran

‎01-11-2012 10:30 AM

Andrew,

ip as-path access-list 10 permit ^100$
ip as-path access-list 10 permit ^200$
The above as-path allows prefixes ORIGINATED in AS 100 and AS 200. Please confirm.

not exactly; those as-path acl's will allow prefixes ORIGINATED and LEARNED from AS 100 and AS 200 respectively, meaning that AS 100 and AS 200 are directly connected to your router. So if those as-path are attached to a route-map of a bgp neighborship one of them will not make too much sense as you will be peering either with as 100 or with as 200, not with the 2 AS's at the same time.

If yoi want to allow prefixes ORIGINATED from a given AS without caring of how many transit AS there are between you and the originating AS you need the following:

ip as-path access-list 10 permit _100$

The _ character will match any alpha-numeric string before 100.

Please rate and close the quesion if helpful

Riccardo

Go to solution
andtran
Level 1
Level 1
In response to rsimoni

‎01-11-2012 11:17 AM

Riccardo,

Very good info I am much appreciated. One last question about this regular expression.

ip as-path access-list 10 permit ^100_[0-9]*$

Please interpret it if you may.

Thanks,

Andrew Tran

0 Helpful

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to andtran

‎01-12-2012 04:07 AM

Andrew,

that should allow prefixes originated in any AS which are learned from (directly connected to) AS 100 and prefixes originated in AS 100. You need to test it out on a real router anyway as I think that you could also use for the goal above the following 

^100_[0-9]*_$

Please rate and close the question when done. I COUNT ON IT

Riccardo

0 Helpful
Customers Also Viewed These Support Documents