Re: bgp Regular Exp.

Anukalp S · ‎11-25-2019

Hi .. please help me to understand of below expression.

ip as-path access-list 135 permit ^(_65023)+$
match as-path 135

Does above expression show that only prefixes from 65023 will be accepted, if i have BGP prefixes like "65012 65012 65012 65012 65012 65023" so in this case will it match with above expression, please help.

Jaderson Pessoa · ‎11-25-2019

@Anukalp S Hello,

The final string “^[0-9]+$” is a little more complicated match. Immediately we can see that the string starts (“^”), and we can see later that it ends (“$”). In the middle we see a range of numbers 0-9 in brackets, followed by the plus sign. The numbers in brackets mean that any number from zero to nine can be matched, or in other words, any number. Next we have the plus sign which means one or more instances. This string “[0-9]+” therefore means one or more instance of any number, or in other words any number including numbers with multiple characters (i.e. 1, 12, 123, 1234, 12345678, etc.). When we combine these all together this string means routes originated in any directly connected single AS, or in other words, the routes directly originated by the peers of your AS.

look here more explanation: https://blog.ine.com/2008/01/06/understanding-bgp-regular-expressions

Jaderson Pessoa
*** Rate All Helpful Responses ***

Seb Rupik · ‎11-26-2019

Hi there,

The '^' symbol will match the start of the string.

The use of brackets indicate that the contents must match in that particular sequence.

The '_' will match a space, so the AS 965023 will not match, but only 65023 will. Arguably you should put an underscore at the end of the AS number you are trying to match, otherwise 650239 will match too!

The '+' means the contents of the brackets must much one or more times.

The '$' means match the end of the string. The means that the AS 65023 must be the rightmost number in the AS path to get a match if it follows immediately after the brackets.

So to match routes which originate from AS 65023 use:

_65023_$

...but if you want to match routes which originate and pass through AS 65023 use:

_65023_

Take a look here regarding the Cisco syntax, especially the underscore which is non-standard regex:

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-toc.html#asregexp

Play around with regex here:

https://regex101.com/

...the equivalent of _65023_ for the purposes of matching AS PATHs in standard regex would be:

(\s65023(\s|$))

...use this when playing with the above website.

cheers,

Seb.

Anukalp S · ‎11-26-2019

Hi Seb.. Thanks for helpful post, so just to clear..

could you please confirm on below example..

========================================

In below logs we see prefix 10.11.121.35/32 is being advertise , here Regex ^(_65023)+$ is configured so i think it is because prefix 10.11.121.35/32 is coming from only AS 65023 and matching Regex ^(_65023)+$

RR001#sh ip bgp 10.11.121.35/32

BGP routing table entry for 10.139.255.50/32, version 1097881

Paths: (1 available, best #1, table default, RIB-failure(17))

Advertised to update-groups:

12

Refresh Epoch 1

65023

10.40.8.224 (metric 131228) from 10.40.8.224 (10.13.255.5)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: 65023:2198 65023:65023

rx pathid: 0, tx pathid: 0x0

====================================

===============================================

And in below example prefix 10.13.225.49/32 is not being advertised, here also Regex ^(_65023)+$ is configured. is it because prefix 10.13.225.49/32 is having ASN 65012 65012 65012 65012 65012 65023 which is not matching with Regex ^(_65023)+$

Please confirm.

RR001#sh ip bgp 10.13.225.49/32

BGP routing table entry for 10.13.225.49/32, version 1463430

Paths: (1 available, best #1, table default, RIB-failure(17))

Not advertised to any peer

Refresh Epoch 1

65012 65012 65012 65012 65012 65023

10.40.8.224 (metric 131228) from 10.40.8.224 (10.13.255.5)

Origin IGP, metric 130816, localpref 100, valid, internal, best

Community: 65023:2990 65023:65023

rx pathid: 0, tx pathid: 0x0

=====================================================

Seb Rupik · ‎11-26-2019

Hello again,

Your assumptions are correct.

The regex ^(_65023)+$ essentially says that the first and last AS number in the path must be _65023. It will always match a single AS path of 65023.

The second AS path sequence has AS 65012 prepended five times, because your regex begins with '^' it will never match as the path does not start with 65023. Simply removing the '^' will allow the match.

cheers,

Seb.

Anukalp S · ‎11-28-2019

Hi Seb. Thanks for your valuable suggestion..one thing want to confirm if we can have two BGP regular expression under a access-list aspath like below this.

Please confirm if it is possible to use two BGP regex under a access-list on router.

ip as-path access-list 10

permit ^(_65023)+$

permit ^65012(_65012)+ 65023$

Seb Rupik · ‎11-28-2019

Yes the as-path ACL can have multiple entries which will be checked against until the implicit deny is reached at the end.

cheers,

Seb.