The Journey of a Network Engineer

Dec 16 2010   4:46AM GMT

How to manipulate BGP Routes – part 2



Posted by: Sulaiman Syed
Tags:
CCNP
Cisco
filter-list
map
regex
route
router

As discussed earlier, BPG mainly uses 4 variations to manipulate the routes

  • neighbor distribute-list (standard ACL / extended ACL)
  • neighbor prefix-list
  • neighbor filter-list
  • neighbor route-map

The first two methods were explained in earlier entry. In this entry, I would explain how to use filter-list, and when they should be used.

filter-list is a strong tool to manipulate the routing table, which indirectly will manipulate the routes packet will travel to reach their destinations.

When the goal of the policy is to filter routes based on matching with the AS_PATH filter then filter-list will be used. filter-list will filter BGP updates by matching the AS_PATH PA. The syntax for the filter-list as follows

ip as-path access-list number {permit | deny} regex

neighbor neighbor-id filter-list as-path-filter-number {in | out}

regex are the conditions that are used to match the AS_PATH segments. AS_PATH have four major segments. which are:

  • AS_SEQUENCE: Which is an ordered list of ASNs through which the route has been advertised. Delimiters between ASN is space, and there is no character enclosing the segment.
  • AS_SET: Which is an umordered list of ASNs through which the route has been advertised. Delimiters between ASN is comma, and there is { } character enclosing the segment. (usually used when a router summarizes a route)
  • AS_CONFED_SEQ: similar to AS_SEQ, but holds confederation ASNs only. Delimiters between ASN is space, and there is ( ) character enclosing the segment.
  • AS_CONFED_SET: similar to AS_SET, but hold confederation ASNs only. Delimiters between ASN is comma, and there is { } character enclosing the segment.

The following line is an example of AS_CONFED_ST, AS_SEQ, and AS_SET.

*>20.0.0.0/8         10.20.14.50               0              100            0  (111) 4 {1, 404, 200} i

the regex that will match the conditions are kinda tricky and confusing. I think the only way to master them is to practice them, practice making conditions with them. here are the list that explain them in nutshells.

  • ^: start of the line
  • $: end of line
  • |: logical OR applied between the characters.
  • _: any delimiter: black, comma, start of line, or end of line.
  • .: any single character
  • ?: Zero or one instances of the preceding character
  • *: Zero or more instances of the preceding character
  • +: one or more instances of the preceding character
  • (string): Parenthesis combine enclosed string character as a single entity when used with ?,*, or +
  • [string]: creates a wild card in which any single character in the string can be used to match that position in the AS_PATH

Brian did a good job explaining the regex in his blog. Please refer it to get more examples and how to use these expressions to match AS_PATH segments.

an example of regex that is used in access list 10.

ip as-path access-list 10 deny ^1_.*_.*_.*_44$ – this will filter routes whose ASN begins with AS 1, has three additional ASNs or any value, and ends with ASN 44.

I would say that practicing these regex is very important, without it route filtering can take unpredictable and undesirable path.

Our next entry will be about the use of route-maps to filter routes.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: