[nsp] regexp help!!

Iva Cabric ivac+cisco-nsp at mail.iskon.hr
Wed Feb 5 12:42:48 EST 2003


On Wed, Feb 05, 2003 at 05:46:45PM +0800, Nick Kraal wrote:
> I am having slight trouble with some regular expresions to filter as_path
> announcements to a transit customer.
> 
> AS1++++AS2-----AS3++++AS5
>         +       |
>         +       |
>        AS4 -----
> 
> +++ Transit link
> ----  Peering link

Please, use fixed width fonts when drawing in ASCII...

> AS2 is providing transit services to AS1. AS4 is providing transit services
> to AS2. The link between AS2 and AS3 is a peering link. How does AS2
> announce/filter annoucements to AS1 to only allow entries to AS3 (and to
> customers like AS5) via AS4 and none via the peering link. AS4 announces all
> AS3 and their customers (eg. AS5) prefixes to AS2.

Use regexp like this:

! permit everything that goes through AS4
permit ^4_.*$
! deny all prefixes which are learned from AS3
deny ^3_.*$
! deny prefixes from AS3 itself
deny ^3$

> We have made the following route-map at AS2:
> ---------------------------
> route-map AS1-FILTER-OUT deny 10
>  match as-path 1
> !
> route-map AS1-FILTER-OUT permit 20
> !
> ip as-path access-list 1 permit ^1$
> ----------------------------
> and from:
>     sh ip bgp neighbors <AS1 BGP peer IP address> advertised-routes |
> include 3
> 
> This shows the following
> AS3_AS5
> AS4_AS3_AS5
> 
> What I am trying to achieve on BGP announcements from AS2 to AS1 is AS3
> annoucement reachability:
> AS4_AS3
> AS4_AS3_AS5

That would be something like this:

!
ip as-path access-list 1 permit ^1$
ip as-path access-list 1 permit ^4_.*$
ip as-path access-list 1 deny ^3_.*$
ip as-path access-list 1 deny ^3$
!
route-map AS1-FILTER-OUT deny 10
 match as-path 1
route-map AS1-FILTER-OUT permit 20
!



More information about the cisco-nsp mailing list