[c-nsp] cisco regex puzzle of the day

Jared Mauch jared at puck.Nether.net
Wed Mar 11 13:46:08 EDT 2015


	We've long had some feature requests open against JunOS for
as-path matching.  The challenges faced are they don't treat these
AS numbers as strings, and certainly not in the case of some elements
like a paren (confed) or { for AS_SET.

	In IOS-XR you can much more easily match against the origin-asn
in a policy as well which isn't quite as easy in other routing operating
systems.

	- Jared

On Wed, Mar 11, 2015 at 05:28:06PM +0000, Mack McBride wrote:
> There is no back tracking in the junos regex nor would backtracking really help.
> Doing this is complicated on cisco due to the lack of negating a full as.
> 
> However loop avoidance should prevent 64500 from occurring twice with an intervening AS.
> If you have turned off loop avoidance with allowas-in then you have a lot
> More complexity to worry about.
> 
> I haven't tested this but it should work:
> 
> (65400_)+([1-57-9][0-9]*_|6[01-35-9][0-9]*_|64[01-46-9][0-9]*_|645[1-9][0-9]*_|6450[1-9][0-9]*_|64500[0-9]+_)+
> 
> Mack McBride | Network Architect | ViaWest, Inc.
> O: 720.891.2502 | mack.mcbride at viawest.com | www.viawest.com | LinkedIn | Twitter | YouTube
> 
> 
> 
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Saku Ytti
> Sent: Wednesday, March 11, 2015 10:38 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] cisco regex puzzle of the day
> 
> On (2015-03-10 20:29 +0100), Job Snijders wrote:
> 
> >     "^64500+ [^64500]"
> >
> > This junos beauty will match for example: "64500 64500 123 123 444",
> > but not "64500 64500" or "64500".
> >
> > Can any of you come up with a single line regex that works on IOS or
> > XR
> > (ios-regex) to mimick the above described behaviour?
> 
> Follow-up question. Is there use-case for regular expression backtracking in AS_PATH?
> It would be simpler to implement without backtracking and it would fix this specific use-case, as simple '(64500_)+.+' would work. But perhaps it's still stupid idea, perhaps it'll break lot of really common use-cases.
> 
> --
>   ++ytti
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list