[f-nsp] as-path acl and prepending occurrences

Adam Kujawski adamkuj at gmail.com
Thu Feb 19 14:14:18 EST 2009


On Thu, Feb 19, 2009 at 9:06 AM, Marcus Eide <marcus at conf.se> wrote:
> Hi,
> Because of the AS47868 (SuproNet) ~250 times as-path prepending issue, I
> want to limit my customers announced as-path occurrence (prepending) to
> some number by using curly brackets and specifying number of occurrences.
> E.g "ip as-path access-list as-cust-in permit ^(65000_){1-10}$" to limit 1
> to 10 occurrences of as 65000.
>
> But the 4.0 IronWare in my XMR complains about the syntax:
>
> telnet at r1(config)#ip as-path access-list as-cust-in seq 1 permit
> ^(65000_){1-10}$
> { not supported, use \{
> grammar failure
> telnet at r1(config)#
>
> Is it okay to escape the curly brackets or should I use another syntax?


I experienced the same issue on BigIron RX software, and found that
the regex didn't match anything if I escaped the curly brackets. On my
Cisco's, I have maxas-limit set to 24, but there is no maxas-limit
option in Foundry land. Due to the {} brackets not working, and a
limit of 128 characters for as-path access list entries, this is what
I came up with on the Foundry's:

ip as-path access-list MaxAS-Limit seq 10 deny
^[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+_[0-9]+
ip as-path access-list MaxAS-Limit seq 99 permit .*

The above only matches an AS path of 18 hops or longer. It's 127
characters long, just under the 128 character limit. I would prefer to
match paths lengths of 24+, but the above is the best I could come up
with on short order.

Cheers,
Adam


More information about the foundry-nsp mailing list