[j-nsp] Back-reference in JunOS regular expressions
Michael Hallgren
m.hallgren at free.fr
Thu Jul 14 04:33:24 EDT 2011
Le jeudi 14 juillet 2011 à 00:00 -0700, Jonathan Lassoff a écrit :
> On Wed, Jul 13, 2011 at 11:02 PM, Michael Hallgren <m.hallgren at free.fr> wrote:
> > Le mercredi 13 juillet 2011 à 18:25 +0200, Daniel Verlouw a écrit :
> >> see
> >> <https://puck.nether.net/pipermail/juniper-nsp/2010-July/017473.html>
> >>
> >> Not supported. I requested an ER back then, don't think it ever got
> >> implemented...
> >
> > Thanks Daniel, I'll do the same then... Must be considered pretty basic
> > from a regexp point of view, I think. Right? :)
>
> From a user and standardization perspective, they seem pretty simple,
> but are actually difficult to implement very efficiently since the
> time it takes to do the search is non-deterministic.
Yes, I'm aware of the theoretical and the implementation sides of these
things. To be more precise, I should rather have said "basic from a
functional point of view in this AS_PATH context".
>
> Here's a nice accessible write-up about DFA vs NFA regex engines that
> touches on this: http://swtch.com/~rsc/regexp/regexp1.html
I good article. Thanks.
>
> Honestly, what's the use case of a backreference for an AS path? It
> seems like BGP loop detection would never allow a path like "A X X A",
> in which case if it's just used to search for repetition (as mentioned
> above), why not just use the "+" and "*" operators? e.g. "^(701 )+"
>
For one, you may want to enforce closest exit with a peer by assigning a
common (higher) local preference to A, A A, A A A, etc. To catch any A
with a single policy definition, you may want to filter what you import
by (.)( \1)*$. If '\1' not available, you would have to define a
specific filter for each (session with) A.
(Yes, I know, this should not be needed in theory, because of peering
agreements. But the world is not always perfect... And, yes, I agree,
it's a question of choice: feature versus additional complexity...)
> Cheers,
> jof
Cheers
mh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110714/42077938/attachment.pgp>
More information about the juniper-nsp
mailing list