[j-nsp] Help with BGP as-path regex

Andy Litzinger andy.litzinger.lists at gmail.com
Fri Sep 13 14:28:18 EDT 2019 

Hi Alex,
  That looks like what I want, thanks!

Here's a brief test I tried:

Policy definitions:

as-path 3257_originate "^3257+.*";

policy-statement as_3257_import {
    term gtt {
        from {
            protocol bgp;
            as-path 3257_originate;
        }
        then accept;
    }
    term reject-all {
        then reject;
    }
}


policy-statement as_3257_import-test {
    term gtt {
        from {
            protocol bgp;
            as-path 3257_originate;
            as-path-unique-count 2 orlower;
        }
        then accept;
    }
    term reject-all {
        then reject;
    }
}


This route has 3 unique AS hops and includes prepending, it should pass the
as_3257_import policy, but fail the as_3257_import-test policy

# run show route 1.32.208.0/24

inet.0: 760463 destinations, 1010435 routes (760460 active, 2 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

1.32.208.0/24      *[BGP/170] 1d 19:59:15, MED 1347, localpref 100
                      AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified

As expected, the route passes as_3257_import policy test.  This policy is
not using the as-path-unique-count configuration knob:

# run test policy as_3257_import 1.32.208.0/24


inet.0: 760502 destinations, 1010269 routes (760495 active, 6 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

1.32.208.0/24      *[BGP/170] 1d 20:02:52, MED 1347, localpref 100
                      AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified

Policy as_3257_import: 1 prefix accepted, 0 prefix rejected

As expected, the same route fails the test using the policy that includes
the as-path-unique-count knob with value 2 orlower. The route has too many
unique AS hops:

# run test policy as_3257_import-test 1.32.208.0/24

Policy as_3257_import-test: 0 prefix accepted, 1 prefix rejected

Now we update unique count to 3:

policy-statement as_3257_import-test {
    term gtt {
        from {
            protocol bgp;
            as-path 3257_originate;
            as-path-unique-count 3 orlower;
        }
        then accept;
    }
    term reject-all {
        then reject;
    }
}


Now the test policy succeeds as expected:

# run test policy as_3257_import-test 1.32.208.0/24

inet.0: 760500 destinations, 1010273 routes (760405 active, 94 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

1.32.208.0/24      *[BGP/170] 1d 20:03:02, MED 1347, localpref 100
                      AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified

Policy as_3257_import-test: 1 prefix accepted, 0 prefix rejected

kind regards,
 -andy

On Thu, Sep 12, 2019 at 9:20 PM Alexander Arseniev <arseniev at btinternet.com>
wrote:

> Hello,
>
> Does this help?
>
>
> https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/16.1/m-mx-t-series-toc.html
> <https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/16.1/m-mx-t-series-toc.html#jd0e11155>
>
> Support for unique AS path count ( MX Series)—Starting with Junos OS
> Release 16.1R4, you can configure a routing policy to determine the number
> of unique autonomous systems (ASs) present in the AS path. The unique AS
> path count helps determine whether a given AS is present in the AS path
> multiple times, typically as prepended ASs. In earlier Junos releases it
> was not possible to implement this counting behavior using the as-path regular
> expression policy. This feature permits the user to configure a policy
> based on the number of AS hops between the route originator and receiver.
> This feature ignores ASs in the as-path that are confederation ASs, such
> as confed_seq and confed_set.
>
> To configure AS path count, include the as-path-unique-count count (equal
> | orhigher | orlower) configuration statement at the [edit policy-options
> policy-statement policy_name from] hierarchy level.
>
>
> Thanks
>
> Alex
>
>
> On 13/09/2019 00:18, Andy Litzinger wrote:
>
> Hi All,
>   I thought this would be in a cookbook somewhere but I can't find it.  Is
> there a way to write an as-path regex so it will match a providers ASN
> (e.g. 1234) one or more times and then 1 or 2 more ASNs zero or more
> times?  I'm hoping to be able to account for AS prepending.
>
> I'm an Enterprise network and one of my upstream ISPs is sending me full
> routes + default.  I want to filter the routes down to networks that are
> directly connected or at most 2 hops away from my ISP, but also allow for
> AS prepending.  It's the prepending that is tripping me up or else I think
> this would suffice:  "^1234+ .{0,2}"
>
> I think with cisco you can do this with backreferences, but Junos doesn't
> seem to support those.
>
> TIA,
>  -andy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.nethttps://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list