You can use regular expressions in the ip as-path access-list command with Border Gateway Protocol (BGP). This document describes scenarios for using regular expressions.
The following network diagram is referred to in these three scenarios.
If you would like for Router 1 to receive only the routes originated from AS 4 (and no Internet routes), you can apply an inbound access list on Router 1 as follows:
ip as-path access-list 1 permit ^4$
router bgp 1
neighbor 4.4.4.4 remote-as 4
neighbor 4.4.4.4 route-map foo in
route-map foo permit 10
match as-path 1
This ensures only networks originated from AS 4 are allowed into Router 1.
If you want only the networks that have passed through AS 4 to enter AS 3 from Router 3, you can apply an inbound filter on Router 3.
ip as-path access-list 1 permit _4_
router bgp 3
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 route-map foo in
route-map foo permit 10
match as-path 1
You can use an underscore (_) as the input string and output string in the ip as-path access-list command. Note that in this example anchoring (for instance, there is no ^) is not used, so it does not matter what autonomous systems come before and after AS 4.
If you want to deny all the networks that have originated in AS 4 and permit all other routes to enter AS 3 from Router 3, you can apply an inbound filter at Router 3, as follows:
ip as-path access-list 1 deny _4$
ip as-path access-list 1 permit .*
router bgp 3
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 route-map foo in
route-map foo permit 10
match as-path 1
If you want AS 1 to get networks originated from AS 4 and all directly attached ASs of AS 4, apply the following inbound filter on Router 1.
ip as-path access-list 1 permit ^4_[0-9]*$
router bgp 1
neighbor 4.4.4.4 remote-as 4
neighbor 4.4.4.4 route-map foo in
route-map foo permit 10
match as-path 1
In the ip as-path access-list command, the carat (^) starts the input string and designates "AS". The underscore (_) means there is a a null string in the string that follows "AS 4". The [0-9]* specifies that any connected AS with a valid AS number can pass the filter. The advantage of using the [0-9]* syntax is that it gives you the flexibility to add any number of ASs without modifying this command string.
No comments:
Post a Comment