Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
BGP Regex to customers

BGP Regex to customers

Created: Jan 15, 2021 20:20:13Latest reply: Feb 7, 2021 13:25:26 650 10 0 0 0
  Rewarded HiCoins: 5 (problem resolved)
View the author 1#

Hi,


I read the article about the regex resource in Huawei, but I didn't find how to accomplish this:


I would like to control incoming prefixes from MyCustomer by regex:


Example of AS-Paths:


MyAS = 300 > MyCustomer AS = 500 > Customer of MyCustomer AS = 700 >> 300,500,700

MyAS = 300 > MyCustomer AS = 500 > Customer of MyCustomer AS = 900 >> 300,500,900


I've tried to match those AS-Paths against those regexs in https://regexr.com/, but they didn't match:


^(500_)*((_700)*|(_900)*)$


^(_500_)*((_700_)*|(_900_)*)$


^(500_)+((_700)+|(_900)+)$


My aim is to allow prepends in any of AS500, AS700 or AS900 (* or +) and make it restrict to only these sequences.


bgpregexas-path

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Unable to start network devices on ENSP
Next: What problems may be bidirectional route import bring and how can these problems be resolved
Featured Answers

Best answer

(0) (0)
chenhui
Admin Created Jan 17, 2021 01:32:38

Posted by ptomasi at 2021-01-16 14:30 Hi,I mean to allow any combination of the AS inside parentheses (capture group) to use prepends ( + ...
Yes, the regex could match your requirement. But you should modify the regex as below:
^(500_)+((700_)*|(900_)*)$
View more
  • x
  • convention:

Recommended answer

(0) (0)
Herediano
Created Jan 15, 2021 23:12:03

Hi,

What you need to match if you're talking about incoming prefixes then is "MyCustomer AS" & "Customer of MyCustomer AS". "MyAS" will only be seen once the prefixes leaves your AS to an upstream router.

For your scenery you can use the following Regex if the routes are only generated in AS 700|900:
1. Inbound MyCustomer AS = 500 > Customer of MyCustomer AS = 700 >> 500,700
^500_700+
2. Inbound MyCustomer AS = 500 > Customer of MyCustomer AS = 900 >> 500,900
^500_900+

You can test it using eNSP or routeviews:
http://routeviews.org/
Use the following command to test it:
show ip bgp regexp ^1221_38803+

Hope it helps!
View more
  • x
  • convention:
All Answers
(0) (0)
2#
Gustavo.HdezF
Gustavo.HdezF Admin Created Jan 15, 2021 20:28:13

Hello User. we are reviewing your question and we will answer you shortly. Thanks.
View more
  • x
  • convention:
(0) (0)
3#
Herediano
Herediano Created Jan 15, 2021 23:12:03

Hi,

What you need to match if you're talking about incoming prefixes then is "MyCustomer AS" & "Customer of MyCustomer AS". "MyAS" will only be seen once the prefixes leaves your AS to an upstream router.

For your scenery you can use the following Regex if the routes are only generated in AS 700|900:
1. Inbound MyCustomer AS = 500 > Customer of MyCustomer AS = 700 >> 500,700
^500_700+
2. Inbound MyCustomer AS = 500 > Customer of MyCustomer AS = 900 >> 500,900
^500_900+

You can test it using eNSP or routeviews:
http://routeviews.org/
Use the following command to test it:
show ip bgp regexp ^1221_38803+

Hope it helps!
View more
  • x
  • convention:
(0) (0)
4#
ptomasi
ptomasi Created Jan 15, 2021 23:49:58

Thanks @Herediano

You're right, AS300 will not be involved in this scenario, I complicated the scenario quoting it

As you said, the input filter is going to analyse only the Customer AS-Path (AS500) and Customers of Customer (AS700 or AS900)


I tough about this regex:

^(500)+((700)*|(900)*)$

Now I need to test if it will match some possibilities:

* Customer AS500 prefixes only (with prepends or not);
* Customer AS500 prefixes (with prepend or not) plus AS700 prefixes (with prepends or not)
* Customer AS500 prefixes (with prepend or not) plus AS900 prefixes (with prepends or not)

The next step is to test the underscore/underline wildcard placing to match all these situations
View more
  • x
  • convention:
(0) (0)
5#
chenhui
chenhui Admin Created Jan 16, 2021 02:21:03

Posted by ptomasi at 2021-01-15 23:49 Thanks @Herediano You're right, AS300 will not be involved in this scenario, I complicated the scena ...
Hi,
The regex ^(500)+((700)*|(900)*)$ will match AS number sequence below:
500[500 500 ......][any other AS sequences][[700 700 700 ......][900 900 900 ......]]
I'm not sure what you mean 'with prepends or not'. Can you explain that?
View more
  • x
  • convention:
(0) (0)
6#
ptomasi
ptomasi Created Jan 16, 2021 14:30:07

Hi,

I mean to allow any combination of the AS inside parentheses (capture group) to use prepends ( + = one or more) ( * = zero or more)

Examples:

500
500,500,500,500

500,500,500,700
500,500,700,700

500,900,900,900
500,500,500,900
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Jan 17, 2021 01:32:38

Posted by ptomasi at 2021-01-16 14:30 Hi,I mean to allow any combination of the AS inside parentheses (capture group) to use prepends ( + ...
Yes, the regex could match your requirement. But you should modify the regex as below:
^(500_)+((700_)*|(900_)*)$
View more
  • x
  • convention:
(1) (0)
8#
ptomasi
ptomasi Created Jan 19, 2021 02:41:06

Hi,


I made a lab to test this scenario. I tried the following:


bgp

On R1:

#

sysname R1

#

bgp 300

 router-id 1.1.1.1

 peer 10.1.2.2 as-number 500

 peer 10.1.2.2 description R2

 peer 10.1.2.2 password simple 1122

 #

 ipv4-family unicast

  undo synchronization

  import-route direct

  peer 10.1.2.2 enable

  peer 10.1.2.2 route-policy AS500-IN import

#

route-policy AS500-IN permit node 10

 if-match as-path-filter AS500-IN

#

ip as-path-filter AS500-IN permit ^(500_)+((700_)*|(900_)*)$


--------------------------------------------------------------------------------


Another format I tried (multiples regex):

#

ip as-path-filter AS500-IN permit ^(500_)+$

ip as-path-filter AS500-IN permit ^(500_)+(700_)+$

ip as-path-filter AS500-IN permit ^(500_)+(900_)+$

#


All of them were accepted in both formats:


500

500 700

500 900


--------------------------------------------------------------------------------


Then, I made a new test, to block AS900, and intentionally changed AS900 to AS800 on as-path-filter: 


#

ip as-path-filter AS500-IN permit ^(500_)+((700_)*|(800_)*)$

#


After that, success! only AS500 and AS700 (even with prepends) were accepted by filter and AS900 was dropped:


 Total Number of Routes: 13

      Network              NextHop        MED        LocPrf    PrefVal Path/Ogn


 *>   1.1.1.1/32            0.0.0.0         0                     0      ?

 *>   1.11.11.11/32        0.0.0.0         0                     0      ?

 *>   2.2.2.2/32          10.1.2.2        0                     0      500 500 500 500?

 *>   2.22.22.22/32    10.1.2.2        0                     0      500 500 500 500?

 *>   3.3.3.3/32          10.1.2.2                              0      500 500 500 500 700 700 700 700 700?

 *>   3.33.33.33/32    10.1.2.2                              0      500 500 500 500 700 700 700 700 700?

 *>   10.1.2.0/30         0.0.0.0         0                     0      ?

                                  10.1.2.2        0                     0      500 500 500 500?

 *>   10.1.2.1/32          0.0.0.0         0                     0      ?

 *>   10.2.3.0/30         10.1.2.2        0                     0      500 500 500 500?

 *>   10.2.4.0/30         10.1.2.2        0                     0      500 500 500 500?

 *>   127.0.0.0             0.0.0.0         0                     0      ?

 *>   127.0.0.1/32        0.0.0.0         0                     0      ?


View more
  • x
  • convention:
(0) (0)
9#
user_4123895
user_4123895 Created Feb 7, 2021 10:09:19

Thanks
View more
  • x
  • convention:
(0) (0)
10#
JOSEFRR
JOSEFRR Created Feb 7, 2021 13:25:26

Thanks for sharing
View more
  • x
  • convention:

BAZ
BAZ Created Feb 17, 2021 17:49:25 (0) (0)
Very Helpful  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.