Got it

Routing Policy Configuration - AS_Path Filter Applications in BGP

Latest reply: Aug 10, 2021 18:19:33 345 28 20 0 2

OVERVIEW


The AS_Path attribute is an ordered list of all the ASs that a route passes through from the source to the destination. In Figure 1, the AS_Path attribute of a BGP route can be considered as a string containing spaces and can be used to match routes through a regular expression.


01

Figure 1 - AS_Path attributes of BGP routes 


A regular expression is a string that describes a characteristic and verifies whether another string conforms to this characteristic. The AS_Path filter of BGP defines an AS_Path regular expression to match AS_Path attributes of BGP routes for filtering BGP routing information.


For example, ip as-path-filter 1 permit 495 defines an AS_Path filter 1 and a regular expression 495, indicating that any string containing 495 can be matched.


AS_PATH REGULAR EXPRESSIONS


The core of an AS_Path filter is a regular expression. The content of a regular expression is complex. The following describes the AS_Path filter.


An AS_Path filter uses a regular expression to define matching rules. A regular expression consists of the following parts:


  • Metacharacter: defines matching rules.


  • General character: defines matching objects.


Table 1 lists metacharacters supported by BGP AS_Path regular expressions.


Metacharacter DescriptionExample
.Matches AS_Paths with any single character except "\n", including spaces.

.* matches any AS_Path or route.


NOTE:

If you have defined multiple ip as-path-filter clauses in deny mode, run the ip as-path-filter as-path-filter-name permit .* command to permit other routes.

*Matches AS_Paths with 0 or more sequences of the character before the asterisk "*".See the preceding example.
+Matches AS_Paths with 1 or more sequences of the character before the plus "+".

65+ matches AS_Paths that begin with 6 and include one 5 or consecutive 5s.


  • AS_Path examples that 65+ matches: 65, 655, 6559, 65259, and 65529


  • AS_Path examples that 65+ does not match: 56, 556, 5669, 55269, and 56259

|Matches any AS_Path with characters on either side of the vertical bar "|".100|65002|65003 matches 100, 65002, or 65003.
^Matches AS_Paths beginning with the characters that follow the caret "^".

^65 matches AS_Paths beginning with 65.


  • AS_Path examples that ^65 matches: 65, 651, 6501, and 65001


  • AS_Path examples that ^65 does not match: 165, 1650, 6650, and 60065

$Matches AS_Paths ending with the characters before the dollar sign "$".

65$ matches AS_Paths ending with 65.


  • AS_Path examples that 65$ matches: 65, 165, 1065, 10065, and 60065


  • AS_Path examples that 65$ does not match: 651, 1650, 6650, 60650, and 65001


NOTE:

^$ matches null character strings (null AS_Path) and can be used to match the locally originated routes.


(xyz)Defines a subexpression, which can be null. Both the expression and the subexpression should be matched.100(200)+ matches "100200" and "100200200".
[xyz]Matches AS_Paths with any character in the brackets "[ ]".[896] matches AS_Paths with 8, 9, or 6.
[^xyz]Matches AS_Paths with any character except those in the brackets "[ ]".[^896] matches AS_Paths with any character except 8, 9, and 6.
[a-z]Matches AS_Paths with any character within the range specified in the brackets "[ ]".

[2-4] matches 2, 3, and 4, and [0-9] matches numbers 0 to 9.

NOTE:

The characters in the brackets "[ ]" can only be numbers 0 to 9. To match AS_Paths within the range of 735 to 907, use (73[5-9]|7[4-9][0-9]|8[0-9][0-9]|90[0-7]).

[^a-z]Matches AS_Paths without any character within the range specified in the brackets "[ ]".[^2-4] matches AS_Paths without 2, 3, or 4, and [^0-9] matches AS_Paths without numbers 0 to 9.
_Matches AS_Paths with a sign, such as a comma ",", left brace "{", right brace "}", left parenthesis "(", right parenthesis ")", or space. The underscore "_" can be used at the beginning of a regular expression with the same function as the caret "^" or at the end of a regular expression with the same function as the dollar sign "$".
  • ^65001_ matches AS_Paths that begin with 65001 followed by a sign. Specifically, ^65001_ matches AS_Paths with 65001 as the leftmost AS number (the number of the last AS through which a route passes) or the routes sent by peers in AS 65001.


  • _65001_ matches AS_Paths with 65001 or matches routes that pass through AS 65001.


  • _65001$ matches AS_Paths that end with a sign followed by 65001. Specifically, _65001$ matches AS_Paths with 65001 as the rightmost AS number (the number of the first AS through which a route passes) or matches the routes that are originated in AS 65001.

\Indicates an escape character.

A backslash "\" is used to disable special functions of signs in regular expressions, such as the left parenthesis "(" and right parenthesis ")" in an AS_Confed_Sequence, the left bracket "[" and right bracket "]" in an AS_Confed_Set, and the left brace "{" and right brace "}" in an AS_Set.


  • \(65002_ matches AS_Confed_Sequences that begin with (65002 followed by a sign. Specifically, \(65002_ matches AS_Confed_Sequences with 65002 as the leftmost AS number (the number of the last AS through which a route passes) or matches the routes sent by peers in AS 65002.


  • \(.*_65003_.*\) matches AS_Confed_Sequences with 65003 or matches the routes that pass through AS 65003.


  1. _65004\) matches AS_Confed_Sequences that end with a sign followed by 65004). Specifically, _65004\) matches AS_Confed_Sequences with 65004 as the rightmost AS number (the number of the first AS through which a route passes) or matches the routes that are originated in AS 65004. _65004\) and 65004\) have the same function.

Table 1 - Metacharacters supported by BGP AS_Path regular expressions


Multiple rules (permit or deny) can be specified in an AS_Path filter. The relationship between theses rules is "OR", which means that if a route meets one of the matching rules, the route matches the AS_Path filter. The following demonstrates the functions of AS_Path filters in different scenarios.


APPLICATIONS


The AS_Path filter defines only a filtering tool, which takes effect only after being invoked. Two methods are available in BGP to invoke the AS_Path filter:


  • Use the peer command.


  • Use a route-policy.


Method 1: Invoke the AS_Path filter using the peer command.


#
ip as-path-filter s1 permit ^100$
#
bgp 65100
 peer 10.1.1.2 as-path-filter s1 import
#


In method 1, an AS_Path filter s1 is defined and associated with a regular expression ^100$. This AS_Path filter can match routes carrying the AS_Path attribute 100 (this attribute contains only the AS number 100) and is applied in the peer command. In this situation, only the routes that match AS_Path filter s1 can be advertised to the BGP peer 10.1.1.2.


Method 2: Invoke the AS_Path filter using a route-policy.


#
ip as-path-filter s1 permit ^100$
#
route-policy huawei permit node 10
if-match as-path-filter s1
apply local-preference 100
#
bgp 65100
 peer 10.1.1.2 route-policy huawei import
#


In method 2, a defined AS_Path filter s1 is invoked in the if-match command in a route-policy, and then the Local-Preference attribute is set using the apply command and applied in the peer command (in the import direction) in BGP configuration mode. In this situation, among the BGP routes received from the BGP peer 10.1.1.2, all the routes that match the AS_Path filter s1 have their LP path attributes set to 100.


AS_PATH FILTER EXAMPLES


In Figure 2, an EBGP peer relationship is established between LSW1 and LSW2, between LSW1 and LSW3, between LSW2 and LSW3, between LSW2 and LSW4, between LSW3 and LSW4, and between LSW4 and LSW5. Each device uses the network command to advertise IP addresses of LoopBack0 into BGP and filter these routes.


02


Figure 2 - Using an AS_Path filter to filter BGP routes


If no AS_Path filter is used, the original BGP routing table of LSW1 is as follows:


[LSW1] display  bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 9
     Network        NextHop        MED    LocPrf  PrefVal Path/Ogn

*>   1.1.1.9/32     0.0.0.0         0                 0       i
*>   2.2.2.9/32     10.1.1.2        0                 0       65200i
*                   10.1.2.2                          0       65300 65200i
*>   3.3.3.9/32     10.1.2.2        0                 0       65300i
*                   10.1.1.2                          0       65200 65300i
*>   4.4.4.9/32     10.1.1.2                          0       65200 65400i
*                   10.1.2.2                          0       65300 65400i
*>   5.5.5.9/32     10.1.1.2                          0       65200 65400 65500i
*                   10.1.2.2                          0       65300 65400 65500i


Case 1: Define an AS_Path filter s1 to receive only the routes originated in AS65500.


[LSW1] ip as-path-filter s1 permit _65500$          //Define an AS_Path filter s1.
[LSW1] bgp 65100
[LSW1-bgp] ipv4-family unicast
[LSW1-bgp-af-ipv4] peer 10.1.1.2 as-path-filter s1 import //Invoke the AS_Path filter s1 using the peer
[LSW1-bgp-af-ipv4] peer 10.1.2.2 as-path-filter s1 import   command.


After the preceding configurations are complete, the BGP routing table is as follows:


[LSW1] display bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 3
     Network        NextHop       MED    LocPrf    PrefVal Path/Ogn

*>   1.1.1.9/32     0.0.0.0        0                  0        i
*>   5.5.5.9/32     10.1.1.2                          0       65200 65400 65500i
*                   10.1.2.2                          0       65300 65400 65500i


The preceding command output shows that the routes originated in AS65500 are permitted and other routes are denied.


Case 2: Define an AS_Path filter s2 to deny the routes originated in AS65500 and permit other routes.


[LSW1] ip as-path-filter s2 deny _65500$
[LSW1] ip as-path-filter s2 permit .*
[LSW1] bgp 65100
[LSW1-bgp] ipv4-family unicast
[LSW1-bgp-af-ipv4] peer 10.1.1.2 as-path-filter s2 import
[LSW1-bgp-af-ipv4] peer 10.1.2.2 as-path-filter s2 import


After the preceding configurations are complete, the BGP routing table is as follows:


[LSW1] display bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 7
     Network        NextHop        MED    LocPrf   PrefVal  Path/Ogn

*>   1.1.1.9/32     0.0.0.0         0                 0       i
*>   2.2.2.9/32     10.1.1.2        0                 0       65200i
*                   10.1.2.2                          0       65300 65200i
*>   3.3.3.9/32     10.1.2.2        0                 0       65300i
*                   10.1.1.2                          0       65200 65300i
*>   4.4.4.9/32     10.1.1.2                          0       65200 65400i
*                   10.1.2.2                          0       65300 65400i


The preceding command output shows that the routes originated in AS65500 are denied and other routes are permitted.


Case 3: Define an AS_Path filter s3 to deny the routes that pass through AS65400.


[LSW1] ip as-path-filter s3 deny _65400_
[LSW1] ip as-path-filter s3 permit .*
[LSW1] bgp 65100
[LSW1-bgp] ipv4-family unicast
[LSW1-bgp-af-ipv4] peer 10.1.1.2 as-path-filter s3 import
[LSW1-bgp-af-ipv4] peer 10.1.2.2 as-path-filter s3 import


After the preceding configurations are complete, the BGP routing table is as follows:


[LSW1] display bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 5
     Network        NextHop        MED    LocPrf   PrefVal  Path/Ogn

*>   1.1.1.9/32     0.0.0.0         0                 0       i
*>   2.2.2.9/32     10.1.1.2        0                 0       65200i
*                   10.1.2.2                          0       65300 65200i
*>   3.3.3.9/32     10.1.2.2        0                 0       65300i
*                   10.1.1.2                          0       65200 65300i


The preceding command output shows that the routes that pass through AS65400 are denied and other routes are permitted.


Case 4: Define an AS_Path filter s4 to deny the routes that pass through AS65400. AS65400 is not the first or last AS that routes pass through.


[LSW1] ip as-path-filter s4 deny ._65400_.
[LSW1] ip as-path-filter s4 permit .*
[LSW1] bgp 65100
[LSW1-bgp] ipv4-family unicast
[LSW1-bgp-af-ipv4] peer 10.1.1.2 as-path-filter s4 import
[LSW1-bgp-af-ipv4] peer 10.1.2.2 as-path-filter s4 import


After the preceding configurations are complete, the BGP routing table is as follows:


[LSW1] display bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 7
     Network        NextHop        MED    LocPrf   PrefVal  Path/Ogn

*>   1.1.1.9/32     0.0.0.0         0                 0       i
*>   2.2.2.9/32     10.1.1.2        0                 0       65200i
*                   10.1.2.2                          0       65300 65200i
*>   3.3.3.9/32     10.1.2.2        0                 0       65300i
*                   10.1.1.2                          0       65200 65300i
*>   4.4.4.9/32     10.1.1.2                          0       65200 65400i
*                   10.1.2.2                          0       65300 65400i


The preceding command output shows that the routes carrying the AS_Path attribute in which AS65400 is neither the first nor last AS number are denied and other routes are permitted.


Case 5: Define an AS_Path filter s5 to permit locally originated routes and deny routes of other ASs.


[LSW1] ip as-path-filter s5 permit ^$
[LSW1] bgp 65100
[LSW1-bgp] ipv4-family unicast
[LSW1-bgp-af-ipv4] peer 10.1.1.2 as-path-filter s5 import
[LSW1-bgp-af-ipv4] peer 10.1.2.2 as-path-filter s5 import


After the preceding configurations are complete, the BGP routing table is as follows:


[LSW1] display bgp routing-table

BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete


Total Number of Routes: 1
     Network        NextHop        MED    LocPrf    PrefVal Path/Ogn

*>   1.1.1.9/32     0.0.0.0         0                 0             i


The preceding command output shows that only locally originated routes with empty AS_Path attribute are permitted and other routes are denied.



Reference:


support.huawei.com

  • x
  • convention:

Vlada85
MVE Author Created Jul 28, 2021 19:22:24

Very good!
View more
  • x
  • convention:

andersoncf1
andersoncf1 Created Jul 29, 2021 16:44:35 (0) (0)
thanks Bro  
LilStylz237
Created Jul 29, 2021 01:06:19

Thanks for sharing
View more
  • x
  • convention:

andersoncf1
andersoncf1 Created Jul 29, 2021 16:44:49 (0) (0)
welcome  
ulrichwandja
ulrichwandja Created Aug 10, 2021 18:19:13 (0) (0)
Yeah  
little_fish
Admin Created Jul 29, 2021 01:35:16

Good one
View more
  • x
  • convention:

Unicef
MVE Created Jul 29, 2021 02:42:39

Thanks for sharing my friend
View more
  • x
  • convention:

Serges_armel
Serges_armel Created Jul 29, 2021 19:18:50 (0) (0)
 
Laiheang
Created Jul 29, 2021 03:40:50

good
View more
  • x
  • convention:

umaryaqub
MVE Created Jul 29, 2021 04:42:45

Good learning. thanks for sharing.
View more
  • x
  • convention:

Chanbora
Created Jul 29, 2021 04:54:54

good
View more
  • x
  • convention:

chantha
Created Jul 29, 2021 05:11:31

well done
View more
  • x
  • convention:

simchamnan
Created Jul 29, 2021 05:22:36

good share
View more
  • x
  • convention:

shakeela
shakeela Created Jul 29, 2021 16:20:47 (0) (0)
 
shakeela
shakeela Created Jul 29, 2021 16:20:53 (0) (0)
yes  
123
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.