APPLYING REGULAR EXPRESSIONS IN BGP FILTER
One of the many uses of BGP is to influence filter using regular expressions. We use regular expression to match items in AS Path. Also, It can be applied in VoIP to match for a number.
Below are normally used regular expressions:
On this example, we will match autonomous system 17 from the AS-path below.
5849 384 178 612 5170 451 717 453 1717 445 121 17 871
Without applying a regular expression, we will have Five (5) instances of a direct match.
5849 384 178 612 5170 451 717 453 1717 445 121 17 871
Assuming that our requirement is to get the match for only just the AS 17, a regular expression has to be defined using a character for the white space followed by 17 then another character for the white space.
_17_ - This regular expression should have an exact match for the AS-Path 17.
Let’s now define a regular expression statement selecting a two (2) different AS-Path using an OR statement. The regular expression to match 178 and 17 should be like _178_|_17_
^ is used as to define a regular expression to match a recently passed AS-path. Using ^5849_ will match AS 5849 if you are looking for the latest AS-path from our example.
$ is used to define a regular expression to match the end entry of an AS-path. Using _871$ will match AS 871 if you are defining an expression for the last entry of AS-path.
Period (.) is used to define a regular expression matching an AS path followed by any AS number. Based on our example, _121_. would match the 121 17 871 AS path.
Now let’s try to implement the usage of AS-Path filter using regular expression using our previous topology involved in our topic on Running BGP on your Service Provider Network. On this scenario, we will be going to deny the AS 1200 from coming out the R2 on AS 500.
On ISP2 at AS 6590 we have the below output of the BGP topology.
We need to deny the following network coming out from AS1200:
10.10.10.10/32
100.100.10.0/24
100.100.20.0/24
100.100.30.0/24
100.100.40.0/24
100.100.50.0/24
In order to do this, we will implement an ACL incorporating the filter to match AS1200 on R2 of AS500.
Now the .* (dot asterisk) signifies that after denying the AS 1200, it will then allow anything with any instance of the AS value.
We will then create a route-map to match the as-path defined on the ACL.
We then need to apply the route-map to the BGP neighbour that should not receive the network coming from AS 1200 which is in this case is the 20.20.20.20.
You can verify if the as-path filter took place by checking on the BGP topology of ISP2.
Note: You can do a clear on the BGP neighbour 20.20.20.20 if the route-map did not work.
Now the AS-path filter is in effect using a simple regular expression.