BGP Regular Expressions

Filtering based on the AS_PATH attribute is done using BGP regular expressions.

Regular expressions are matched against the AS_PATH strings. Remember that

AS_PATH can be constructed of the following elements: AS_SET (unordered list of

AS numbers), AS_SEQUENCE (ordered list of AS numbers), AS_CONFED_SET,

and AS_CONFED_SEQUENCE, which are the same elements but consist of the

confederation AS numbers. For the purpose of matching, the AS_PATH attribute is

viewed as a string starting with the adjacent AS number on the leftmost position,

and the originating AS number in the rightmost position. When matching the

AS_SET attribute, enclose the AS numbers in curly brackets and separate them

with commas; for example, {100,200,300}. When matching a confederation path,

enclose the AS numbers in parentheses, using backslashes to escape the special

meaning of the character: “\(100\)”.

We will discuss the most useful types of regexp patterns suitable for many “real-life”

situations. You may read more about BGP regular expressions basics in our blog

post Understanding BGP Regular Expressions. First, recall the basic regular

expression meta-characters or modifiers:

1. “.” – any character

2. “?” – repeat the previous character one or zero times

3. “*” – repeat the previous character zero or any times

4. “+” – repeat the previous character one or more times

5. “^” – match the beginning of a string

6. “$” – match the end of a string

7. “[]” – range or elements

8. “_” – match the “space” separating AS numbers OR the end of the AS_PATH list

Other important regexp features include grouping and back-referencing. You can

use parentheses to group AS numbers, such as (123 124 1+), and every group is

assigned a number starting from left to right. For example, in the string “1 2 (3 4) 5 6

(7 8)”, the first group is assigned the number 1 and the second group number 2. You

can later “recall” the grouping by using the commands \1, \2, and so on for the group

numbers. For example, the string “(1 2) 3 \1” would match “1 2 3 1 2”. You may use

the pipe character “|” in addition to the grouping characters for the concept of

alternation. For example, (1 2)|(5 6) would match “1 2” or “5 6”. Now the practical

examples:

“^$” - means an empty AS_PATH attribute, which identifies the prefixes advertised

in the local AS.

“^254_” - means prefixes received from the directly adjacent AS 254. Note that

using “_” is important, because there could be another adjacent AS with the number

starting with 254.

“_254_” - prefixes transiting AS 254. The “_” characters are needed to clearly

separate the AS number.

“_254$” - means prefixes originated in the AS 254. This expression matches the

rightmost position in the string, meaning that the expression could be of arbitrary

length.

“^([0-9]+)_254” - routes from the AS 254 when it’s just “one-hop” away.

“^254_([0-9]+)” - prefixes from the clients of the directly connected AS 254.

“^(254_)+([0-9]+)” - prefixes from the clients of the adjacent AS 254, accounting for

the fact that AS 254 may do AS_PATH prepending.

“^254_([0-9]+_)+” - prefixes from the clients of the adjacent AS 254, accounting for

the fact that the clients may do AS_PATH prepending.

^\(65100\) - prefixes learned from the confederation peer 65100.

You configure BGP regular-expression using the IP AS-PATH access-lists:

ip as-path access-list <N> {permit|deny} <Regexp> . This access-list might be applied

as a filter-list to a peer using the syntax: neighbor <IP> filter-list <N> [in|out] .

However, the best approach is to match AS_PATH access-lists under a route-map

applied to the peer ( match as-path ),