Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.

Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.

BGP AS-PATH filtering with Regular Expressions

Access lists, prefix lists work very well in case we want to filter prefixes, but sometimes you may want to take action not against particular networks, but particular Autonomous Systems. Then AS-PATH filtering is comming forward.

AS-PATH filtering is based on regular expressions, so there is no way to configure any filters without at least fundamental knowneldge of regular expressions. So firstly let’s go over to them and then to AS-PATH filtering.

Regular Expressions (Regexp) plays a meaningful role in conjunction with AS Path filters. Initialy were only used in programming, but now are  being used commonly in BGP for matching items in the AS PATH.

Regular Expressions are designed to match and all it does is taking a string and finding required stuff in it.

Here is the list with regular expressions:

^ matches the beginning of input
$ matches the end of input
| (pipe) a logical OR statement
. (period) matches a single character
+ matches the character to the left 1 or more times
* (asterisk) matches the character to the left 0 or more times
? matches the character to the left 0 or 1 times
\ removes special meanings
() affects order of operations
[] creates a group of characters

The best explanation of Regexp is on examples. Let’s take an AS PATH:

AS Path : 3567 234 92 2319 298 2671 23 29

_– (underscore) white space, the gap betwen autonomous systems numbers, takes place is searching as a part of the string

Let’s try make some searching on above AS PATH string in bgp table. We run command show ip bgp regexp:

92|23 (92 OR 23 in ANY of the AS) – result is AS PATH that contains AS 92 or 23 : 234 92 2319 23

_92_|_23_ (ONLY 92 OR 23)- result is AS PATH that contains exactly AS 92 or 23 : 92 23

^3567_ – the AS PATH string begin with 3567

_29$ – the AS PATH string ending with AS 29

(_92_|_23)_2319 – the AS PATH string exactly with AS 92 or 23 FOLLOWED BY 2319

^3567_. – the AS PATH string begin with 3567 and contains any AS behind

.* – match everything, we will get the full bgp table

 

If we know how to use basic regular expressions we may go over AS-PATH filtering and the lab.

I’ve made the lab that consists of 5 AS. On R5 I added a few networks 10.0.1.0-6.0. Everything is pre-configured, so you may imidiately play around with filtering. I created 3 scenarios.

Here you may download the lab from Mega Upload with decryption key:

https://mega.nz/#!W2gwgQDY

3lSC0go9-6XiVfUIXGb2eaNbZVr7Fub-ZzsHkVm4ie8

in order tu unpack the rar file use as usual password :

www.itbundle.net

 

Firstly let’s check how bgp table on R1 looks like before we start configuring anything. As we see everything is in working order and as we expected

AS PATH filtering – means matching routes based on AS PATH, we have to remember that at the end of as-path access-list there is an implicit ‘deny’ statement as in ordinary access list.

In order to utilize AS-PATH filter, firstly we have to create ip as-path access-list, next we create a route map with match and/or set statement. At the end we apply the route-map against the neighbor.
All three scenarios we are applying on R2 against R1, so all outcomes we will be checking on R1.

Scenario 1
We want to block on R2 towards R1 all updates for any network that contain in AS PATH Autonomous System 3 

ip as-path access-list 1 deny _3_ – every update that containes AS3 in AS PATH string will be rejected, _3_ is a regular expression
ip as-path acces-list 1 permit .* – the other ASs are allowed (permit ANY)

route-map FILTER_3 permit 10
match as-path 1  – as-path access-list number

router bgp 2
neighbor 1.1.1.1 route-map FILTER_3 out – application against the neighbor

bgp table on R1 shows that all routes with AS3 have dissapeared

 

Scenario 2
We want to change the metric for any network that in AS PATH has AS3

ip as-path access-list 2 permit _3_

route-map METRIC_3 permit 10
match as-path 2
set weight 155
route-map METRIC_3 permit 20

router bgp 2
neighbor 1.1.1.1 route-map METRIC_3 out

BGP table on R1 shows to us changed metric to 155 for routes with AS3 in AS PATH

Scenario 3
We want to change AS PATH string (we are doing that with as-path prepend) for each network that has in AS PATH AS4

ip as-path access-list 3 permit _4_

route-map AS_PATH_PREP permit 10
match as-path 1
set as-path prepend 100 101 102 103
route-map AS_PATH_PREP permit 20

router bgp 2
neighbor 1.1.1.1 route-map AS_PATH_PREP out

On R1 it is highly visible that AS PATH attribute has changed. ASs100 101 102 103′ have been added to the networks that have AS4 in the AS PATH.

Now, you may come to the conclusion that the same outcomes you may achieve thanks to route maps and just prefix lists or access lists. That’s right but if you want to take action against entire AS that contain thousands of prefixes, utilization of access lists wouldn’t be efficient. Thanks to AS-PATH filtering you may take action with one line instead of one thousand lines in access list.

,

Onlain bookmaker bet365.com - the best bokie

Menu