© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Employing AS-Path Filters

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Outline Overview AS-Path Filtering Scenarios AS-Path Regular Expressions String Matching Applying AS-Path Filters Configuring BGP AS-Path Filters Monitoring AS-Path Filters Summary

© 2005 Cisco Systems, Inc. All rights reserved. BGP v AS-Path Filtering Scenarios Several scenarios require BGP route filtering based on AS path. –Announce only local routes to the ISPAS path needs to be empty –Select routes based on a specific AS number in the AS path –Accept routes for specific AS only from some BGP neighbors AS-path filters use regular expressions.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v AS-Path Regular Expressions | | AS-path converted to string ip as-path access-list 1 permit31 String matched with regexp

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingRegular Expressions A string of characters in a regular expression matches any equivalent substring in the AS path. How many times does 31 match? | | Answer: | |

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingAlternatives Expression expr1|expr2 matches the string if either subexpression matches the string. How many times does 21|31 match? | | Answer: | |

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingRanges and Wildcard Characters A range of characters matches any single character in the range. Examples: [1234] or [1-4] Dot (.) matches any single character How many times does [1-3].[34] match? | | Answer: | | | |

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingMatching Delimiters ^Matches beginning of string $Matches end of string _Matches any delimiter (beginning, end, white space, tab, comma) How many times does ^21, 31$, _31_ match? | | Answer: | |

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingGrouping Parentheses can be used to group smaller regular expressions into larger expressions. How many times does (213|218)_31 match? | | Answer: | |

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingSpecial Characters \To use the special characters as single-character patterns, remove the special meaning by preceding each character with a backslash (\). How do you match AS 213 in the beginning of the string? |( ) | Answer: ^\(213_

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingRepeating Operators *Matches zero or more atoms ?Matches zero or one atom +Matches one or more atoms An atom is a single character or a grouping. How do you match AS sequences and in a single regular expression? Answer: _23(_78)?_45_

© 2005 Cisco Systems, Inc. All rights reserved. BGP v String MatchingSample Regular Expressions _100_ ^100$ _100$ ^100_. ^ [0-9]+$ ^([0-9]+)(_\1)*$ ^$.* Going through AS 100 Directly connected to AS 100 Originated in AS 100 Networks behind AS 100 AS paths one AS long Prepending performed in neighboring originating AS Networks originated in local AS Matches everything

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Commonly Used Characters in Expressions. Any single character, including a space * Zero or more sequence of pattern +One or more sequence of pattern ?Zero or one occurrence of pattern ^Beginning of string $End of string _Match any delimiter (including beginning, end, space, tab, comma) \Remove special meaning of character that follows [ ]Match one character in a range |Logical OR

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Applying AS-Path Filters

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring BGP AS-Path Filters ip as-path access-list number {permit|deny} regexp router(config)# Configures AS-path access-list neighbor ip-address filter-list as-path-filter {in|out} router(config-router)# Configures inbound or outbound AS-path filter for specified BGP neighbor

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring BGP AS-Path Filters (Cont.)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v router# Displays all routes in the BGP table matching regular- expression in one or all filter-lists Monitoring AS-Path Filters show ip as-path-access-list [filter list] router# Displays one or all filter-lists show ip bgp filter-list access-list-number router# Displays all routes in the BGP table permitted by the specified AS-path access-list show ip bgp regexp regular-expression

© 2005 Cisco Systems, Inc. All rights reserved. BGP v The show ip as-path-access-list Command Displaying configured filters:

© 2005 Cisco Systems, Inc. All rights reserved. BGP v The show ip bgp regexp Command Routes matched by an expression:

© 2005 Cisco Systems, Inc. All rights reserved. BGP v The show ip bgp filter-list Command Routes matched by a filter-list:

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary Several scenarios require BGP route filtering based on AS path, including announcing only local routes to the ISP (AS path needs to be empty), selecting routes based on a specific AS number in the AS path, and accepting routes for a specific AS only from some BGP neighbors. By applying specific selection criteria to the contents of the AS-path attribute, routers can select a subset of routes from the total set of routes that are received. Cisco IOS software internally translates the AS-path encoding, which is carried with all BGP routes into a character string. This string is then tested against the regular expression. String matching operates when you are using AS-path regular expressions to match BGP routes.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary (Cont.) You can use AS-path filters to select those routes that will be allowed. An AS-path filter is created by an AS-path access-list, which is applied to a set of routes from which to select a subset. The ip as-path access-list global configuration command defines a BGP AS-path access-list, and the neighbor filter-list router configuration command sets up a BGP filter. There are a number of Cisco IOS commands that are required to monitor the operation of configured AS-path filters, including show ip as-path-access-list, show ip bgp regexp, and show ip bgp filter-list.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v