Understanding AS Path Regular Expressions for Use as Routing Policy Match Conditions
A BGP AS path is the sequence of autonomous systems that network packets traverse to get to a specified router. AS numbers are assembled in a sequence that is read from right to left. For example, for a packet to reach a destination using a route with an AS path 5 4 3 2 1, the packet first traverses AS 5 and so on until it reaches AS 1. In this case, AS 1 is the last AS before the packet destination; it is the AS that the source of the packet would peer with.
When working with AS paths and routing policy match conditions, you can use regular expressions to locate routes. To do so, create one or more match conditions based on some or all of the AS path, and then include it in a routing policy.
The following sections describe AS path regular expressions and provide configuration examples.
Configuration of AS Path Regular Expressions
You can create a named AS path regular expression and then include it in a routing policy
with the as-path match condition (described in Routing Policy Match Conditions). To create a named AS path regular expression, include
the as-path statement:
[edit policy-options] as-path name regular-expression;
To include the AS path regular expression in a routing policy, include the as-path match condition in the from statement.
Additionally, you can create a named AS path group made up of AS path regular expressions
and then include it in a routing policy with the as-path-group match condition.
To create a named AS path group, include the as-path-group statement.
[edit policy-options]
as-path-group group-name {
name [ regular-expressions ];
}
To include the AS path regular expressions within the AS path group in a routing policy,
include the as-path-group match condition in the from statement.
You cannot include both of the as-path and as-path-group statements
in the same policy term.
You can include the names of multiple AS path regular expressions in the as-path match condition in the from statement. If you do this, only one AS path regular
expression needs to match for a match to occur. The AS path regular expression matching is
effectively a logical OR operation.
The AS path name identifies the regular expression. It can contain letters, numbers, and hyphens (-), and can be up to 65,536 characters. To include spaces in the name, enclose the entire name in quotation marks (“ ”).
The regular expression is used to match all or portions of the AS path. It consists of two components, which you specify in the following format:
term <operator>
term—Identifies an AS. You can specify it in one of the following ways:AS number—The entire AS number composes one term. You cannot reference individual characters within an AS number, which differs from regular expressions as defined in POSIX 1003.2.
Wildcard character—Matches any single AS number. The wildcard character is a period (.). You can specify multiple wildcard characters.
AS path—A single AS number or a group of AS numbers enclosed in parentheses. Grouping the regular expression in this way allows you to perform a common operation on the group as a whole and to give the group precedence. The grouped path can itself include operators.
In Junos OS Release 9.1 and later, you can specify 4-byte AS numbers as defined in RFC 4893, BGP Support for Four-octet AS Number Space, as well as the 2-byte AS numbers that are supported in earlier releases of the Junos OS. You can configure a value in the range from 1 through 4,294,967,295.
operator—(Optional) An operator specifying how the term must match. Most operators describe how many times the term must be found to be considered a match (for example, any number of occurrences, or zero, or one occurrence). Table 1 lists the regular expression operators supported for AS paths. You place operators immediately aftertermwith no intervening space, except for the pipe ( | ) and dash (–) operators, which you place between two terms, and parentheses, with which you enclose terms.
You can specify one or more term–operator pairs in a single regular expression.
Table 2 shows examples of how to define regular expressions to match AS paths.
Operator |
Match Definition |
|---|---|
|
At least |
|
Exactly |
|
|
|
Zero or more repetitions of |
|
One or more repetitions of |
|
Zero or one repetition of |
|
One of two terms on either side of the pipe. |
|
Between a starting and ending range, inclusive. |
|
A character at the beginning of a community attribute regular expression. This character is added implicitly; therefore, the use of it is optional. |
|
A character at the end of a community attribute regular expression. This character is added implicitly; therefore, the use of it is optional. |
|
A group of terms that are enclosed in the parentheses. Intervening space between the parentheses and the terms is ignored. If a set of parentheses is enclosed in quotation marks with no intervening space "()", it indicates a null path. |
|
Set of AS numbers. One AS number from the set must match. To specify the start and end of a range, use a hyphen (-). A caret (^) may be used to indicate that it does not match a particular AS number in the set, for example [^123]. |
AS Path to Match |
Regular Expression |
Sample Matches |
|---|---|---|
AS path is 1234 |
1234 |
1234 |
Zero or more occurrences of AS number 1234 |
1234* |
1234 1234 1234 1234 1234 1234 Null AS path |
Zero or one occurrence of AS number 1234 |
1234? or 1234{0,1} |
1234 Null AS path |
One through four occurrences of AS number 1234 |
1234{1,4} |
1234 1234 1234 1234 1234 1234 1234 1234 1234 1234 |
One through four occurrences of AS number 12, followed by one occurrence of AS number 34 |
12{1,4} 34 |
12 34 12 12 34 12 12 12 34 12 12 12 12 34 |
Range of AS numbers to match a single AS number |
123–125 |
123 124 125 |
[123–125]* |
Null AS path 123 124 124 125 125 125 123 124 125 123 |
|
Path whose second AS number must be 56 or 78 |
(. 56) | (. 78) or . (56 | 78) |
1234 56 1234 78 9876 56 3857 78 |
Path whose second AS number might be 56 or 78 |
. (56 | 78)? |
1234 56 52 34 56 1234 1234 78 39 794 78 2 |
Path whose first AS number is 123 and second AS number is either 56 or 78 |
123 (56|78) |
123 56 123 78 |
Path of any length, except nonexistent, whose second AS number can be anything, including nonexistent |
. .* or . .{0,} |
1234 1234 5678 1234 5 6 7 8 |
AS path is 1 2 3 |
1 2 3 |
1 2 3 |
One occurrence of the AS numbers 1 and 2, followed by one or more occurrences of the AS number 3 |
1 2 3+ |
1 2 3 1 2 3 3 1 2 3 3 3 |
One or more occurrences of AS number 1, followed by one or more occurrences of AS number 2, followed by one or more occurrences of AS number 3 |
1+ 2+ 3+ |
1 2 3 1 1 2 3 1 1 2 2 3 1 1 2 2 3 3 |
Path of any length that begins with AS numbers 4, 5, 6 |
4 5 6 .* |
4 5 6 4 5 6 7 8 9 |
Path of any length that ends with AS numbers 4, 5, 6 |
.* 4 5 6 |
4 5 6 1 2 3 4 5 6 4 9 4 5 6 |
AS path 5, 12, or 18 |
5 | 12 | 18 |
5 12 18 |
Configuring a Null AS Path
You can use AS path regular expressions to create a null AS path that matches routes (prefixes) that have originated in your AS. These routes have not been advertised to your AS by any external peers. To create a null AS path, use the parentheses operator enclosed in quotation marks with no intervening spaces:
[edit policy-options] as-path null-as “()";
In the following example, locally administered AS 2 is connected to AS 1
(10.2.2.6) and AS 3. AS 3 advertises its routes to AS 2, but the administrator
for AS 2 does not want to advertise AS 3 routes to AS 1 and thereby allow
transit traffic from AS 1 to AS 3 through AS 2. To prevent transit traffic, the
export policy only-my-routes is applied to AS 1. It permits
advertisement of routes from AS 2 to AS 1 but prevents advertisement of routes
for AS 3 (or routes for any other connected AS) to AS 1:
[edit policy-options]
as-path null-as "()";
policy-statement only-my-routes {
term just-my-as {
from {
protocol bgp;
as-path null-as;
}
then accept;
}
term nothing-else {
then reject;
}
}
protocol {
bgp {
neighbor 10.2.2.6 {
export only-my-routes;
}
}
}
How AS Path Regular Expressions Are Evaluated
AS path regular expressions implement the extended (modern) regular expressions as defined in POSIX 1003.2. They are identical to the UNIX regular expressions with the following exceptions:
The basic unit of matching in an AS path regular expression is the AS number and not an individual character.
A regular expression matches a route only if the AS path in the route exactly matches
regular-expression. The equivalent UNIX regular expression is^regular-expression$. For example, the AS path regular expression1234is equivalent to the UNIX regular expression^1234$.You can specify a regular expression using wildcard operators.
Examples: Configuring AS Path Regular Expressions
Exactly match routes with the AS path 1234 56 78 9 and accept them:
[edit]
policy-options {
as-path wellington "1234 56 78 9";
policy-statement from-wellington {
term term1 {
from as-path wellington;
}
then {
preference 200;
accept;
}
term term2 {
then reject;
}
}
}
Match alternate paths to an AS and accept them after modifying the preference:
[edit]
policy-options {
as-path wellington-alternate “1234{1,6} (56|47)? (78|101|112)* 9+”;
policy-statement from-wellington {
from as-path wellington-alternate;
}
then {
preference 200;
accept;
}
}
}
Match routes with an AS path of 123, 124, or 125 and accept them after modifying the preference:
[edit]
policy-options {
as-path addison "123–125";
policy-statement from-addison {
from as-path addison;
}
then {
preference 200;
accept;
}
}
}