ON THIS PAGE
Example: Using AS Path Regular Expressions
An autonomous system (AS) path is a route attribute used by BGP. The AS path is used both for route selection and to prevent potential routing loops. This example shows how to use regular expressions with AS path numbers to locate a set of routes.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
Figure 1 shows several ASs connected through external BGP (EBGP) peering sessions. Each device is generating customer routes within its assigned address space.
Topology
Figure 1 shows the sample network.
The administrators of AS 64516 want to reject all routes originating
in AS 64513 and AS 64514. Two AS path regular expressions called orig-in-64513 and orig-in-64514 are created and
referenced in a policy called reject-some-routes. The routing
policy is then applied as an import policy on Device R6.
CLI Quick Configuration shows the configuration for all of the devices in Figure 1.
The section #configuration488__policy-as-path-regex-st describes
the steps on Device R2 and Device R6. Verification shows how to use the aspath-regex option with
the show route command on Device R2 to locate routes using
regular expressions.
Configuration
CLI Quick Configuration
To quickly configure
this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match
your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
Device R1
set interfaces fe-1/2/2 unit 0 description to-R2 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.2/30 set interfaces fe-1/2/3 unit 0 description to-R3 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.6/30 set interfaces fe-1/2/0 unit 0 description to-R5 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set protocols bgp export send-static set protocols bgp group 64512 type external set protocols bgp group 64512 peer-as 64512 set protocols bgp group 64512 neighbor 10.2.0.1 set protocols bgp group 64513 type external set protocols bgp group 64513 peer-as 64513 set protocols bgp group 64513 neighbor 10.2.0.5 set protocols bgp group 64515 type external set protocols bgp group 64515 peer-as 64515 set protocols bgp group 64515 neighbor 10.0.0.1 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set routing-options static route 10.10.1.0/24 reject set routing-options static route 10.10.2.0/24 reject set routing-options static route 10.10.3.0/24 reject set routing-options autonomous-system 64511
Device R2
set interfaces fe-1/2/2 unit 0 description to-R1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.1/30 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set protocols bgp export send-static set protocols bgp group 64511 type external set protocols bgp group 64511 peer-as 64511 set protocols bgp group 64511 neighbor 10.2.0.2 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set routing-options static route 10.20.1.0/24 reject set routing-options static route 10.20.2.0/24 reject set routing-options static route 10.20.3.0/24 reject set routing-options autonomous-system 64512
Device R3
set interfaces fe-1/2/3 unit 0 description to-R1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.5/30 set interfaces fe-1/2/2 unit 0 description to-R4 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.42/30 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set protocols bgp export send-static set protocols bgp group 64511 type external set protocols bgp group 64511 peer-as 64511 set protocols bgp group 64511 neighbor 10.2.0.6 set protocols bgp group 64514 type external set protocols bgp group 64514 peer-as 64514 set protocols bgp group 64514 neighbor 10.3.0.41 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set routing-options static route 10.30.1.0/24 reject set routing-options static route 10.30.2.0/24 reject set routing-options static route 10.30.3.0/24 reject set routing-options autonomous-system 64513
Device R4
set interfaces fe-1/2/2 unit 0 description to-R3 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.41/30 set interfaces lo0 unit 0 family inet address 192.168.0.4/32 set protocols bgp export send-static set protocols bgp group 64513 type external set protocols bgp group 64513 peer-as 64513 set protocols bgp group 64513 neighbor 10.3.0.42 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set routing-options static route 10.40.1.0/24 reject set routing-options static route 10.40.2.0/24 reject set routing-options static route 10.40.3.0/24 reject set routing-options autonomous-system 64514
Device R5
set interfaces fe-1/2/0 unit 0 description to-R1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-1/2/1 unit 0 description to-R6 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces lo0 unit 0 family inet address 192.168.0.5/32 set protocols bgp export send-static set protocols bgp group 64511 type external set protocols bgp group 64511 peer-as 64511 set protocols bgp group 64511 neighbor 10.0.0.2 set protocols bgp group 64516 type external set protocols bgp group 64516 peer-as 64516 set protocols bgp group 64516 neighbor 10.0.0.10 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set routing-options static route 10.50.1.0/24 reject set routing-options static route 10.50.2.0/24 reject set routing-options static route 10.50.3.0/24 reject set routing-options autonomous-system 64515
Device R6
set interfaces fe-1/2/1 unit 0 description to-R5 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.10/30 set interfaces lo0 unit 0 family inet address 192.168.0.6/32 set protocols bgp export send-static set protocols bgp group 64515 type external set protocols bgp group 64515 import reject-some-routes set protocols bgp group 64515 peer-as 64515 set protocols bgp group 64515 neighbor 10.0.0.9 set policy-options policy-statement send-static term 1 from protocol static set policy-options policy-statement send-static term 1 then accept set policy-options policy-statement reject-some-routes term find-routes from as-path orig-in-64513 set policy-options policy-statement reject-some-routes term find-routes from as-path orig-in-64514 set policy-options policy-statement reject-some-routes term find-routes then reject set policy-options as-path orig-in-64513 ".* 64513" set policy-options as-path orig-in-64514 ".* 64514" set routing-options static route 10.60.1.0/24 reject set routing-options static route 10.60.2.0/24 reject set routing-options static route 10.60.3.0/24 reject set routing-options autonomous-system 64516
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure Device R2:
Configure the device interfaces.
[edit interfaces] user@R2# set fe-1/2/2 unit 0 description to-R1 user@R2# set fe-1/2/2 unit 0 family inet address 10.2.0.1/30 user@R2# set lo0 unit 0 family inet address 192.168.0.2/32
Configure the EBGP connection to Device R1.
[edit protocols bgp] user@R2# set export send-static user@R2# set group 64511 type external user@R2# set group 64511 peer-as 64511 user@R2# set group 64511 neighbor 10.2.0.2
Configure the routing policy.
[edit policy-options policy-statement send-static term 1] user@R2# set from protocol static user@R2# set then accept
Configure the static routes.
[edit routing-options static] user@R2# set route 10.20.1.0/24 reject user@R2# set route 10.20.2.0/24 reject user@R2# set route 10.20.3.0/24 reject
Configure the AS number.
[edit routing-options] user@R2# set autonomous-system 64512
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure Device R6:
Configure the device interfaces.
[edit interfaces] user@R6# set fe-1/2/1 unit 0 description to-R5 user@R6# set fe-1/2/1 unit 0 family inet address 10.0.0.10/30 user@R6# set lo0 unit 0 family inet address 192.168.0.6/32
Configure the EBGP connection to Device R5.
[edit protocols bgp] user@R6# set export send-static user@R6# set group 64515 type external user@R6# set group 64515 import reject-some-routes user@R6# set group 64515 peer-as 64515 user@R6# set group 64515 neighbor 10.0.0.9
Configure the routing policy that sends static routes.
[edit policy-options policy-statement send-static term 1] user@R6# set from protocol static user@R6# set then accept
Configure the routing policy that rejects certain routes.
[edit policy-options policy-statement reject-some-routes term find-routes] user@R6# set from as-path orig-in-64513 user@R6# set from as-path orig-in-64514 user@R6# set then reject [edit policy-options] user@R6# set as-path orig-in-64513 ".* 64513" user@R6# set as-path orig-in-64514 ".* 64514"
Configure the static routes.
[edit routing-options static] user@R6# set route 10.60.1.0/24 reject user@R6# set route 10.60.2.0/24 reject user@R6# set route 10.60.3.0/24 reject
Configure the AS number.
[edit routing-options] user@R6# set autonomous-system 64516
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
Device R2
user@R2# show interfaces
fe-1/2/0 {
unit 0 {
description to-R1;
family inet {
address 10.2.0.1/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.2/32;
}
}
}
user@R2# show protocols
bgp {
export send-static;
group 64511 {
type external;
peer-as 64511;
neighbor 10.2.0.2;
}
}
user@R2# show policy-options
policy-statement send-static {
term 1 {
from protocol static;
then accept;
}
}
user@R2# show routing-options
static {
route 10.20.1.0/24 reject;
route 10.20.2.0/24 reject;
route 10.20.3.0/24 reject;
}
autonomous-system 64512;
Device R6
user@R6# show interfaces
fe-1/2/0 {
unit 0 {
description to-R5;
family inet {
address 10.0.0.10/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.6/32;
}
}
}
user@R6# show protocols
bgp {
export send-static;
group 64515 {
type external;
import reject-some-routes;
peer-as 64515;
neighbor 10.0.0.9;
}
}
user@R6# show policy-options
policy-statement reject-some-routes {
term find-routes {
from as-path [ orig-in-64513 orig-in-64514 ];
then reject;
}
}
policy-statement send-static {
term 1 {
from protocol static;
then accept;
}
}
as-path orig-in-64513 ".* 64513";
as-path orig-in-64514 ".* 64514";
user@R6# show routing-options
static {
route 10.60.1.0/24 reject;
route 10.60.2.0/24 reject;
route 10.60.3.0/24 reject;
}
autonomous-system 64516;
If you are done configuring the devices, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Finding Routes on Device R2
Purpose
On Device R2, use the show route aspath-regex command to locate routes
using regular expressions.
Action
Look for routes that are originated by Device R6 in AS 64516.
user@R2> show route terse aspath-regex ".* 64516" inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 10.60.1.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2 * ? 10.60.2.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2 * ? 10.60.3.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2
Look for routes that are originated in either AS 64514 or AS 64516.
user@R2> show route terse aspath-regex ".* (64514|64516)" inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 10.40.1.0/24 B 170 100 64511 64513 64514 I unverified >10.2.0.2 * ? 10.40.2.0/24 B 170 100 64511 64513 64514 I unverified >10.2.0.2 * ? 10.40.3.0/24 B 170 100 64511 64513 64514 I unverified >10.2.0.2 * ? 10.60.1.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2 * ? 10.60.2.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2 * ? 10.60.3.0/24 B 170 100 64511 64515 64516 I unverified >10.2.0.2
Look for routes that use AS 64513 as a transit network.
user@R2> show route terse aspath-regex ".* 64513 .+" inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 10.40.1.0/24 B 170 100 64511 64513 64514 I unverified >10.2.0.2 * ? 10.40.2.0/24 B 170 100 64511 64513 64514 I unverified >10.2.0.2 * ? 10.40.3.0/24 B 170 100 64511 64513 64514 I unverified
Meaning
The output shows the routing table entries that match the specified AS path regular expressions.
Making Sure That Routes Are Excluded on Device R6
Purpose
On Device R6, use the show route and show route hidden commands to make sure that routes originating
from AS 64513 and AS 64514 are excluded from Device R6’s routing
table.
Action
user@R6> show route 10.30.0/22 inet.0: 21 destinations, 21 routes (15 active, 0 holddown, 6 hidden)
user@R6> show route 10.40.0/22 inet.0: 21 destinations, 21 routes (15 active, 0 holddown, 6 hidden)
user@R6> show route hidden
inet.0: 21 destinations, 21 routes (15 active, 0 holddown, 6 hidden)
+ = Active Route, - = Last Active, * = Both
10.30.1.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0
10.30.2.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0
10.30.3.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0
10.40.1.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 64514 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0
10.40.2.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 64514 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0
10.40.3.0/24 [BGP ] 02:24:47, localpref 100
AS path: 64515 64511 64513 64514 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/1.0Meaning
The output shows that the 10.30.0/22 and 10.40.0/22 routes are rejected on Device R6.