RE: bgp question...help

From: Brian McGahan (brian@cyscoexpert.com)
Date: Mon Nov 04 2002 - 15:58:09 GMT-3

• Next message: Huy Luu: "Re: OT: Ping Data patterns for circuit testing"
• Previous message: Peter van Oene: "Re: 802.1q and 802.1p"
• Maybe in reply to: Sara Li: "bgp question...help"
• Next in thread: Jaroslaw Zak: "RE: bgp question...help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jarek,
        
        That will work matching on each specific case, but it's much
more fun to match all cases in one line. Suppose we have the following
scenario:

R1---R2--R3--R4---R5

R1 is AS 100
R2, R3, R4 are AS 200
R5 is AS 300

R2, R3, R4 are confederated, with sub as's 65002, 65003, and 65004
respectively. They are also originating prefixes A, B, & C
respectively. If AS 200 does not want to be transit, we must only
advertise out prefixes originated in these three sub AS's.

From R2's perspective, we see the following prefixes, and the following
AS-Path's:

A - EMPTY
B - (65003)
C - (65003,65004)

From R4's perspective, we see the following prefixes, and the following
AS-Path's:

A - (65002,65003)
B - (65003)
C - EMPTY

Now we must consider how to match all of these cases in a single line.
Remember that parentheses are special characters within the as-path
list.

Our minimum case to match would be:

^$

This is our empty AS-PATH, which is prefixes locally originated in our
sub-as.

Our maximum case to match would be:

\(X\)

where X is any number of AS's, or a comma. Remember that we need to
escape the parens.

To satisfy our condition of X, we should be matching 1 or more instance
of any character, which equates to:

.+

Therefore our maximum case is now:

^\(.+\)$

However, we must match the minimum case at the same time. Therefore,
our current expression \(.+\) is either true or false. True or false
(0 or 1 instance) is covered by the expression ?.

Therefore, our final regular expression will read:

^(\(.+\))?$

Tada!

Advertise only prefixes which match this expression outbound on your
border routers, and your confederated AS's will not be transit.

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
Voice: 847.674.3392
Fax: 847.674.2625

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Jaroslaw Zak
> Sent: Monday, November 04, 2002 12:11 PM
> To: saralilin@hotmail.com; ccielab@groupstudy.com
> Subject: RE: bgp question...help
>
> Sarah
>
> How about keeping it simple and advertising only routes originated by
> myself
> or other two sub-as (I'm tempted to use plural here: sub-as'es ;))
>
> from AS 6503 outgoing filter towards external neighbours:
>
> permit _6501$
> permit _6502$
> permit ^$
>
> Just a thought.
> Jarek
>
>
>
>
> >From: "Sara Li" <saralilin@hotmail.com>
> >Reply-To: "Sara Li" <saralilin@hotmail.com>
> >To: ccielab@groupstudy.com
> >Subject: RE: bgp question...help
> >Date: Mon, 04 Nov 2002 13:16:50 +0000
> >
> >solution 2: use as-path filter.
> >
> >advertise to as 100 deny _200_
> >
> >advertise to as 200 deny _100_
> >
> >will this work also right?
> >
> > >From: "Sara Li" >Reply-To: "Sara Li" >To: ccielab@groupstudy.com
> > >Subject: RE: bgp question...help >Date: Mon, 04 Nov 2002 12:06:35
+0000
> > > >Janto, > your solution .. . hummm, i tried simplified it. >
> > >R1(AS100)-----R2(AS300)-----R3(AS300)------R4(AS200) > >R1 has
route
> >172.16.1.0/24 in its BGP table. >R4 has route 192.168.1.0/24 in its
BGP
> >table. > >R2 >----- >neighbor R1 route-map setcommunity in >
>route-map
> >setcommunity permit 10 >set community no-export > >R3 >---- >neighbor
R4
> >route-map setcommunity in > >route-map setcommunity permit 10 >set
> >community no-export > >i think this will work. so whatever routes
from
> >ebgp neighbor are tag >with no-export, so the routes will not exit
as300.
> > > >am i right? > > >From: "Janto Cin" >Reply-To: "Janto Cin" >To:
"'Sara
> >Li'" , >Subject: >RE: bgp question...help >Date: Mon, 4 Nov 2002
17:43:47
> >+0700 > > >R1(AS100)-----R2(AS300)-----R3(AS300)------R4(AS200) > >R1
has
> >route >172.16.1.0/24 in its BGP table. >R4 has route 192.168.1.0/24
in
> >its BGP >table. > >R2 >----- >neighbor R1 route-map setcommunity in
> > >neighbor R1 >route-map deny_as200 out > >route-map setcommunity
permit
> >10 >match ip >address 1 >set community 100 > >route-map setcommunity
> >permit 20 > > >access-list 1 permit 172.16.1.0 >ip community-list 99
> >permit 200 > > >route-map deny_as200 deny 10 >match community-list 99
>
> > >route-map >deny_as200 permit 20 > >R3 >---- >neighbor R4 route-map
> >setcommunity in > >neighbor R4 route-map deny_as100 out > >route-map
> >setcommunity permit 10 > >match ip address 1 >set community 200 >
> > >route-map setcommunity permit >20 > >access-list 1 permit
192.168.1.0
> > >ip community-list 99 permit 100 > > >route-map deny_as100 deny 10
> >match
> >community-list 99 > >route-map >deny_as100 permit 20 > >Please
correct me
> >if I'm wrong. > >Janto > > > >-----Original Message----- >From:
> >nobody@groupstudy.com >[mailto:nobody@groupstudy.com] On Behalf Of
>Sara
> >Li >Sent: Monday, >November 04, 2002 3:25 PM >To:
ccielab@groupstudy.com
> > >Subject: bgp >question...help > >i have confederation AS 300 peer
with
> >AS100, AS 200. > >AS 300 got 3 sub-as 65501,65502,65503. and i dont
want
> >AS 300 to be a > >trasit as for AS100 and AS 200. >how should i
filter
> >it? initially i >thougt using as-path filter to allow >only ^$ local
as,
> >then it proves >only local sub-as routes will go out, >not allow the
> >other two sub as go >out of AS 300. then i thoght of using >community
> >no-export. but then, if >as100 or as 200 neighbor as want to >reach
as
> >300, they cant as AS 100 or >AS 200 wont advertise as 300's
>routes.any
> >idea? Sara > >
> >
>-----------------------------------------------------------------------
> -
> > > > >Choose an Internet access plan right for you -- try MSN! Click
Here
> > > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG
> >anti-virus >system (http://www.grisoft.com). >Version: 6.0.410 /
Virus
> >Database: 231 >- Release Date: 10/31/2002 > > >--- >Outgoing mail is
> >certified Virus >Free. >Checked by AVG anti-virus system
> >(http://www.grisoft.com). > >Version: 6.0.410 / Virus Database: 231 -
> >Release Date: 10/31/2002 >
> >
>-----------------------------------------------------------------------
> -
> > > >Get faster connections -- switch to MSN Internet Access! Click
Here
> >
>
>-----------------------------------------------------------------------
-
> >
> >Surf the Web without missing calls! Get MSN Broadband. Click Here
>
>
> _________________________________________________________________
> Surf the Web without missing calls! Get MSN Broadband.
> http://resourcecenter.msn.com/access/plans/freeactivation.asp

• Next message: Huy Luu: "Re: OT: Ping Data patterns for circuit testing"
• Previous message: Peter van Oene: "Re: 802.1q and 802.1p"
• Maybe in reply to: Sara Li: "bgp question...help"
• Next in thread: Jaroslaw Zak: "RE: bgp question...help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:52 GMT-3