RE: as path filtering [bcc][faked-from]

From: marvin greenlee (marvin@ccbootcamp.com)
Date: Thu Feb 24 2005 - 00:03:51 GMT-3

• Next message: Scott Morris: "RE: as path filtering [bcc][faked-from]"
• Previous message: marvin greenlee: "RE: as path filtering [bcc][faked-from]"
• Maybe in reply to: marvin greenlee: "RE: as path filtering [bcc][faked-from]"
• Next in thread: Scott Morris: "RE: as path filtering [bcc][faked-from]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When creating path filters, verify your expressions on the router where you
are filtering, using the command "show ip bgp regexp". A few examples:

r8#show ip bgp
BGP table version is 15, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 14.1.1.0/24 140.4.147.7 0 0 147 101 50 2006
39 i
*> 14.2.1.0/24 140.4.147.7 0 0 147 200 206 99
107 i
*> 14.3.1.0/24 140.4.147.7 0 0 147 1 6 14 i
*> 14.4.1.0/24 140.4.147.7 0 0 147 3 i
*> 14.5.1.0/24 140.4.147.7 0 0 147 3 30 i
*> 14.6.1.0/24 140.4.147.7 0 0 147 1001 202
303 i
*> 14.7.1.0/24 140.4.147.7 0 0 147 77 7 i
*> 14.8.1.0/24 140.4.147.7 0 0 147 88 8 800
8000 i
*> 14.9.1.0/24 140.4.147.7 0 0 147 99 9009 i
*> 14.10.1.0/24 140.4.147.7 0 0 147 10 i
*> 14.11.1.0/24 140.4.147.7 0 0 147 11 i
*> 14.12.1.0/24 140.4.147.7 0 0 147 1 66 147
205 333 450 501 907 i
*> 14.13.1.0/24 140.4.147.7 0 0 147 13 130 33
99 i
*> 14.14.1.0/24 140.4.147.7 0 0 147 140 44 400
4000 i

** Without the underscore, any AS that ends in the number 3 will be
matched. **

r8#show ip bgp regexp 3$
BGP table version is 15, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 14.4.1.0/24 140.4.147.7 0 0 147 3 i
*> 14.6.1.0/24 140.4.147.7 0 0 147 1001 202
303 i

** With the underscore, the space is matched, and the last AS needs to be
3. **

r8#show ip bgp regexp _3$
BGP table version is 15, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 14.4.1.0/24 140.4.147.7 0 0 147 3 i
r8#

** You can also match based on a partial AS. In this case, we are matching
any AS that has a zero in it. **

r8#show ip bgp regexp 0
BGP table version is 15, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 14.1.1.0/24 140.4.147.7 0 0 147 101 50 2006
39 i
*> 14.2.1.0/24 140.4.147.7 0 0 147 200 206 99
107 i
*> 14.5.1.0/24 140.4.147.7 0 0 147 3 30 i
*> 14.6.1.0/24 140.4.147.7 0 0 147 1001 202
303 i
*> 14.8.1.0/24 140.4.147.7 0 0 147 88 8 800
8000 i
*> 14.9.1.0/24 140.4.147.7 0 0 147 99 9009 i
*> 14.10.1.0/24 140.4.147.7 0 0 147 10 i
*> 14.12.1.0/24 140.4.147.7 0 0 147 1 66 147
205 333 450 501 907 i
*> 14.13.1.0/24 140.4.147.7 0 0 147 13 130 33
99 i
*> 14.14.1.0/24 140.4.147.7 0 0 147 140 44 400
4000 i

Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, February 23, 2005 6:03 PM
To: mgrenham@eircom.net; ccielab@groupstudy.com
Subject: RE: as path filtering [bcc][faked-from]
Importance: Low

No, they aren't the same.

The caret means start of string. Therefore, only 65109 can be matched.

The underscore means blank and some other stuff - I forget. So, the
difference is that with _65109$ your as-path filter will match all paths
where 65109 is the originating AS. So if the as path looks like this:

100 200 65109 matches ip as-path access-list 6 permit _65109$
200 65109 matches ip as-path access-list 6 permit _65109$

65109 only matches ip as-path access-list 5 permit ^65109$

HTH, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mgrenham@eircom.net
Sent: Wednesday, February 23, 2005 8:43 PM
To: ccielab@groupstudy.com
Subject: as path filtering

Hi Group,

can anybody explain the difference between the below AS path filters. I
understand that the _65109$ represents prefixes originated in AS 65109 but
what about ^65109$ ?? Are they the same?

Ollie

ip as-path access-list 5 permit ^65109$
ip as-path access-list 6 permit _65109$

• Next message: Scott Morris: "RE: as path filtering [bcc][faked-from]"
• Previous message: marvin greenlee: "RE: as path filtering [bcc][faked-from]"
• Maybe in reply to: marvin greenlee: "RE: as path filtering [bcc][faked-from]"
• Next in thread: Scott Morris: "RE: as path filtering [bcc][faked-from]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:25 GMT-3