RE: BGP - Filtering AS confederation

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Tue Apr 26 2005 - 14:36:36 GMT-3

Gladston,

When you send the bgp routes to an external AS from the confederation,
the innner confederation AS' are stripped and appended with the bgp
confederation identifier AS.

So to the external bgp peer you WILL filter on ^$ thereby permitting
only those empty AS routes. To the external BGP peer those routes will
be advertised as empty or locally originated. Then when the eBGP peer
receives the empty route it will add the AS to its external peer as
appropriate.

Also, it doesn't look like you have any routes to verify this with
though in the bgp table so I suggest stuffing a few in from the
confederation, then make the ebgp peer session, filter-list on ^$ and
see what routes are received by the external peer.

If, however, you selectively wanted to send routes that traveled through
a specific confederation path, then you use the \(AS\)_\(AS\)_ and so on
to define the inter-confederation AS on the path.

HTH,

andy

        -----Original Message-----
        From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
        Sent: Tuesday, April 26, 2005 10:17 AM
        To: Edwards, Andrew M
        Cc: ccielab@groupstudy.com; bi.s; CCIE6296
        Subject: RE: BGP - Filtering AS confederation

        Thanks for the feeback,

        I tried (), but could not achive the result:
        The requirement is to allow only local originated routes using
filter-list; if there was no confederation, I would use empty AS --> ^$

        r4#sh ip bgp regexp (65300)

           Network Next Hop Metric LocPrf Weight
Path
        *> 33.33.33.0/24 172.16.34.3 0 100 0
(65300) i
        *> 44.44.44.0/24 0.0.0.0 0 32768 i
        *> 158.200.200.0/24 172.16.36.6 0 100 0
(65300) 600 1600 2500 500 i

        It is necessary to allow only AS 65300.
        If I use ^(65300)$ it does not work:

        r4#sb
           Network Next Hop Metric LocPrf Weight
Path
        *> 33.33.33.0/24 172.16.34.3 0 100 0
(65300) i
        *> 44.44.44.0/24 0.0.0.0 0 32768 i
        *> 158.200.200.0/24 172.16.36.6 0 100 0
(65300) 600 1600 2500 500 i
        r4#
        r4#
        r4#sh ip bgp regexp ^(65300)$

        r4#

        If I use ^$, just routes not received from the confederation are
matched:

        r4#sh ip bgp regexp ^$

           Network Next Hop Metric LocPrf Weight
Path
        *> 44.44.44.0/24 0.0.0.0 0 32768 i

        I need to tell IOS to look for routes that has just (65300) and
no other ASs on the AS PATH.

        You told me about "\". How would the expression be?

        I tried some variations (like a blind guy) without success:

        r4#sh ip bgp regexp ^\(65300)
        % unmatched ()
        % Invalid regular expression
        r4#
        r4#sh ip bgp regexp \^(65300)

        r4#sh ip bgp regexp \(^65300)
        % unmatched ()
        % Invalid regular expression
        r4#

        Cordially

------------------------------------------------------------------
        Alaerte

"Edwards, Andrew M" <andrew.m.edwards@boeing.com>

26/04/2005 12:48

To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR
cc
Subject
RE: BGP - Filtering AS confederation

        You need to alter the regexp to include the ( character with the
"\("

        From CCO

        To use these special characters as single-character patterns,
remove the
        special meaning by preceding each character with a backslash
(\). The
        following examples are single-character patterns matching a
dollar sign,
        an underscore, and a plus sign, respectively:

        \$

        \_

        \+

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
        fdial_c/fnsprt13/dafaapre.htm#wp1020344

        HTH

        andy

        -----Original Message-----
        From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
        Sent: Tuesday, April 26, 2005 8:28 AM
        To: ccielab@groupstudy.com
        Subject: BGP - Filtering AS confederation

        How can I match just a confederation AS whith regular
expression?

        R3#sh ip bgp reg

        Network Next Hop Metric LocPrf Weight Path
        *> 65.2.1.0/24 142.20.6.1 0 100 0
(65202
        65206) 254 i
        *> 65.2.2.0/24 142.20.6.1 0 100 0
(65202
        65206) 254 i
        *> 65.2.3.0/24 142.20.6.1 0 100 0
(65202
        65206) 254 i
        *> 65.2.4.0/24 142.20.6.1 0 100 0
(65202
        65206) 254 i
        *> 65.2.5.0/24 142.20.6.1 0 100 0
(65202
        65206) 254 i
        *> 200.200.1.0 142.20.125.1 0 100 0
(65202) i
        R3#
        R3#sh ip bgp regexp 65202$

        Rack2R3#sh ip bgp regexp ^65202

        What I am trying to achieve is to send just routes with empty AS
to
        external neighbor 150.100.20.254, using filter-list.

        Should be the only solution to specify the internal ASs? (ip
as-path
        access-list 60 permit 65202)

        If I use ^$ the internal routes received from confederation
peers are
        not allowed:

        R3#sibs

        Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down
        State/PfxRcd
        142.20.23.2 4 65202 197 189 48 0 0
02:51:19
        2
        150.100.20.254 4 254 189 189 48 0 0
02:48:47
        13

        R3#sh ip bgp ne 150.100.20.254 ad

        Network Next Hop Metric LocPrf Weight Path
        *> 66.66.66.0/24 142.20.6.1 0 100 0
(65202
        65206) i
        *> 200.200.1.0 142.20.125.1 0 100 0
(65202) i

        R3#conf t

        R3(config)#ip as-path access-list 60 permit ^$ R3(config)#router
bgp
        65203 R3(config-router)#nei R3(config-router)#neighbor
150.100.20.254 fi
        R3(config-router)#neighbor 150.100.20.254 filter-list 60 out
        R3(config-router)#neighbor 150.100.20.254 filter-list 60 out
        R3(config-router)#^Z

        R3#clear ip bgp * so
        R3#sh ip bgp ne 150.100.20.254 ad

        R3#sh ip bgp ne 150.100.20.254 ad

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:09 GMT-3