RE: BGP - Filtering AS confederation

From: gladston@br.ibm.com
Date: Tue Apr 26 2005 - 14:51:21 GMT-3

• Next message: simon hart: "RE: ipv6 6to4 tunnels"
• Previous message: ccie2be: "ipv6 6to4 tunnels"
• Maybe in reply to: gladston@br.ibm.com: "BGP - Filtering AS confederation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Andy,

I solved my doubts with regular expression and "(".
Thanks.

Now, you pointed something that is as I though but did not work.
=========================
quoted
So to the external bgp peer you WILL filter on ^$ thereby permitting only
those empty AS routes.
=========================

I though using ^$ would solve the initial requirement. (which is: External
peers should receive just local originated routes. Use filter-list to
acomplish this.)
But it did not work.

Did I understand your point correctly?
Because if so, maybe it is a problem on the IOS I was using. It was 12.2T.

I use the filter-list on the same router that receive the route from a
confederation peer. For some reason it does not consider the AS empty,
even though announcing to a external peer.

One hour ago I was renting a lab. Now I just configure some neighbors to
test the regular expression, because this you did not saw external peers.
 I will use this lab again next Thurday, so I can reproduce the problem.

Cordially,
------------------------------------------------------------------
 Gladston

"Edwards, Andrew M" <andrew.m.edwards@boeing.com>
26/04/2005 14:36

To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR
cc
<ccielab@groupstudy.com>, "bi.s" <bi.s@gmx.net>, "CCIE6296"
<ccie6296@aces-star.com>
Subject
RE: BGP - Filtering AS confederation

Gladston,
 
When you send the bgp routes to an external AS from the confederation,
the innner confederation AS' are stripped and appended with the bgp
confederation identifier AS.
 
So to the external bgp peer you WILL filter on ^$ thereby permitting only
those empty AS routes. To the external BGP peer those routes will be
advertised as empty or locally originated. Then when the eBGP peer
receives the empty route it will add the AS to its external peer as
appropriate.
 
Also, it doesn't look like you have any routes to verify this with though
in the bgp table so I suggest stuffing a few in from the confederation,
then make the ebgp peer session, filter-list on ^$ and see what routes
are received by the external peer.
 
If, however, you selectively wanted to send routes that traveled through
a specific confederation path, then you use the \(AS\)_\(AS\)_ and so on
to define the inter-confederation AS on the path.
 
HTH,
 
andy
-----Original Message-----
From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
Sent: Tuesday, April 26, 2005 10:17 AM
To: Edwards, Andrew M
Cc: ccielab@groupstudy.com; bi.s; CCIE6296
Subject: RE: BGP - Filtering AS confederation

Thanks for the feeback,

I tried (), but could not achive the result:
The requirement is to allow only local originated routes using
filter-list; if there was no confederation, I would use empty AS --> ^$

r4#sh ip bgp regexp (65300)

   Network Next Hop Metric LocPrf Weight Path
*> 33.33.33.0/24 172.16.34.3 0 100 0 (65300) i
*> 44.44.44.0/24 0.0.0.0 0 32768 i
*> 158.200.200.0/24 172.16.36.6 0 100 0 (65300) 600
1600 2500 500 i

It is necessary to allow only AS 65300.
If I use ^(65300)$ it does not work:

r4#sb
   Network Next Hop Metric LocPrf Weight Path
*> 33.33.33.0/24 172.16.34.3 0 100 0 (65300) i
*> 44.44.44.0/24 0.0.0.0 0 32768 i
*> 158.200.200.0/24 172.16.36.6 0 100 0 (65300) 600
1600 2500 500 i
r4#
r4#
r4#sh ip bgp regexp ^(65300)$

r4#

If I use ^$, just routes not received from the confederation are matched:

r4#sh ip bgp regexp ^$

   Network Next Hop Metric LocPrf Weight Path
*> 44.44.44.0/24 0.0.0.0 0 32768 i

I need to tell IOS to look for routes that has just (65300) and no other
ASs on the AS PATH.

You told me about "\". How would the expression be?

I tried some variations (like a blind guy) without success:

r4#sh ip bgp regexp ^\(65300)
% unmatched ()
% Invalid regular expression
r4#
r4#sh ip bgp regexp \^(65300)

r4#sh ip bgp regexp \(^65300)
% unmatched ()
% Invalid regular expression
r4#

Cordially
------------------------------------------------------------------
Alaerte

"Edwards, Andrew M" <andrew.m.edwards@boeing.com>

26/04/2005 12:48

To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR
cc

Subject
RE: BGP - Filtering AS confederation

You need to alter the regexp to include the ( character with the "\("

From CCO

To use these special characters as single-character patterns, remove the
special meaning by preceding each character with a backslash (\). The
following examples are single-character patterns matching a dollar sign,
an underscore, and a plus sign, respectively:

\$

\_

\+

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fdial_c/fnsprt13/dafaapre.htm#wp1020344

HTH

andy

-----Original Message-----
From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
Sent: Tuesday, April 26, 2005 8:28 AM
To: ccielab@groupstudy.com
Subject: BGP - Filtering AS confederation

How can I match just a confederation AS whith regular expression?

R3#sh ip bgp reg

Network Next Hop Metric LocPrf Weight Path
*> 65.2.1.0/24 142.20.6.1 0 100 0 (65202
65206) 254 i
*> 65.2.2.0/24 142.20.6.1 0 100 0 (65202
65206) 254 i
*> 65.2.3.0/24 142.20.6.1 0 100 0 (65202
65206) 254 i
*> 65.2.4.0/24 142.20.6.1 0 100 0 (65202
65206) 254 i
*> 65.2.5.0/24 142.20.6.1 0 100 0 (65202
65206) 254 i
*> 200.200.1.0 142.20.125.1 0 100 0 (65202) i
R3#
R3#sh ip bgp regexp 65202$

Rack2R3#sh ip bgp regexp ^65202

What I am trying to achieve is to send just routes with empty AS to
external neighbor 150.100.20.254, using filter-list.

Should be the only solution to specify the internal ASs? (ip as-path
access-list 60 permit 65202)

If I use ^$ the internal routes received from confederation peers are
not allowed:

R3#sibs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
142.20.23.2 4 65202 197 189 48 0 0 02:51:19
2
150.100.20.254 4 254 189 189 48 0 0 02:48:47
13

R3#sh ip bgp ne 150.100.20.254 ad

Network Next Hop Metric LocPrf Weight Path
*> 66.66.66.0/24 142.20.6.1 0 100 0 (65202
65206) i
*> 200.200.1.0 142.20.125.1 0 100 0 (65202) i

R3#conf t

R3(config)#ip as-path access-list 60 permit ^$ R3(config)#router bgp
65203 R3(config-router)#nei R3(config-router)#neighbor 150.100.20.254 fi
R3(config-router)#neighbor 150.100.20.254 filter-list 60 out
R3(config-router)#neighbor 150.100.20.254 filter-list 60 out
R3(config-router)#^Z

R3#clear ip bgp * so
R3#sh ip bgp ne 150.100.20.254 ad

R3#sh ip bgp ne 150.100.20.254 ad

• Next message: simon hart: "RE: ipv6 6to4 tunnels"
• Previous message: ccie2be: "ipv6 6to4 tunnels"
• Maybe in reply to: gladston@br.ibm.com: "BGP - Filtering AS confederation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:09 GMT-3