Scribd
Upload
113 views54 pages

2.BGP 2

BGP

Uploaded by

Jason Robinson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
113 views54 pages

2.BGP 2

BGP

Uploaded by

Jason Robinson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 54

BGP Attributes and Policy—

Part 1

© 2013 Juniper Networks, Inc. All rights reserved. | www.juniper.net


BGP Policy

▪ BGP behavior can be influenced by policy


•BGP attributes can be matched or changed
•Can differentiate between IBGP or EBGP routes
▪ BGP stores routes in three main RIB memory tables
•RIB-IN: Stores all received routes
•RIB-LOCAL: Stores routes the local router uses to forward
traffic
•RIB-OUT: Stores all advertised routes
▪ Only active BGP routes in the local routing table can
be advertised to peers
•Single best BGP path is advertised

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 2


BGP Import Policy

▪ Import policies are enforced between the RIB-IN and


RIB-LOCAL tables
Peers
Filtering and
attribute Choice of
manipulation best route

Routes from Import Routes


RIB-IN Decisions
BGP peers policy used

IP routing
table
Peers

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 3


BGP Import Policy Example
Import policies:
1) Reject 0.0.0.0/0 from AS 1
0.0.0.0/0 2) Prefer 192.168.14.0/24 from AS 1
192.168.14.0/24 3) Accept all routes from AS 3
AS 1
Filtering and
attribute
manipulation Choice of best route

Routes from Import Routes


RIB-IN Decisions
BGP peers policy used

0.0.0.0/0 :AS1 Forwarding


0.0.0.0/0 :AS3 table
192.168.14.0/24 :AS1 0.0.0.0/0 :AS3
AS 3 192.168.14.0/24 :AS3
0.0.0.0/0 172.31.10.0/24 :Local
192.168.27.0/24 :AS3 192.168.14.0/24 :AS1
192.168.14.0/24
192.168.27.0/24 192.168.27.0/24 :AS3

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 4


BGP Export Policy

▪ Export policies are enforced between the RIB-LOCAL


and RIB-OUT tables
Peers
Filtering and
attribute Choice of
manipulation best route

Routes Export
RIB-OUT Routes sent to
used policy BGP peers

IP routing
table
Peers

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 5


BGP Export Policy Example
Export policies:
172.31.10.0/20
1) Do not send 0.0.0.0/0
192.168.14.0/24
2) Send 192.168.14.0/24 to AS 2 with a metric of 10
3) Do not send 192.168.27.0/24 to AS 4
AS 4
4) Send aggregate for local routes
Filtering and Choice of
attribute best route
manipulation

Routes Export
RIB-OUT Routes sent to
used policy BGP peers

IP routing
table
0.0.0.0/0 :AS3 AS 2
172.31.10.0/20
172.31.10.0/20 :Local Aggregate
192.168.14.0/24
192.168.14.0/24 :AS1
(metric = 10)
192.168.27.0/24 :AS3
192.168.27.0/24
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 6
How BGP Uses Next Hop

▪ Next-hop concept in IGPs is straightforward—BGP


next-hop is more elaborate
▪ Default forms of BGP next-hop information:
•EBGP sessions: Next hop is the IP address of the neighbor
that announced the route
•IBGP sessions—three scenarios:
• For routes originating inside the AS with a forwarding next hop, the
next hop is set to that forwarding address (third-party next hop)
• For routes originating inside the AS with reject or discard next
hop, the next hop is the session address associated with the BGP
speaker
• For routes injected into the AS using EBGP, the EBGP next hop is
advertised unchanged into IBGP

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 7


BGP Next-Hop Example (1 of 3)
R2 172.19.20.0/24
192.168.10.2/32
AS 1
.2 .2
.2
R4 AS 2
10.30.3/24 10.20.2/24
10.10.1/24
.1 .1
.2 10.40.4/24 .1
.1
R1 R3
192.168.10.1/32 192.168.10.3/32

user@R3> show bgp summary


[...]
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.10.1.2 2 7 6 0 0 1:42 1/1/1/0 0/0/0/0
192.168.10.1 1 9 12 0 0 4:02 0/0/0/0 0/0/0/0
192.168.10.2 1 10 11 0 0 3:58 0/0/0/0 0/0/0/0

user@R3> show route receive-protocol bgp 10.10.1.2


inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.19.20.0/24 10.10.1.2 2 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 8


BGP Next-Hop Example (2 of 3)
R2 172.19.20.0/24
192.168.10.2/32
AS 1
.2 .2
.2
R4 AS 2
10.30.3/24 10.20.2/24
10.10.1/24
.1 .1
.2 10.40.4/24 .1
.1
R1 R3
192.168.10.1/32 192.168.10.3/32

user@R1> show bgp summary


[...]
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.10.2 1 37 38 0 0 15:46 0/0/0/0 0/0/0/0
192.168.10.3 1 39 36 0 0 15:46 0/1/1/0 0/0/0/0

user@R1> show route receive-protocol bgp 192.168.10.3

inet.0: 10 destinations, 10 routes (9 active, 0 holddown, 1 hidden)

user@R1>

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 9


BGP Next-Hop Example (3 of 3)
R2 172.19.20.0/24
192.168.10.2/32
AS 1
.2 .2
.2
R4 AS 2
10.30.3/24 10.20.2/24
10.10.1/24
.1 .1
.2 10.40.4/24 .1
.1
R1 R3
192.168.10.1/32 192.168.10.3/32

user@R1> show route hidden extensive user@R1> show route 10.10.1.2


inet.0: 10 destinations, 10 routes (9 active, 0 holddown, 1 hidden)
172.19.20.0/24 (1 entry, 0 announced) user@R1>
BGP Preference: 170/-101
Next hop type: Unusable
Address: 0x24db9cc
Next-hop reference count: 1
State: <Hidden Int Ext>
Peer AS: 1
Age: 21:43
Validation State: unverified
Task: BGP_1_1.192.168.10.3+53732
AS path: 2 I
Accepted
Localpref: 100
Router ID: 192.168.10.3
Indirect next hops: 1
Protocol next hop: 10.10.1.2
Indirect
© 2013 Juniper Networks, Inc. All rights reserved. next hop: 0 - INH Session ID: 0x0 www.juniper.net | 10
BGP Next-Hop Resolution

▪ BGP next-hop solutions:


•Next-hop self
• Use a policy to alter the next-hop value
• Change the BGP next hop to be the address of the IBGP peer
•IGP passive interface
• IGP advertises external interface prefixes to IBGP peers,
no adjacency formed
• Adds external interface prefixes to the IGP routing tables

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 11


Change Next Hop to Self (1 of 3)
R2 172.19.20.0/24
192.168.10.2/32
AS 1
.2 .2
.2
R4 AS 2
10.30.3/24 10.20.2/24
10.10.1/24
.1 .1
.2 10.40.4/24 .1
.1
R1 R3
192.168.10.1/32 192.168.10.3/32 user@R3# show policy-options
policy-statement next-hop-self {
then {
next-hop self;
}
}

Policy defined here... [edit]


user@R3# show protocols bgp
group int {
…and applied here type internal;
local-address 192.168.10.3;
export next-hop-self;
neighbor 192.168.10.1;
neighbor 192.168.10.2;
}

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 12


Change Next Hop to Self (2 of 3)
R2 172.19.20.0/24
192.168.10.2/32
AS 1
.2 .2
.2
R4 AS 2
10.30.3/24 10.20.2/24
10.10.1/24
.1 .1
.2 10.40.4/24 .1
.1
R1 R3
192.168.10.1/32 192.168.10.3/32

user@R1> show bgp summary


[...]
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.10.2 1 324 327 0 0 2:25:59 0/0/0/0 0/0/0/0
192.168.10.3 1 327 326 0 0 2:25:59 1/1/1/0 0/0/0/0

user@R1> show route terse


[...]
A V Destination P Prf Metric 1 Metric 2 Next hop AS path
[...]
* ? 172.19.20.0/24 B 170 100 2 I
unverified >10.40.4.1
[...]

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 13


Change Next Hop to Self (3 of 3)
user@R1> show route 172.19.20.0/24 extensive
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
172.19.20.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 172.19.20.0/24 -> {indirect(1048574)}
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x27883a0
Next-hop reference count: 3
Source: 192.168.10.3
Next hop type: Router, Next hop index: 743
Next hop: 10.40.4.1 via ge-1/0/6.0, selected
Session Id: 0x80002
Protocol next hop: 192.168.10.3
Indirect next hop: 2894000 1048574 INH Session ID: 0x80003
State: <Active Int Ext>
Peer AS: 1
Age: 9:55 Metric2: 1
Validation State: unverified
Task: BGP_1_1.192.168.10.3+53732
Announcement bits (2): 2-KRT 4-Resolve tree 1
AS path: 2 I
Accepted
Localpref: 100
Router ID: 192.168.10.3
Indirect next hops: 1
Protocol next hop: 192.168.10.3 Metric: 1
Indirect next hop: 2894000 1048574 INH Session ID: 0x80003
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.40.4.1 via ge-1/0/6.0
Session Id: 0x80002
192.168.10.3/32 Originating RIB: inet.0
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.40.4.1 via ge-1/0/6.0

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 14


Change Next Hop to Peer Address

▪ By default, EBGP-received routes have a next hop of


the neighbor’s address
▪ Peer can alter the next-hop attribute using policy prior
to announcing routes
▪ Can configure local router with an import policy to
force the next hop to be the neighbor’s address

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 15


Peer Address Next-Hop Policy (1 of 3)

AS 1 AS 2
R1 .1 10.10.1/24 .2 R2
192.168.10.1/32 172.16.20.1/32

▪ R1 and R2 routers are EBGP peers using multihop


•R2 router alters the next-hop attribute causing hidden
routes on the R1 router
user@R1> show route receive-protocol bgp 172.16.20.1 hidden

inet.0: 9 destinations, 9 routes (6 active, 0 holddown, 3 hidden)


+ = Active Route, - = Last Active, * = Both

10.100.100.0/24
172.16.30.1 2 I
10.101.101.0/24
172.16.30.1 2 I
10.102.102.0/24
172.16.30.1 2 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 16


Peer Address Next-Hop Policy (2 of 3)
AS 1 AS 2
R1 .1 10.10.1/24 .2 R2
192.168.10.1/32 172.16.20.1/32

[edit]
user@R1# show policy-options
policy-statement next-hop-to-peer-address {
term all-bgp-routes {
then {
next-hop peer-address;
}
}
}
[edit]
user@R1# show protocols
bgp {
group ext {
type external;
multihop {
ttl 2;
}
local-address 192.168.10.1;
import next-hop-to-peer-address;
peer-as 2;
neighbor 172.16.20.1;
}
}
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 17
Peer Address Next-Hop Policy (3 of 3)
user@R1> show route protocol bgp extensive

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)


10.100.100.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 10.100.100.0/24 -> {indirect(21)}
Page 0 idx 0 Type 1 val 83de310
Nexthop: Self
AS path: 2 I
Communities:
Path 10.100.100.0 from 172.16.20.1 Vector len 4. Val: 0
*BGP Preference: 170/-101
Source: 172.16.20.1
Nexthop: 10.10.1.2 via ge-0/2/0.0, selected
Protocol Nexthop: 172.16.20.1 Indirect nexthop: 83e0000 21
State: <Active Ext>
Local AS: 1 Peer AS: 2
Age: 6:56 Metric2: 0
Task: BGP_2.172.16.20.1+2122
Announcement bits (3): 0-KRT 1-BGP.0.0.0.0+179 2-Resolve inet.0
AS path: 2 I
Localpref: 100
Router ID: 172.16.20.1
Indirect nexthops: 1
Protocol Nexthop: 172.16.20.1 Indirect nexthop: 83e0000 21
Indirect path forwarding nexthops: 1
Nexthop: 10.10.1.2 via ge-0/2/0.0

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 18


The Origin Code

▪ Installed by the originating router for the prefix (route)


▪ A tag of believability as to the origin of the route
information (Where did you get it from?)
▪ BGP origin code is a well-known, mandatory attribute
▪ Origin can be internal, external, or unknown
•I: Internal (0)—Learned from an IGP
•E: External (1)—Learned from EGP
•?: Incomplete (2)—NLRI found by some other means
▪ I (0) is better than E (1), which is better than ? (2)
▪ All Junos OS BGP routes have origin IGP by default

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 19


Use of the Origin Attribute

Export Direct:
192.168.14.0/24

Export Statics:
10.0.0.0/8
172.16.0.0/16 EBGP
192.168.27.0/24 Export IGP: To other AS:
10.20.0.0/16 10.0.0.0/8 : Origin IGP
10.20.0.0/16 : Origin IGP
172.16.0.0/16 : Origin IGP
172.31.0.0/24 : Origin ?
192.168.14.0/24 : Origin IGP
From other AS
192.168.27.0/24 : Origin IGP
172.31.0.0/24 : Origin ?
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 20
Origin Example (1 of 2)

▪ Using the defaults, how does AS 40 reach AS 1?


▪ Using the defaults, how do the other remote networks
reach AS 1?
AS 40 AS 10

AS 30 AS 3

AS 1
AS 20 AS 2

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 21


Origin Example (2 of 2)
▪ AS 1 sends origin ? to AS 2
•How does AS 40 reach AS 1 now?
▪ How do the other remote networks reach AS 1 after
this attribute change?
AS 40 AS 10

AS 30 AS 3

AS 1
AS 20 AS 2 ?
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 22
Changing the Origin Code

▪ Find IGP origin codes and change these origin codes


to incomplete
[edit policy-options]
policy-statement change-all-igps {
term igp-to-incomplete {
from {
protocol bgp;
origin igp;
}
then origin incomplete;
}
}

[edit protocols]
bgp {
export change-all-igps;
}
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 23
Multiple Exit Discriminator

▪ An optional, nontransitive attribute, MED is never


passed through one AS to another AS
▪ A neighboring AS can use MED to prefer one of
several paths to the local AS
▪ Informs neighboring AS which ingress path to use to
reach the local AS in an attempt to influence inbound
traffic
▪ Can perform some primitive load balancing
▪ MED values are often translated from IGP metric
▪ Other AS networks can always preempt MED with
other BGP attributes
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 24
Simple MED Example

AS 1
(10.10.0.0/16 nearby) (10.20.0.0/16 nearby)

R1 R2

10.10.0.0/16 MED=10 10.10.0.0/16 MED=20


10.20.0.0/16 MED=20 10.20.0.0/16 MED=10

R3 Acme R4

Traffic for 10.10.0.0/16

Traffic for 10.20.0.0/16

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 25


More Complex Use of MED

▪ Both AS 2 and AS 3 want to influence AS 1 traffic


AS 1 AS 2
R2 MED=50 R4
30.30.30.1
20.20.20.1

MED=200
192.168.13.0/24 advertised
MED=120
from all three routers

AS 3 R3
R1
10.10.10.1
10.10.10.2

Choice of R1, R3, or R4 to reach 192.168.13.0 is up to AS 1.


Chances are that R1 will be picked. Why?
To use R4, AS 1 should use always-compare-med path selection.
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 26
Path Selection and MEDs
▪ By default, the Junos OS uses a deterministic MED
comparison scheme for routes from the same AS
▪ always-compare-med compares MED values,
regardless of whether the neighboring AS is the same
•Use with caution—every network has a different
interpretation of a good MED
▪ cisco-non-deterministic compares paths
based on when they are received
•Not recommended for use in your network
•Can cause incorrect route selections
[edit]
user@router# set protocols bgp path-selection ?
Possible completions:
always-compare-med Always compare MED values, regardless of neighbor AS
cisco-non-deterministic Use Cisco IOS nondeterministic path selection algorithm

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 27


Control the MED with Policy
▪ The action of metric corresponds to the MED value
▪ Can set value to a number or can add to or subtract
from it
[edit policy-options]
policy-statement change-the-MED {
term set-the-med {
from route-filter 172.31.25.0/24 exact;
then metric 50;
}
term add-to-med {
from route-filter 192.168.32.0/20 orlonger;
then metric add 50;
}
term subtract-from-med {
from route-filter 10.124.0.0/16 upto /24;
then metric subtract 50;
}
}
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 28
Coordinating MED and IGP Metrics Directly
▪ Use the metric-out command with a group or
neighbor
•Can be set to:
• A specific value
• The current IGP metric
• The minimum IGP metric ever learned
•Can add to or subtract from the IGP metric
•Can also modify using policy
[edit protocols bgp]
group as-100-peers {
type external;
peer-as 100;
neighbor 192.168.2.2 metric-out 10;
neighbor 192.168.3.3 metric-out igp;
neighbor 192.168.4.4 metric-out minimum-igp;
neighbor 192.168.5.5 metric-out igp 5;
}
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 29
Coordinate MED and IGP Metrics with
Policy
▪ BGP can set the MED value on route announcements
based on the IGP metric to the peer from which the
route was received
▪ Use the metric command with a policy
•Can set it to the current IGP metric
•Can set it to the minimum IGP metric ever learned
•Can add it to or subtract it from the IGP or minimum IGP
metric
[edit policy-options policy-statement alter-metrics]
term possible-igp-setting {
then {
metric igp offset;
}
}
term possible-minimum-igp-setting {
then {
metric minimum-igp offset;
}
}Juniper Networks, Inc. All rights reserved.
© 2013 www.juniper.net | 30
MEDs and Aggregates

▪ When route aggregation occurs, the MED values


associated with the more granular routes are no
longer available

172.17.63/24 MED=100

172.17.3/24 MED=150 172.17/16 MED=0

172.17.4/24 MED=160

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 31


More on MEDs and Aggregates

192.168.16.0/20 MED=0
192.168.17.0/24 MED=10
192.168.17.0/24 MED=10
user@router> show route protocol bgp

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

192.168.17.0/24 *[BGP/170] 00:20:36, MED 10, localpref 100, from 192.168.48.1


AS path: (65001) 1 I
> to 10.40.40.1 via so-0/0/0.0

user@router> show route advertising-protocol bgp 10.222.11.1

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
192.168.16.0/20 Self 100 65001 1 I
192.168.17.0/24 192.168.0.1 10 100 65001 1 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 32


AS Path Basics

▪ BGP AS Path is a well-known, mandatory attribute


▪ Used to indicate path back to the route’s source and
to prevent routing loops
•Each EBGP router prepends its AS number to the AS Path
•Routes with the receiving router’s AS number in the AS path
are considered looped and not advertised

Route X Route X Route X

AS 501 AS 645 AS 452 AS 521


Route X

Each router on the edge of the AS adds its


AS Path = 645 501 AS Path = 452 645 501
AS number to the front of the path

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 33


Autonomous System Numbers

▪ RFC 1930 defined ASNs as 16-bit integers


•65536 ASNs available (some reserved by IANA)
•Private range is 64512-65534
▪ RFC 4893 defines 32-bit ASNs
•Written as two 16-bit numbers: x.y
•Old ASNs written as 0.y
•1.y and 65535.65535 are reserved

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 34


Modifying AS-Path: Prepend

▪ Manipulating the AS-path attribute is a major way to


favor or disfavor BGP routes
▪ AS 1 prepends its AS number four times to AS 2
•How does AS 40 reach AS 1?
•How about the other remote networks?
AS 40 AS 10

AS 30 AS 3
1I

AS 1
AS 20 AS 2 11111I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 35


AS-Path Prepend Example
[edit routing-options]
autonomous-system 1;

[edit protocols]
bgp {
group peer-AS2 {
type external;
export longer-as-path;
peer-as 2;
neighbor 10.10.10.2;
}
}

[edit policy-options]
policy-statement longer-as-path {
then as-path-prepend “1 1 1 1”;
}

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 36


Output of AS Path Information
▪ Output of show route displays various outputs in
AS path
•Brackets enclose the local AS number
•Braces enclose AS sets
•Parentheses enclose a confederation

user@router> show route protocol bgp terse

inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path


* 64.168.48.0/24 B 170 100 5 >10.222.9.1 3944 2222 I
* 64.168.49.0/24 B 170 100 5 >10.222.9.1 7777 7777 [7777] I
* 64.168.50.0/24 B 170 100 5 >10.222.9.1 {444 555 7777} I
* 64.168.51.0/24 B 170 100 10 >10.222.9.1 (65009 65003 65000) 111 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 37


Regular Expressions and BGP Routes

▪ Often, BGP policy relies on finding prefixes based on


their AS-path information
•Used to enforce administrative policy
•Sometimes easier than looking for specific prefixes
▪ Common policy requirements:
•Find all routes originating in AS 1
•Find all routes that transited AS 100
•Find all the routes originating in my own AS
▪ AS-path regular expressions allow the selection of the
proper prefixes

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 38


Regular Expressions

▪ A powerful pattern-matching engine


▪ Work not only on fixed strings (as do wildcards), but
on variable patterns of text
▪ Combination of text and special operators
▪ Allow for things to be found in context, not as isolated
instances

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 39


Regular Expression Terms
▪ Regular expressions take the form term operator
▪ Terms are mandatory and identify the AS number:
•Can be a single AS number
• For example, 1024
•Can be a complete AS path
• For example, 1024 2685 3957
•Can be a wildcard dot character ( . ), which represents a
single AS
• For example, 1024 . 3957
▪ Each AS number (not a character) represents a single
entity to the regular expression parser

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 40


Regular Expression Operators
▪ Regular expressions take the form term operator
▪ The operator is an optional pattern-matching
character that applies to a single term
•Operators immediately follow the term referenced
• For example, 1024? 2685
•The pipe ( | ) operator is used between terms
• For example, 1024 | 2685
•The dash ( - ) operator is used between terms
• For example, 1024 - 2685
▪ One or more term-operator pairs can appear in an
AS-path regular expression

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 41


AS-Path Regex Operators

{m,n} Match at least m and at most n repetitions of term


{m} Match exactly m repetitions of term
{m,} Match m or more repetitions of term
* Match 0 or more repetitions of term, same as {0,}
+ Match 1 or more repetitions of term, same as {1,}
? Match 0 or 1 repetitions of term, same as {0,1}
| Match one of the two terms on either side of the pipe
- Used to represent a range
(…),() Used to group terms, or indicate null with no space

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 42


Regular Expression Examples
AS-path pattern to match: Regex: Sample matches:
Exactly one instance of AS 1234 1234 1234
0 or more instance of AS 1234 1234* 1234, 1234 1234, etc.,
or null AS path
0 or 1 instance of AS 1234 1234? 1234
null AS path
1 to 4 instances of AS 1234 1234{1,4} 1234, 1234 1234, 1234
1234 1234,
1234 1234 1234 1234
1 to 3 instances of AS 12 followed by 12{1,3} 34 12 34, 12 12 34,
1 instance of AS 34 12 12 12 34
Range of AS numbers to match a 123 – 125 123 or 124 or 125
single AS

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 43


More Regex Examples
AS-path pattern to match: Regex: Sample matches:
Second AS must be 56 or 78 . (56|78) 1234 56,
34 78
Second AS might be 56 or 78 . (56|78)? 1234, 1234 56, 34 78
All paths from neighbor AS 1234 1234 .* 1234, 1234 5678,
1234 5 6 7 8
1 followed by 2, followed by one or 1 2 3+ 1 2 3, 1 2 3 3,
more instance of 3 1 2 3 3 3, etc.
One or more instance of 1, then 2, 1+ 2+ 3+ 1 2 3, 1 1 2 3,
then 3 1 1 2 2 3, 1 1 2 2 3 3,
etc.
Any length path that contains the list .* 4 5 6 .* 1 2 3 4 5 6,
4, 5, 6 in it anywhere 1 2 3 4 5 6 7 8 9,
456789
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 44
Regular Expression Formation
▪ AS regular expressions are defined at the
policy-options hierarchy level
[edit policy-options]
user@user# set as-path name regular-expression
▪ Format:
• name identifies the regular expression
• regular-expression consists of the pattern to match in
term operator format
▪ The name can be up to 255 characters long
▪ To include spaces in the name, enclose the entire name
in double quotation marks
▪ Can use the defined AS-path regex as a policy match
condition
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 45
Regex Example

▪ Accept only routes with the exact AS path of


1234 56 78 9
[edit policy-options]
as-path digits-route “1234 56 78 9”
policy-statement from-digits-route {
term digits {
from as-path digits-route;
then accept;
}
term reject-others {
then reject;
}
}
[edit protocols]
bgp {
import from-digits-route;
}

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 46


Another Regex Example

▪ Reject any routes with AS 123, 124, or 125 anywhere


in the AS path
[edit policy-options]
as-path not-a-good-route “.* 123-125 .*”

policy-statement from-not-a-good-route {
term not-good {
from as-path not-a-good-route;
then reject;
}
}

[edit protocols]
bgp {
import from-not-a-good-route;
}

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 47


Test Your Knowledge
▪ Consider this policy statement:
policy-statement testing-as-paths {
term as-paths {
from as-path testing-1-2-3;
then accept;
}
then reject;
}
▪ Will the router accept a route with the path 1024 44
44 2685, given the following as-path statements?
• set as-path testing-1-2-3 “.* 1024”
• set as-path testing-1-2-3 “1024 .*”
• set as-path testing-1-2-3 “.* 1024 .*”
• set as-path testing-1-2-3 “.* 44{1,2} .*”
• set as-path testing-1-2-3 “2685 44{1,3}
1024”
• set as-path testing-1-2-3 “1024 44{1,3}
2685”
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 48
AS Regular Expression Enhancements
▪ Support for as-path-group
•Simplifies AS path-related policy in situations where:
• You have a large number of individual AS-path regular expressions
that are evaluated as a logical OR
• You have a single large AS-path regular expression that is difficult
to understand because of its size
[edit policy-options]
user@router# show
policy-statement test-as-group {
term 1 {
from as-path-group as-group-1;
then accept;
}
term 2 {
then reject;
}
}
as-path-group as-group-1 {
as-path path_1 ".* 1 .*;";
as-path path_2 ".* 2 .*;";
as-path path_3 ".* 3 .*;";
}
© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 49
Null AS Path

▪ Routes that originated in your own AS have no AS


numbers in the path yet
▪ To reference the null AS path within a policy, use
parentheses (with no space) regular expression
192.168.48.0/24
192.168.49.0/24 IBGP
192.168.50.0/24
192.168.51.0/24

user@router> show route protocol bgp terse

inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path


* 192.168.48.0/24 B 170 100 5 >10.222.9.1 I
* 192.168.49.0/24 B 170 100 5 >10.222.9.1 I
* 192.168.50.0/24 B 170 100 5 >10.222.9.1 I
* 192.168.51.0/24 B 170 100 10 >10.222.9.1 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 50


Null AS Path to Stop Transit

▪ AS 2 does not want to provide transit service to AS 1

10.200.0.0/16
172.31.0.0/16: 1 172.31.0.0/16: 1
AS 2 192.168.14/24: 1
192.168.14/24: 1 10.200.0.0/16: 2

AS 1
AS 4

172.31.0.0/16: 1
10.100.0.0/16: 3
192.168.14/24: 1
10.100.0.0/16 172.31.0.0/16: 3 1
192.168.14/24: 3 1
AS 3 172.31.0.0/16: 1
192.168.14/24: 1

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 51


Null AS Path in Action (1 of 2)

AS 1
192.168.48.0/24
192.168.17.0/24 192.168.49.0/24 IBGP
192.168.50.0/24
EBGP 192.168.51.0/24
R1 R2
EBGP
policy-options {
policy-statement not-a-transit {
term accept-my-as {
from { 10.222.11.1
protocol bgp;
as-path my-own-as;
}
then accept;
}
term reject-all-else {
then reject;
}
}
}
as-path my-own-as "()";

bgp {
export not-a-transit;
}

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 52


Null AS Path in Action (2 of 2)

AS 1
192.168.48.0/24
192.168.17.0/24 192.168.49.0/24 IBGP
192.168.50.0/24
EBGP 192.168.51.0/24
R1 R2

EBGP
user@R2> show route protocol bgp terse
inet.0: 43 destinations, 43 routes (43 active, 0 holddown, 0 hidden) 10.222.11.1
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 192.168.17.0/24 B 170 100 5 >10.40.40.1 1 I
* 192.168.48.0/24 B 170 100 5 >10.40.40.1 I
* 192.168.49.0/24 B 170 100 5 >10.40.40.1 I
* 192.168.50.0/24 B 170 100 5 >10.40.40.1 I
* 192.168.51.0/24 B 170 100 10 >10.40.40.1 I
user@R2> show route advertising-protocol bgp 10.222.11.1
inet.0: 43 destinations, 43 routes (43 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
192.168.48.0/24 192.168.48.1 5 100 I
192.168.49.0/24 192.168.48.1 5 100 I
192.168.50.0/24 192.168.48.1 5 100 I
192.168.51.0/24 192.168.48.1 10 100 I

© 2013 Juniper Networks, Inc. All rights reserved. www.juniper.net | 53

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy