BGP Regular Expressions

Revised December 8, 2002

Questions? Comments? E-mail: AL "at" CatSpace "dot" com


EXERCISES:

1. Construct a regular expression that matches the AS path "48 206 1852 444". Note that AS 48 is directly connected to your AS, and that the routes were injected into BGP by AS 444.

2. Construct a regular expression that matches any path your AS learned directly from AS 777.

3. Construct a regular expression that matches any AS path for which the routes were injected into BGP by AS 888.

4. Construct one regular expression that matches all of the following AS paths (and no others):

5. Construct one regular expression that matches both of the following AS paths (and no others):

6. The command "show ip bgp" displays a Cisco router's entire BGP RIB (Routing Information Base). Give a "show" command that displays only the portion of the RIB that matches only the following conditions:

7. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

8. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

9. Give a "show" command that displays only the portion of the BGP RIB that meets the following conditions:

10. Give a "show" command that displays only the routes in the IP routing table that were learned by BGP.

11. Construct an AS path ACL (Access Control List) that denies any path in which the digit "6" appears in any AS number in the path, and permits all other paths.

12. Construct an AS path ACL that permits all paths for which the routes were injected into BGP by AS 303 or AS 304, and denies all other paths.

13. Construct an AS path ACL that denies all paths for which the routes were learned from AS 1, AS 20, AS 21, or AS 22, and permits all other paths.

14. Construct an AS path ACL that permits all paths for which the routes were injected by AS 6005, denies all paths for which the routes were injected by any AS in the ranges from 6001 to 6004 and 6006 to 6009, and permits all other paths.

15. Construct an AS path ACL that permits any AS paths your router learned directly from any AS whose AS number begins with the digit "5", and denies all other paths.

16. Construct an AS path ACL that:

17. Construct an AS path ACL that:

18. Give a "show" command that displays all routes in the BGP RIB that originated in your AS.

19. Give a "show" command that displays all routes in the BGP RIB that did not originate in your AS.

20. Construct an AS path ACL that permits all AS paths that are exactly three Autonomous Systems long.

21. Construct an AS path ACL that permits all AS paths that are at least two Autonomous Systems in length.

ANSWERS:

1. The regexp is:

 ^48_206_1852_444$

2. The regexp is:

 ^777_

3. The regexp is:

 _888$

4. The regexp is:

 ^101_202_303_40[0-7]$

5. The regexp is:

 ^101_(202_303|303_202)_404$

6. The command is:

 show ip bgp regexp ^777_(.+_)*888$

              - or -

 show ip bgp regexp ^777(_.+)*_888$

Note that the following regular expression is incorrect:

 ^777_.*_888$

In the absence of an AS between 777 and 888, this regular expression requires two spaces between successive AS numbers (and AS paths never have more than one space between successive AS numbers).

7. The command is:

 show ip bgp regexp ^456_1[135-8]1_928$

8. The command is:

 show ip bgp regexp ^(10_21|43_54|76_87|91_12)_100$

9. The command is:

 show ip bgp regexp ^555_(.+_)*87_(.+_)*902$

10. The command is:

 show ip route bgp

11. The AS path ACL is:

 ip as-path access-list 11 deny 6
 ip as-path access-list 11 permit .*

12. The AS path ACL is:

 ip as-path access-list 12 permit _30[34]$

13. The AS path ACL is:

 ip as-path access-list 13 deny ^(1|2[012])_
 ip as-path access-list 13 permit .*

14. The AS path ACL is:

 ip as-path access-list 14 deny _600[1-4]$
 ip as-path access-list 14 deny _600[6-9]$
 ip as-path access-list 14 permit .*
This will also work:
 ip as-path access-list 14 deny _600[1-46-9]$
 ip as-path access-list 14 permit .*

15. The AS path ACL is:

 ip as-path access-list 15 permit ^5

16. The AS path ACL is:

 ip as-path access-list 16 permit ^500_(.+_)*400_(.+_)*300_200$
 ip as-path access-list 16 deny _200$
 ip as-path access-list 16 permit .*

17. The AS path ACL is:

 ip as-path access-list 17 permit [02468]$
 ip as-path access-list 17 permit _(799?)$

18. The AS path ACL is:

 show ip bgp regexp ^$

19. A correct AS path ACL is:

 show ip bgp regexp .+

20. A correct AS path ACL is:

 ip as-path access-list 20 permit ^[0-9]+_[0-9]+_[0-9]+$

21. Four correct AS path ACL's are:

 ip as-path access-list 21 permit [0-9]+_[0-9]+

 ip as-path access-list 21 permit ._.

 ip as-path access-list 21 permit . .

 ip as-path access-list 21 permit ( )


Try some "regexps" on a real Internet core router! Note: These are not a web sites, you are accessing them with Telnet. If they don't respond, try again later (they don't support an infinite number of inbound VTY sessions). Also, be aware that their BGP RIBs and IP routing tables contain over 100K entries, so commands that require sorting (such as "show ip bgp regexp") may require a little time to process.

When you get in, try some "show" commands, like:


Return to the top of this Exercise!

Return to the directory of Goodies!


Copyright © 2002 Alchemy, Inc. All rights reserved.