BGP Regular Expressions

EXERCISES:

1. Construct a regular expression that matches the AS path "48 206 1852 444". Note that AS 48 is directly connected to your AS, and that the routes were injected into BGP by AS 444.

2. Construct a regular expression that matches any path your AS learned directly from AS 777.

3. Construct a regular expression that matches any AS path for which the routes were injected into BGP by AS 888.

4. Construct one regular expression that matches all of the following AS paths (and no others):

• 101 202 303 400
• 101 202 303 401
• 101 202 303 402
• 101 202 303 403
• 101 202 303 404
• 101 202 303 405
• 101 202 303 406
• 101 202 303 407

5. Construct one regular expression that matches both of the following AS paths (and no others):

• 101 202 303 404
• 101 303 202 404

6. The command "show ip bgp" displays a Cisco router's entire BGP RIB (Routing Information Base). Give a "show" command that displays only the portion of the RIB that matches only the following conditions:

• Your AS learned the path directly from AS 777, and
• The routes were injected into BGP by AS 888, and
• The path can transit any combination of Autonomous Systems between AS 777 and AS 888, as well as a path directly from AS 777 to AS 888.

7. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

• 456 111 928
• 456 131 928
• 456 151 928
• 456 161 928
• 456 171 928
• 456 181 928

8. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

• 10 21 100
• 43 54 100
• 76 87 100
• 91 12 100

9. Give a "show" command that displays only the portion of the BGP RIB that meets the following conditions:

• Your AS learned the routes directly from AS 555, and
• The routes were injected into BGP by AS 902, and
• The routes passed through AS 87 somewhere along the way.

10. Give a "show" command that displays only the routes in the IP routing table that were learned by BGP.

11. Construct an AS path ACL (Access Control List) that denies any path in which the digit "6" appears in any AS number in the path, and permits all other paths.

12. Construct an AS path ACL that permits all paths for which the routes were injected into BGP by AS 303 or AS 304, and denies all other paths.

13. Construct an AS path ACL that denies all paths for which the routes were learned from AS 1, AS 20, AS 21, or AS 22, and permits all other paths.

14. Construct an AS path ACL that permits all paths for which the routes were injected by AS 6005, denies all paths for which the routes were injected by any AS in the ranges from 6001 to 6004 and 6006 to 6009, and permits all other paths.

15. Construct an AS path ACL that permits any AS paths your router learned directly from any AS whose AS number begins with the digit "5", and denies all other paths.

16. Construct an AS path ACL that:

• Permits all AS paths,
• Except those that originate in AS 200,
• Unless the path originated in AS 200, was advertised by AS 200 directly to AS 300, passed through 400 (but did not have to pass directly from 400 to 300), and was learned directly from 500. These paths are permitted.

17. Construct an AS path ACL that:

• Permits any path that originated in an even-numbered AS, and
• Denies any path that originated in an odd-numbered AS, except that
• Any path that originated in AS 79 or 799 is permitted.

18. Give a "show" command that displays all routes in the BGP RIB that originated in your AS.

19. Give a "show" command that displays all routes in the BGP RIB that did not originate in your AS.

20. Construct an AS path ACL that permits all AS paths that are exactly three Autonomous Systems long.

21. Construct an AS path ACL that permits all AS paths that are at least two Autonomous Systems in length.

ANSWERS:

1. The regexp is:

 ^48_206_1852_444$

2. The regexp is:

 ^777_

3. The regexp is:

 _888$

4. The regexp is:

 ^101_202_303_40[0-7]$

5. The regexp is:

 ^101_(202_303|303_202)_404$

6. The command is:

 show ip bgp regexp ^777_(.+_)*888$

              - or -

 show ip bgp regexp ^777(_.+)*_888$

Note that the following regular expression is incorrect:

 ^777_.*_888$

In the absence of an AS between 777 and 888, this regular expression requires two spaces between successive AS numbers (and AS paths never have more than one space between successive AS numbers).

7. The command is:

 show ip bgp regexp ^456_1[135-8]1_928$

8. The command is:

 show ip bgp regexp ^(10_21|43_54|76_87|91_12)_100$

9. The command is:

 show ip bgp regexp ^555_(.+_)*87_(.+_)*902$

10. The command is:

 show ip route bgp

11. The AS path ACL is:

 ip as-path access-list 11 deny 6
 ip as-path access-list 11 permit .*

12. The AS path ACL is:

 ip as-path access-list 12 permit _30[34]$

13. The AS path ACL is:

 ip as-path access-list 13 deny ^(1|2[012])_
 ip as-path access-list 13 permit .*

14. The AS path ACL is:

 ip as-path access-list 14 deny _600[1-4]$
 ip as-path access-list 14 deny _600[6-9]$
 ip as-path access-list 14 permit .*

 ip as-path access-list 14 deny _600[1-46-9]$
 ip as-path access-list 14 permit .*

15. The AS path ACL is:

 ip as-path access-list 15 permit ^5

16. The AS path ACL is:

 ip as-path access-list 16 permit ^500_(.+_)*400_(.+_)*300_200$
 ip as-path access-list 16 deny _200$
 ip as-path access-list 16 permit .*

17. The AS path ACL is:

 ip as-path access-list 17 permit [02468]$
 ip as-path access-list 17 permit _(799?)$

18. The AS path ACL is:

 show ip bgp regexp ^$

19. A correct AS path ACL is:

 show ip bgp regexp .+

20. A correct AS path ACL is:

 ip as-path access-list 20 permit ^[0-9]+_[0-9]+_[0-9]+$

21. Four correct AS path ACL's are:

 ip as-path access-list 21 permit [0-9]+_[0-9]+

 ip as-path access-list 21 permit ._.

 ip as-path access-list 21 permit . .

 ip as-path access-list 21 permit ( )

• route-server.ip.att.net
• route-server.cerf.net

• sh ver
• sh ip route (the output of this is over 100K lines)
• sh ip route summary
• sh ip bgp summary
• sh ip bgp (the output is well over 100K lines)
• sh ip bgp regexp ...
• sh proc cpu
• sh mem