You want to filter the BGP routes that you send or receive based on the AS path information in the routes.
To filter the routes, create a routing policy that acts on a routes AS path information. The first step is to define a regular expression that matches the AS path information:
[edit policy-options] aviva@RouterD# set as-path from-AS-65500 "65500{4}"
Then reference the AS path information in a routing policy:
[edit policy-options policy-statement match-AS65500 ] aviva@RouterD# set term 1 from as-path from-AS-65500 aviva@RouterD# set term 1 then reject aviva@RouterD# set term accept-others then accept
Finally, apply the policy to a BGP group:
[edit protocols bgp] aviva@RouterD# set group session-to-AS65500 import match-AS65500
It it often useful to develop routing policies based on information within the AS path information. You can then use these policies to enforce your networks administrative policy with respect to a customer or peer. Instead of looking for many prefixes or routes individually, it can be easier to use the AS path. The AS path attribute lets you filter all routes that originated from or transited through a particular AS, all routes announced by a particular neighboring AS, and routes that originated in the local AS.
To match information in the AS path attribute, you first create a regular expression that identifies the match conditions. In this recipe, the set as-path command creates the regular expression from-AS-65500, which matches exactly four occurrences of the string 65500.
A regular expression (also sometimes called a regex) is a pattern-matching tool that applies to strings in AS paths. It has two components, a term and an operator. The term matches an AS number or an AS path, or it can be a wildcard character. If the term includes any spaces, enclose it in quotation marks. The operator indicates how to match the term, typically how many times to match a specific term. In this recipe, 65500 is the term and {4} is the operator. Table 13-1 describes the regular expression operators.
You must include the term when defining the pattern to match, but the operator is optional. When you leave out an operator, the AS path exactly matches what you type for the term.
The JUNOS regular expressions for AS paths are, for the most part, identical to Unix regular expressions. There are, however, a few differences. The main difference is that the basic unit of matching is an entire AS number, not an individual character. This means that the JUNOS regular expression treats 65500 as a single entity when it performs any matching operations, not as the five individual digits 6, 5, 5, 0, and 0. In other words, the AS number is effectively a single integer. A second difference is that with Unix, you need to type the operators ^ (which matches the beginning of a string) and $ (which matches the end of a string), but in the JUNOS regular expressions, these operators are always assumed to be present. So, with Unix you would type ^65500$ to match the string 65500, but in the AS path regular expression you just need to type 65500.
Looking back at our recipe, the AS path match term and operator are:
65500{4}
Translated, this match looks for four adjacent occurrences of the AS path 65500. It would match a path of 65500 65500 65500 65500. Examples of AS paths that this regular expression would not match are 65500 65500 65500, which has only three occurrences of the AS number, and 65500 65525 65500 65500 65500, which doesn have four consecutive occurrences of the AS number.
After you define the match criteria in the set as-path command, you then need to incorporate them into a routing policy. In this recipe, the policy match-AS65500 rejects all routes whose AS path matches the regular expression but accepts all other routes.
As a final step, apply the policy to your BGP group as an import policy.
To verify that the policy is working, look at the BGP routes in the routing table. Before applying the policy, routes containing the AS path 65500 65500 65500 65500 are present:
aviva@RouterD> show route protocol bgp inet.0: 25 destinations, 31 routes (25 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.0.8.0/24 *[BGP/170] 01:42:26, localpref 100 AS path: 65500 65500 65500 65500 I > to 10.0.31.2 via t1-0/0/3.0 …
The route to 10.0.8.0/24 is active (indicated by the asterisk). After applying the policy, the route is no longer in the routing table:
aviva@RouterD> show route 10.0.8.0/24 inet.0: 25 destinations, 31 routes (14 active, 0 holddown, 14 hidden)
This output shows that there are now 14 hidden routes. This is where you find the routes that your policy rejected:
aviva@RouterD> show route 10.0.8.0/24 hidden inet.0: 25 destinations, 31 routes (14 active, 0 holddown, 14 hidden) + = Active Route, - = Last Active, * = Both 10.0.8.0/24 [BGP ] 01:44:48, localpref 100 AS path: 65500 65500 65500 65500 I > to 10.0.31.2 via t1-0/0/3.0
Because the route is hidden, there is no preference associated with it. The route is marked as [BGP ] instead of [BGP/170].
Routes that originate within your AS do not yet have an AS path associated with them. To find them with an as-path policy, create a match condition based on the null AS path:
[edit policy-options] aviva@RouterF# set as-path local-as "()" [edit policy-options policy-statement null-path ] aviva@RouterF# set term accept-null-path from protocol bgp aviva@RouterF# set term accept-null-path from as-path local-as aviva@RouterF# set term accept-null-path then accept aviva@RouterF# set term else-reject then reject
This policy accepts all routes learned from BGP and that have no AS path, and rejects all other routes. A policy like this is useful when the only routes you want to advertise to a particular EBGP peer are those that originated in your AS. For instance, if another AS is advertising routes to you and you don want to readvertise them, you can apply this null AS path policy with a set export null-path command.
Router Configuration and File Management
Basic Router Security and Access Control
IPSec
SNMP
Logging
NTP
Router Interfaces
IP Routing
Routing Policy and Firewall Filters
RIP
IS-IS
OSPF
BGP
MPLS
VPNs
IP Multicast