Regular expressions are an important part of today's policy applications. They are used especially in situations where a router is situated at an Internet peering point, and they operate on BGP AS paths. Using regular expressions, a router can match against occurrences of a number of different ASNs through a single expression. It can also match against a number of BGP community attributes. 11.7.1 Regular Expressions for AS PathsThe use of JUNOS regular expressions as they apply to BGP AS path matching was discussed in Chapter 10. Before covering the implementation of regular expressions in greater detail, you must first be familiar with the regular expression operators and how they are put together. Regular expressions are made up of characters, numbers, and operators. Operators are used to match against patterns of characters , patterns of numbers, or a combination of both. They contain individual grouping functions that enable a user to construct complex match conditions, such as searching for multiple, rather than a single, numbers or characters. The different operators that can be used to design a regular expression are explained as follows :
There exist three additional operators that cannot be used with AS path expressions. We will review them later when we look at communities. These operators are as follows:
Wildcard matching can be invoked using dot-star (.*) notation. Examples of this are as follows:
Figure 11-10 illustrates the use of AS path regular expressions in JUNOS. A route X originates from AS 65535. We are observing this route from the point of view of AS 65531. AS 65535 prepends route X with two instances of its own ASN to make the inbound path from AS 65534 less attractive than the path from AS 65533. The route X passes through each AS with each AS prepending the route with its own ASN. The route X arrives at AS 65531 through two different paths, which gives AS 65531 two choices. If AS 65531 would like to use only path X: 65534 65535 65535 65535, even though it is the longer of the two, then the configuration would look as follows: policy-statement routex { term match-path { from as-path routex; then accept; } term other-paths { then reject; } } as-path routex "65534 65535{3}"; Figure 11-10. AS Path Matching Using Regular Expressions
If AS 65531 wants to match against any AS path, then more AS path operators can be employed to assist in this task. For AS 65531 to allow the use of all paths to AS 65535, then the following configuration could be used: policy-statement routex { from as-path routex_all-paths; then { preference 100; accept; } } as-path routex_all-paths "(6553265534) 65533* 65535+ "; The above expression reads as follows: Match against a sequence containing a first term of 65532 or 65534, followed by zero or more occurrences of 65533, followed by one or more occurrences of 65535. 11.7.2 Community Regular ExpressionsAt this stage you should be familiar with BGP communities, which were discussed in Chapter 10, and the regular expression operators discussed earlier in this chapter. For those of you familiar with Cisco products, a useful piece of information is that all community regular expressions begin with ^ and end with $ . JUNOS requires the use of the quotation marks to enclose the regular expression. The community regular expressions used in JUNOS are the same as the standard UNIX regular expressions. In JUNOS, community-attribute matching is very similar to AS path matching. Communities are defined in the same way through the use of policy statements. Community definitions require a name and appropriate member IDs, such as the following: community sample-community members [ 65535:1 no_export no_advertise no_export_subconfed ]; The above example illustrates all of the possible community IDs that are configurable. A regular community ID takes the format of AS-number:Community-ID , such as 65535:1 . The above three community IDs are outlined in RFC 1997, "BGP Communities Attribute" [5]. Once the communities have been defined, they can be matched against in regular expressions. To do this, one would use the same operators as in AS path matching. A few examples include the following:
Community attributes are transitive if present, but upon receiving a route with a community, a router can add, delete, or modify this attribute. A very simple policy can be configured to keep from advertising any community attributes at all: policy-statement no-community-export { then { community delete match-all; } } community match-all members *.*; Because there is no from statement, all routes match and all community attributes are removed. JUNOS also supports the configuration of the BGP extended communities attribute, but no regular expressions are supported for this as of yet. |