11.7 Regular Expressions and Communities

Regular expressions are an important part of today's policy applications. They are used especially in situations where a router is situated at an Internet peering point, and they operate on BGP AS paths. Using regular expressions, a router can match against occurrences of a number of different ASNs through a single expression. It can also match against a number of BGP community attributes.

11.7.1 Regular Expressions for AS Paths

The use of JUNOS regular expressions as they apply to BGP AS path matching was discussed in Chapter 10. Before covering the implementation of regular expressions in greater detail, you must first be familiar with the regular expression operators and how they are put together.

Regular expressions are made up of characters, numbers, and operators. Operators are used to match against patterns of characters , patterns of numbers, or a combination of both. They contain individual grouping functions that enable a user to construct complex match conditions, such as searching for multiple, rather than a single, numbers or characters. The different operators that can be used to design a regular expression are explained as follows :

• t { a, b } ” When used in a regular expression, this means that there must be at least a matches and at most b matches of a term t, a character string or number preceding the operator. Both a and b are positive integers, and b is greater than a.

  • One example would be 24 { 1,2 } which would match sequences 24 and 24 24 because we requested a match for at least one occurrence, and at most two occurrences, of the number 24. The number 24 in this example could be an ASN where the matching is carried out using an expression on an AS-path list that is received in a BGP update.

  • The { a, b } operator can also reside in the middle of an expression, for example, 24 { 1,2 } 34. This expression would match at least one occurrence, and at most two occurrences, of the number 24 immediately followed by the number 34. Therefore this would match sequences 24 34 and 24 24 34.

  • A special case of the { a, b } operator is { 0,1 } , which is normally represented by a ? symbol. The { 0,1 } or ? operator matches zero or more occurrences of a term. Either format is acceptable in a regular expression.

• t { a } ” When used in a regular expression preceded by a term t, there must be exactly a occurrences of the term t, where a is a positive integer.

  • One example is 24 { 3 } . This would match the sequence 24 24 24, or more specifically , three successive occurrences of the number 24.

• t { a, } ” When used in a regular expression, this means that there must be a or more repetitions of a term t, where a is a positive integer.

  • One example is 24 { 3, } . This would match the sequences 24 24 24; 24 24 24 24; 24 24 24 24 24; and so on.

• There are two special cases of this operator:

  • t { 0, } is normally represented by a * symbol. The * or { 0, } operators are used to match against zero or more repetitions of a term t. Either format is acceptable in a regular expression.

  • t { 1, } is normally represented by a + symbol. The + or { 1, } operators are used to match against one or more occurrences of a term t. Either format is acceptable in a regular expression.

• ”When used in a regular expression, the logical OR operator matches against either of the terms specified on each side of the symbol.

  • One example is 2434 this would match 24 or 34.

• () ”When used in a regular expression, round parentheses define a group of terms.

  • a “ b ” When used in regular expressions, the minus sign between two terms is used to indicate a range.

  • One example is 23 “34. This would match 23, 24, 25, and so on, up to 34.

There exist three additional operators that cannot be used with AS path expressions. We will review them later when we look at communities. These operators are as follows:

1. ^ ” When used in a regular expression, the carat symbol represents the beginning of a BGP community string.

2. $ ” When used in a regular expression, the dollar sign represents the end of a community string.

3. [] ” When used in a regular expression, square brackets are used to enclose a range of letters or digits.

Wildcard matching can be invoked using dot-star (.*) notation. Examples of this are as follows:

• Dot-star ” 24 25 26.* ”matches the explicit sequence 24 25 26 followed by the occurrence of any other term.

Figure 11-10 illustrates the use of AS path regular expressions in JUNOS. A route X originates from AS 65535. We are observing this route from the point of view of AS 65531. AS 65535 prepends route X with two instances of its own ASN to make the inbound path from AS 65534 less attractive than the path from AS 65533. The route X passes through each AS with each AS prepending the route with its own ASN. The route X arrives at AS 65531 through two different paths, which gives AS 65531 two choices. If AS 65531 would like to use only path X: 65534 65535 65535 65535, even though it is the longer of the two, then the configuration would look as follows:

 policy-statement routex {      term match-path {         from as-path routex;         then accept;     }     term other-paths {         then reject;     } } as-path routex "65534 65535{3}"; 

If AS 65531 wants to match against any AS path, then more AS path operators can be employed to assist in this task. For AS 65531 to allow the use of all paths to AS 65535, then the following configuration could be used:

 policy-statement routex {      from as-path routex_all-paths;     then {         preference 100;         accept;     } } as-path routex_all-paths "(6553265534) 65533* 65535+ "; 

The above expression reads as follows: Match against a sequence containing a first term of 65532 or 65534, followed by zero or more occurrences of 65533, followed by one or more occurrences of 65535.

11.7.2 Community Regular Expressions

At this stage you should be familiar with BGP communities, which were discussed in Chapter 10, and the regular expression operators discussed earlier in this chapter. For those of you familiar with Cisco products, a useful piece of information is that all community regular expressions begin with ^ and end with $ . JUNOS requires the use of the quotation marks to enclose the regular expression. The community regular expressions used in JUNOS are the same as the standard UNIX regular expressions.

In JUNOS, community-attribute matching is very similar to AS path matching. Communities are defined in the same way through the use of policy statements. Community definitions require a name and appropriate member IDs, such as the following:

 community sample-community members [ 65535:1 no_export no_advertise  no_export_subconfed ]; 

The above example illustrates all of the possible community IDs that are configurable. A regular community ID takes the format of AS-number:Community-ID , such as 65535:1 .

The above three community IDs are outlined in RFC 1997, "BGP Communities Attribute" [5]. Once the communities have been defined, they can be matched against in regular expressions. To do this, one would use the same operators as in AS path matching. A few examples include the following:

• 65535:* ” This matches all communities from AS 65535, as * is a wildcard operator.

• *:* ” This matches all incoming communities.

• 65535:1.0 ” This matches communities 110,120,130 190 in AS 65535.

Community attributes are transitive if present, but upon receiving a route with a community, a router can add, delete, or modify this attribute.

A very simple policy can be configured to keep from advertising any community attributes at all:

 policy-statement no-community-export {      then {         community delete match-all;     } } community match-all members *.*; 

Because there is no from statement, all routes match and all community attributes are removed. JUNOS also supports the configuration of the BGP extended communities attribute, but no regular expressions are supported for this as of yet.