Hi Hamood,
The _ matches the white space between the AS numbers. For example take a look at this output of a BGP table:
Network Next Hop Metric LocPrf Weight Path
* 1.0.0.0/24 203.202.143.34 0 7474 15169 i
* 202.139.124.130 1 0 7474 15169 i
* 203.13.132.29 0 7474 15169 i
In the AS path there’s a space between the AS numbers, we need to use the _ to match this.
Let’s look at your example:
deny ^10886_209_
The ^ indicates the beginning of the AS path, so AS 10886 is an AS that is directly connected to yours. Behind 10886 there is AS 209.
This statement denies prefixes that you learn from AS 10886 and that AS 10886 has learned from AS 209. It doesn’t matter where AS 209 learned it from…
The permit ^10886_ statement means that you permit everything else that you learn from AS 10886.
Does that help?
Rene