BGP Regular Expressions Examples

Lessons Discussion
1

This topic is to discuss the following lesson:

2

Hey Rene,

I have found one of Swisscom BGP router from that expressions:

AS path access list 1
    permit ^$
    permit 650[0-9][0-9][)]$

permit ^$ : I think this one is written for locally originating routes

I canā€™t get a meaning the last oneā€™s " [)] "section ? You have an idea?
By the way ; these ip as-path access lists , bgp filtering commands just filtering the ASā€™s that advertising from another BGP routers right?

Deniz

3

Hi Deniz,

The first entry will match on prefixes that originated in this AS. The second one will match on everything that ends with 650XX). Anything in the 64512 ā€“ 65535 range are private AS numbers. The [)] is a bit strange, normally you use the [] for a range (like 0-9). Iā€™m guessing that they use it to match on sub-AS numbers in a confederation? Thatā€™s the only time you will see a ) in the AS path:

https://networklessons.com/bgp/bgp-confederation-explained/

Rene

4

Hi Rene,
Just looked at BGP looking glass server. How can one practice regular expression on this site? Thanks!
A.

5

Hi A,

Most of the looking glass servers support regular expressions so that would be the best option to get some practice. If you want to practice this ā€œlocallyā€ then I would configure some BGP routers and use route-maps for things like AS path prepending, this can be used as a nice simulation of the Internet.

Rene

6

Is it abnormal not really to be real fluent with these?

Donā€™t get me wrong I see the examples and as I went through lessons later on I see some of the examples come up that can be useful.

I am good with ones like:

^$ which can be useful for applying to everything (you use this one when dealing with Transit issues when multi-homing and need to filter) or ^63100$ apply to an AS specifically.

I also get and like the ones like Capture which would give every AS that goes through AS 51 those are cool. (I had to take a picture and upload because could not figure out how to use the underscores in posting on the forums is there a trick to that?)

Even the more complex examples I could use but I am not getting this like I can start coding with it or something I am understanding it on the level that I can login to this site to get something I need or perhaps google it and search for something I need (minus the simple ones that I used at beginning those stuck) is that ok? or do I really need to drill on these or just understand what they are used for in searches and filters and know that I can look these up when I need?

Also do these Regular Expressions just deal with BGP AS?

I have touched upon these in Microsoft PowerShell as well though they applied to everything but was used for similar purpose of searches or filters and such.

7

Hi Brian,

Itā€™s normal I thinkā€¦as network engineers, we donā€™t use regular expressions much. If you are into programming, youā€™ll use them quite a lot to match strings/numbers/etcā€¦ If you want to practice these, try a site like:

https://regexr.com/

Paste in the output of a BGP table there and test itā€¦itā€™s easier and quicker than testing regex on your router.

I wouldnā€™t worry about this too much thoughā€¦when you need to use them for BGP, you can always look them upā€¦test it, then apply it to your router. No need to memorize all the different options. When you need it, itā€™s probably a simple regex, nothing more.

The underscore works fine here btw? SHIFT + - (dash) does the job.

Rene

1 Like
8

Hi Rene and Laz,

according to this phrase:

^([0-9]+)_51 matches prefixes from AS 51 where AS 51 is behind one of our directly connected ASā€™es.

wouldnā€™t it be more correct to match the search by this algorithm:

 ^([0-9]+)_51_

because in your algorithmā€™s example as I could figure out the underscoreā€™s use, it would find prefixes like this (if our directly neighbor is ASN 78):

10.0.0.0/24      "next hop ip"       78,51,874,5456 i
20.0.0.0/24     "next hop ip"         78,5151,651 i

so I donā€™t want to get the ASN 5151 as being the second AS hop, only 51 itself.

so my question was to make sure if Iā€™m wrong or not about my assumption of the actual algorithm that should be used by the lessonā€™s phrase.

Thank you very much.

9

Hi Nitay,

Sometimes, there are multiple ways to achieve the same thing with regex. The _ matches the space in between the AS numbers.

If this is what you want, I would use this regex:

show ip bgp regex ^([0-9]+)51$

The $ matches the end of the string. Hereā€™s a quick test on a looking glass server for AS 4826:

route-views.optus.net.au>show ip bgp regex ^([0-9]+)_4826$
BGP table version is 1021954775, local router ID is 203.202.125.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  43.241.188.0/22  202.139.124.130         10             0 7474 4826 i
*                   203.13.132.7             1             0 7474 4826 i
*                   203.202.143.34                         0 7474 4826 i
*>                  203.202.143.33                         0 7474 4826 i
*                   192.65.89.161            1             0 7474 4826 i

It only shows results for AS 4826 behind any of our directly connected ASes. It wonā€™t match on any ASes behind AS 4826.

Is this what you were looking for?

Rene

1 Like
11

Hi Rene,

still i am facing difficult to understand that Regular Expression concepts. can you give your suggestion how to get master on this topics. and 1 more thing how to read that string we can strat from left to right or right to letf

12

Hello Gowthamraj

Looking at the various regular expressions can become confusing if you donā€™t actually use them. The ideal way to learn is to practice, and see how they behave as you apply them. The following lesson uses an example of a regular expression to apply a filter list to prevent a BGP transit AS situation:

You can also take a look at actual examples at the following Cisco documentation:

Finally, you can use the looking glass servers that Rene suggested in the lesson as well. He further explains how to do this in some of the posts above, including this one:

I hope this has been helpful!

Laz

13

Thank you Lagapides i will look into these

1 Like
14

i think right is ^(65200) instead of ^\65200)

15

Hello Konstantinos

Actually, the correct syntax is ^\(65200\) but thanks for pointing out the typo!

Remember that when you use regular expressions, the parentheses ā€œ(ā€ and ā€œ)ā€ are used to group specific portions of the regular expressions in much the same way as you would when using arithmetic. They are also used to OR expressions when using the ā€œ|ā€ pipe character.

BGP confederations use sub-ASes that are actually denoted using parentheses like this: (65200).
However, regular expressions use parentheses as special characters. So in order to cancel out their special usage and have them be used as simple text to be matched, you use the ā€œ\ā€ character. So ā€œ\(ā€ is used to manipulate the open parenthesis as a simple text character. Similarly, ā€œ\)ā€ is used to manipulate the close parenthesis as a simple text character.

So in order to match (65200) as text, we must use ā€œ\(ā€ and ā€œ\)ā€ in place of ā€œ(ā€ and ā€œ)ā€.

I hope this has been helpful!

Laz

PS The forum also understands the meaning of the ā€œ\ā€ character, and when I posted this initially, it interpreted it as a control character, so didnā€™t show up in the text!! So Iā€™ve fixed it and now it appears correctlyā€¦

16

Hello, everyone!

I would like to ask for your assistance with some of these regular expressions since for some reason, I cannot grasp them at all. I understand the basic ones but once brackets and more complicated expressions come into place, I am at a complete loss :smiley:

From Reneā€™s examples, how would these expressions behave if we removed the () brackets?
^([0-9]+)51
^51([0-9]+)

Also could someone please explain the logic behind these for me (from Reneā€™s examples, again).
^(51_)+([0-9]+)
^51_([0-9]+_)+

No matter how many times I look at them, I canā€™t connect all the special characters and their function together somehow. Although I know what the result will be since Rene mentioned it, I still cannot see how the mix of all those characters would accomplish it.

Thank you in advance for your help

David

17

Hello David

^([0-9]+)51 would become ^[0-9]+51 however, this would not change the outcome of the regular expression. This is because [0-9]+ and ([0-9]+) are the same because the parentheses contain a single element. Just like in mathematics, the expression (25)3 is the same as 253. The parentheses, as in mathematics, are used to group multiple elements into a single group to be processed separately. When the group has a single element, there is no difference.

Now for the other two expressions. Letā€™s take a look at this ^(51_)+([0-9]+) and break it down:

  1. ^ : This symbol is used to indicate the start of a line. This means that the match should take place at the beginning of the AS path.

  2. (51_)+ : The number ā€˜51ā€™ would represents an ASN. The underscore _ represents a space, indicating the end of an AS number in an AS path. So ā€˜51_ā€™ represents an ASN of exactly 51 at the beginning of the AS path. Now the + means that the 51 can appear one or more times at the start of the AS path.

  3. ([0-9]+) : This represents one or more digits that can be repeated any number of times. Really this means any number from 0 to infinity, but as for ASNs, this is confined to valid ASN numbers. This instance of an ASN appears only once.

So, in the context of BGP, this regular expression would match an AS path that starts with one or more instances of ASN 51, followed by one more ASN of any valid value.

For the last one, which is ^51_([0-9]+_)+:

  1. ^ : This is the start of line anchor. This specifies that the match must start at the beginning of the AS path.

  2. 51_ : This matches an AS of 51 and the underscore represents a space, indicating the end of an AS number in an AS path.

  3. ([0-9]+_)+ : This is a capturing group followed by a plus sign.

  • [0-9]+ : This matches one or more digits representing an ASN or a sequence of ASNs.
  • _ : This matches the underscore character literally, which in BGP is used as a space to separate ASNs, or at the end of an AS path
  • + : The plus sign outside the parentheses means that the whole group ([0-9]+_) can occur one or more times.

So this regular expression would match an AS path that starts with ASN 51, followed by one or more ASNs, each followed by a space (represented as an underscore). Each ASN and space form a repeating group.

I hope this has been helpful!

Laz