BGP Regular Expressions Examples

This topic is to discuss the following lesson:

https://networklessons.com/bgp/bgp-regular-expressions-examples/

Hey Rene,

I have found one of Swisscom BGP router from that expressions:

AS path access list 1
    permit ^$
    permit 650[0-9][0-9][)]$

permit ^$ : I think this one is written for locally originating routes

I can’t get a meaning the last one’s " [)] "section ? You have an idea?
By the way ; these ip as-path access lists , bgp filtering commands just filtering the AS’s that advertising from another BGP routers right?

Deniz

Hi Deniz,

The first entry will match on prefixes that originated in this AS. The second one will match on everything that ends with 650XX). Anything in the 64512 – 65535 range are private AS numbers. The [)] is a bit strange, normally you use the [] for a range (like 0-9). I’m guessing that they use it to match on sub-AS numbers in a confederation? That’s the only time you will see a ) in the AS path:

https://networklessons.com/bgp/bgp-confederation-explained/

Rene

Hi Rene,
Just looked at BGP looking glass server. How can one practice regular expression on this site? Thanks!
A.

Hi A,

Most of the looking glass servers support regular expressions so that would be the best option to get some practice. If you want to practice this “locally” then I would configure some BGP routers and use route-maps for things like AS path prepending, this can be used as a nice simulation of the Internet.

Rene

Is it abnormal not really to be real fluent with these?

Don’t get me wrong I see the examples and as I went through lessons later on I see some of the examples come up that can be useful.

I am good with ones like:

^$ which can be useful for applying to everything (you use this one when dealing with Transit issues when multi-homing and need to filter) or ^63100$ apply to an AS specifically.

I also get and like the ones like Capture which would give every AS that goes through AS 51 those are cool. (I had to take a picture and upload because could not figure out how to use the underscores in posting on the forums is there a trick to that?)

Even the more complex examples I could use but I am not getting this like I can start coding with it or something I am understanding it on the level that I can login to this site to get something I need or perhaps google it and search for something I need (minus the simple ones that I used at beginning those stuck) is that ok? or do I really need to drill on these or just understand what they are used for in searches and filters and know that I can look these up when I need?

Also do these Regular Expressions just deal with BGP AS?

I have touched upon these in Microsoft PowerShell as well though they applied to everything but was used for similar purpose of searches or filters and such.

Hi Brian,

It’s normal I think…as network engineers, we don’t use regular expressions much. If you are into programming, you’ll use them quite a lot to match strings/numbers/etc… If you want to practice these, try a site like:

https://regexr.com/

Paste in the output of a BGP table there and test it…it’s easier and quicker than testing regex on your router.

I wouldn’t worry about this too much though…when you need to use them for BGP, you can always look them up…test it, then apply it to your router. No need to memorize all the different options. When you need it, it’s probably a simple regex, nothing more.

The underscore works fine here btw? SHIFT + - (dash) does the job.

Rene

1 Like

Hi Rene and Laz,

according to this phrase:

^([0-9]+)_51 matches prefixes from AS 51 where AS 51 is behind one of our directly connected AS’es.

wouldn’t it be more correct to match the search by this algorithm:

 ^([0-9]+)_51_

because in your algorithm’s example as I could figure out the underscore’s use, it would find prefixes like this (if our directly neighbor is ASN 78):

10.0.0.0/24      "next hop ip"       78,51,874,5456 i
20.0.0.0/24     "next hop ip"         78,5151,651 i

so I don’t want to get the ASN 5151 as being the second AS hop, only 51 itself.

so my question was to make sure if I’m wrong or not about my assumption of the actual algorithm that should be used by the lesson’s phrase.

Thank you very much.

Hi Nitay,

Sometimes, there are multiple ways to achieve the same thing with regex. The _ matches the space in between the AS numbers.

If this is what you want, I would use this regex:

show ip bgp regex ^([0-9]+)51$

The $ matches the end of the string. Here’s a quick test on a looking glass server for AS 4826:

route-views.optus.net.au>show ip bgp regex ^([0-9]+)_4826$
BGP table version is 1021954775, local router ID is 203.202.125.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  43.241.188.0/22  202.139.124.130         10             0 7474 4826 i
*                   203.13.132.7             1             0 7474 4826 i
*                   203.202.143.34                         0 7474 4826 i
*>                  203.202.143.33                         0 7474 4826 i
*                   192.65.89.161            1             0 7474 4826 i

It only shows results for AS 4826 behind any of our directly connected ASes. It won’t match on any ASes behind AS 4826.

Is this what you were looking for?

Rene

1 Like