ip as-path access-list

ip as-path access-list

Defines an access list based on autonomous system path information.

Syntax: [no] ip as-path access-list list-name {permit|deny} as-regular-expression

.

list-name

Unique alpha-numeric name that identifies the regular expression access list. List names can be up to 255 characters in length and contain the following characters: A-Z, a-z, 0-9, _, and -. Use the show ip as-path-access-list to display the names of all defined as-path access lists.

permit

Permits access for matching conditions.

deny

Denies access for matching conditions.

as-regular-expression

Autonomous system in the access list that uses a regular expression.

Description: Access lists are filters that enable you to restrict the routing information a router learns or advertises to and from a neighbor.

Multiple BGP peers or route maps can reference a single access list. You can apply access lists to both inbound route updates and outbound route updates. Each route update is passed through the access-list. BGP applies each rule in the access list in the order it appears in the list. When a route matches any rule, the decision to permit the route through the filter or deny is made, and no further rules are processed

Access lists based on autonomous system path enable you to control routing updates based on BGP autonomous paths information. If you want to control updates for all the routes to or from an autonomous system, filtering based on autonomous system path is more efficient than listing each route individually.

A regular expression is a pattern used to match against an input string. In BGP, you can build a regular expression to match information about an autonomous system path. Regular expressions can include:

Table 5-3. Characters and Components of Regular Expressions
Component Character Description

Ranges

A sequence of characters within square brackets: [1234]

Atoms

A single character with special meaning. Atoms include:

.

Matches any single character.

^

Matches the beginning of an input string.

$

Matches the end of an input string.

_ (underscore)

Matches a comma, left brace, right brace, the beginning of an input string, the end of an input string, or a space.

Pieces

Atoms followed by a special character listed below:

Branches

0 or more concatenated pieces.

The following table provides sample regular expressions:

Table 5-4. Sample Regular Expressions
Regular Expression Description

^nnn$

Indicates the route originated in autonomous system nnn. The ^ means the expression must start with the next character. The $ means the expression must end with the preceding character.

^100$ matches: 100

^aaa_bbb$

The autonomous system list must contain both aaa and bbb with aaa appearing before the bbb. For example:

^123_456$ matches: 123 456

868 123 999 456

^nnn.*nnn$

The expression must begin with a specific autonomous system and end with a specific autonomous system, but can have anything in between. For example:

123 456

123 123 456

^123.*456$ (matches: 123 123 123 456)

123 868 999 456

1234 1456

_nnn_

Indicates the route was via autonomous system nnn.

^$

Indicates the route originated in this autonomous system.

NOTE Regular expressions are matched against the autonomous system path as if it is a string - not a sequence of numbers. Enclose autonomous system numbers within underscores to match a specific autonomous system number.

Permit and deny apply only when there is an exact match between the regular expression and the autonomous system path.

Use the ip as-path access list command to create an access list to filter routes based on their autonomous system path. Add entries to the access list by repeating the command for different autonomous system paths.

Use the neighbor or match as-path commands to apply an autonomous system path based access list.

Use the no ip as-path access-list command to delete an entire autonomous system path based access list.

Use the no ip as-path access-list list-name {permit|deny} as-regular-expression to delete a specific filter from an autonomous system path access list.

Factory Default: No access lists.

Command Mode: Configuration.

Example 1: In the following example, the ip as-path access-list commands create an as-path access list named '1' to permit only those routes that include paths from or through autonomous systems 234 and 345:

router(config)#ip as-path access-list 1 permit _234_

router(config)#ip as-path access-list 1 permit _345_

router(config)#ip as-path access-list 1 deny any

Note the last line of the access list is a deny any statement to remind your reader that all other access is denied.

Example 2: In the following example, the neighbor filter-list command specifies that only paths from or through autonomous systems 234 and 345 (as specified by access list 1) are advertised to BGP neighbor 125.181.1.5 and the weight for those routes is set to 30.

router(config)#router bgp 100

router(config-router)#network 170.100.0.0.

router(config-router)#neighbor 170.100.205.5 remote-as 234

router(config-router)#neighbor 121.180.1.4 remote-as 345

router(config-router)#neighbor 125.181.1.5 remote-as 171

router(config-router)#neighbor 125.181.1.5 filter-list 1 weight 30

Related Commands: access-list
ip access-list
ip community-list
permit
route-map
show access-lists
show ip access-lists
neighbor distribute-list
neighbor filter-list

list-name	Unique alpha-numeric name that identifies the regular expression access list. List names can be up to 255 characters in length and contain the following characters: A-Z, a-z, 0-9, _, and -. Use the show ip as-path-access-list to display the names of all defined as-path access lists.
permit	Permits access for matching conditions.
deny	Denies access for matching conditions.
as-regular-expression	Autonomous system in the access list that uses a regular expression.

**Table 5-3.** Characters and Components of Regular Expressions
Component Character	Description
Ranges	A sequence of characters within square brackets: [1234]
Atoms	A single character with special meaning. Atoms include:
.	Matches any single character.
^	Matches the beginning of an input string.
$	Matches the end of an input string.
_ (underscore)	Matches a comma, left brace, right brace, the beginning of an input string, the end of an input string, or a space.
Pieces	Atoms followed by a special character listed below:
Branches	0 or more concatenated pieces.

**Table 5-4.** Sample Regular Expressions
Regular Expression	Description
^nnn$	Indicates the route originated in autonomous system nnn. The ^ means the expression must start with the next character. The $ means the expression must end with the preceding character. ^100$ matches: 100
^aaa_bbb$	The autonomous system list must contain both aaa and bbb with aaa appearing before the bbb. For example: ^123_456$ matches: 123 456 868 123 999 456
^nnn.*nnn$	The expression must begin with a specific autonomous system and end with a specific autonomous system, but can have anything in between. For example: 123 456 123 123 456 ^123.*456$ (matches: 123 123 123 456) 123 868 999 456 1234 1456
_nnn_	Indicates the route was via autonomous system nnn.
^$	Indicates the route originated in this autonomous system.

router(config)#ip as-path access-list 1 permit _234_ router(config)#ip as-path access-list 1 permit _345_ router(config)#ip as-path access-list 1 deny any

router(config)#router bgp 100 router(config-router)#network 170.100.0.0. router(config-router)#neighbor 170.100.205.5 remote-as 234 router(config-router)#neighbor 121.180.1.4 remote-as 345 router(config-router)#neighbor 125.181.1.5 remote-as 171 router(config-router)#neighbor 125.181.1.5 filter-list 1 weight 30

   Source File Name: Routing_Pol.fm
    HTML File Name: Routing_Pol9.html
    Last Updated: 05/10/04 at 16:38:37

ip as-path access-list

Please email suggestions and comments to: doc@avici.com