Re: [c-nsp] BGP Regex to allow ISP customers
On Mon, 17 Oct 2016, Nick Cutting wrote: Thank you for your answer. The problem is I do not know the ASN's of the ISP's customers. Robert - I am afraid that this particular ISP does not have a community for this, nor can they send me just their customer routes. Since you don't know the ISP's customer ASN's, if they're a small enough ISP (few to no peers, and just a couple of transits), you could do an as-path ACL like deny _100_transitA_ deny _100_transitB_ deny _100_peer1_ etc., ending with permit _100_ It's not really clear what you're trying to accomplish though. If you just want customer routes from them, why not ask them to only send customer routes? The obvious answer to which, I suppose, is that if they don't have communities that would indicate which routes are customer routes, they're probably incapable of making that route advertisement decision on their end. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
That should be ^(100_)+([0-9]+)(_\2)*$ But the above should* work as well... On Tue, Oct 18, 2016 at 3:31 AM, Dragan Jovicic wrote: > It's been a while but, the following might do it > > ^(100_)+([0-9_]+)(_\2)*$ > > It matches any customer of 100 also accounting for case where both 100 and > customer are prepending. > > > On Tue, Oct 18, 2016 at 2:28 AM, Randy via cisco-nsp < > cisco-nsp@puck.nether.net> wrote: > >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> >> -- Forwarded message -- >> From: Randy >> To: Nick Cutting , Brandon Ewing < >> nicot...@warningg.com>, "cisco-nsp (cisco-nsp@puck.nether.net)" < >> cisco-nsp@puck.nether.net> >> Cc: >> Date: Tue, 18 Oct 2016 00:24:23 + (UTC) >> Subject: Re: [c-nsp] BGP Regex to allow ISP customers >> >> - Original Message ----- >> From: Nick Cutting >> To: Brandon Ewing ; "cisco-nsp ( >> cisco-nsp@puck.nether.net)" >> Sent: Monday, October 17, 2016 4:32 PM >> Subject: Re: [c-nsp] BGP Regex to allow ISP customers >> >> Thank you for your answer. >> >> The problem is I do not know the ASN's of the ISP's customers. >> Robert - I am afraid that this particular ISP does not have a community >> for this, nor can they send me just their customer routes. >> >> From: Brandon Ewing [mailto:nicot...@warningg.com] >> Sent: Monday, October 17, 2016 5:45 PM >> To: cisco-nsp (cisco-nsp@puck.nether.net) >> Cc: Nick Cutting >> Subject: Re: [c-nsp] BGP Regex to allow ISP customers >> >> >> The original message is attached because it is signed. >> >> >> Hi, >> Perhaps something like this: >> >> ip as-path access-list 100 permit ^100_[0-9]*$ >> ip as-path access-list 100 permit ^100_([0-9]+)_\1_\1$ >> >> first line would match as100 only and as100 and it's customers while the >> second would allow three prepends from customers of as100. I am sure there >> is a better way to do this though... >> >> >> ./Randy >> >> >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
It's been a while but, the following might do it ^(100_)+([0-9_]+)(_\2)*$ It matches any customer of 100 also accounting for case where both 100 and customer are prepending. On Tue, Oct 18, 2016 at 2:28 AM, Randy via cisco-nsp < cisco-nsp@puck.nether.net> wrote: > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > -- Forwarded message -- > From: Randy > To: Nick Cutting , Brandon Ewing < > nicot...@warningg.com>, "cisco-nsp (cisco-nsp@puck.nether.net)" < > cisco-nsp@puck.nether.net> > Cc: > Date: Tue, 18 Oct 2016 00:24:23 + (UTC) > Subject: Re: [c-nsp] BGP Regex to allow ISP customers > > - Original Message - > From: Nick Cutting > To: Brandon Ewing ; "cisco-nsp ( > cisco-nsp@puck.nether.net)" > Sent: Monday, October 17, 2016 4:32 PM > Subject: Re: [c-nsp] BGP Regex to allow ISP customers > > Thank you for your answer. > > The problem is I do not know the ASN's of the ISP's customers. > Robert - I am afraid that this particular ISP does not have a community > for this, nor can they send me just their customer routes. > > From: Brandon Ewing [mailto:nicot...@warningg.com] > Sent: Monday, October 17, 2016 5:45 PM > To: cisco-nsp (cisco-nsp@puck.nether.net) > Cc: Nick Cutting > Subject: Re: [c-nsp] BGP Regex to allow ISP customers > > > The original message is attached because it is signed. > > > Hi, > Perhaps something like this: > > ip as-path access-list 100 permit ^100_[0-9]*$ > ip as-path access-list 100 permit ^100_([0-9]+)_\1_\1$ > > first line would match as100 only and as100 and it's customers while the > second would allow three prepends from customers of as100. I am sure there > is a better way to do this though... > > > ./Randy > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
--- Begin Message --- - Original Message - From: Nick Cutting To: Brandon Ewing ; "cisco-nsp (cisco-nsp@puck.nether.net)" Sent: Monday, October 17, 2016 4:32 PM Subject: Re: [c-nsp] BGP Regex to allow ISP customers Thank you for your answer. The problem is I do not know the ASN's of the ISP's customers. Robert - I am afraid that this particular ISP does not have a community for this, nor can they send me just their customer routes. From: Brandon Ewing [mailto:nicot...@warningg.com] Sent: Monday, October 17, 2016 5:45 PM To: cisco-nsp (cisco-nsp@puck.nether.net) Cc: Nick Cutting Subject: Re: [c-nsp] BGP Regex to allow ISP customers The original message is attached because it is signed. Hi, Perhaps something like this: ip as-path access-list 100 permit ^100_[0-9]*$ ip as-path access-list 100 permit ^100_([0-9]+)_\1_\1$ first line would match as100 only and as100 and it's customers while the second would allow three prepends from customers of as100. I am sure there is a better way to do this though... ./Randy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ --- End Message --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
Thank you for your answer. The problem is I do not know the ASN's of the ISP's customers. Robert - I am afraid that this particular ISP does not have a community for this, nor can they send me just their customer routes. From: Brandon Ewing [mailto:nicot...@warningg.com] Sent: Monday, October 17, 2016 5:45 PM To: cisco-nsp (cisco-nsp@puck.nether.net) Cc: Nick Cutting Subject: Re: [c-nsp] BGP Regex to allow ISP customers The original message is attached because it is signed. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
On Mon, Oct 17, 2016 at 08:14:07PM +, Nick Cutting wrote: > If 55 and 56 are Customer AS's connected to AS 100 (our ISP) > need to allow: > > 100 55 i > 100 56 i > > Or 100 55 55 55 I (to allow for prepending) > > But NOT > > 100 55 something else > > Is this possible? > Any help greatly appreciated. > > Nick This should be accomplishable with the following quoted regexp: "_100_((55|56)(_)?)+$" It may catch an edge case where it would pass "100 55 56", but would allow for prepending. I've never screwed with backreferencing on routers, but that might work as well if you just try to match the backreferenced section zero or more times instead of the grouping one or more times. Please note that getting a literal "?" on the Cisco CLI can be accomplished with the sequence ctrl+v ? Also note that if you *ARE* ASN 100, you will not see _100_ in your BGP RIB, as your ASN is only prepended when advertising the route to an external ASN. In that case, you can just match for client ASNs: "_((55|56)(_)?)+$" -- Brandon Ewing (nicot...@warningg.com) pgpbAL1cgUyn9.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Regex to allow ISP customers
Most SP’s support community tags of their directly connected customer prefixes. That may be your path of lease resistance. -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu > On Oct 17, 2016, at 4:14 PM, Nick Cutting wrote: > > Good Afternoon Masters of the BGP, > > I am not good at BGP regex. > > I need to come up with an ip as-path access-list that will only accept > customer routes that belong to a certain provider, the ISP in question does > not have a way of differentiating, so I was hoping to use a regex. > > So for example if the server provider has an AS of 100, I need to be able to > accept all routes originating from 100 (for their customers that do not have > BGP) and all routes that have originated from a customer AS, that is a > customer of the ISP in question. The tricky part is if that client is > prepending their AS. > > e.g. > If 55 and 56 are Customer AS's connected to AS 100 (our ISP) > need to allow: > > 100 55 i > 100 56 i > > Or 100 55 55 55 I (to allow for prepending) > > But NOT > > 100 55 something else > > Is this possible? > Any help greatly appreciated. > > Nick > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Regex to allow ISP customers
Good Afternoon Masters of the BGP, I am not good at BGP regex. I need to come up with an ip as-path access-list that will only accept customer routes that belong to a certain provider, the ISP in question does not have a way of differentiating, so I was hoping to use a regex. So for example if the server provider has an AS of 100, I need to be able to accept all routes originating from 100 (for their customers that do not have BGP) and all routes that have originated from a customer AS, that is a customer of the ISP in question. The tricky part is if that client is prepending their AS. e.g. If 55 and 56 are Customer AS's connected to AS 100 (our ISP) need to allow: 100 55 i 100 56 i Or 100 55 55 55 I (to allow for prepending) But NOT 100 55 something else Is this possible? Any help greatly appreciated. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/