Bgp As Path
This scenario demonstrates how to set AS-path access-lists for BGP.
AS-path filter to permit a regex
Description
Verify that the AS-path filter correctly permits a BGP route based on a specified AS-path regular expression.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.0.0.2/24 set protocols bgp 65002 neighbor DUT0 remote-address 10.0.0.1 set protocols bgp 65002 neighbor DUT0 remote-as 65001 set protocols bgp 65002 neighbor DUT0 route-map export out set protocols bgp 65002 network 10.0.0.0/24 set protocols bgp 65002 network 20.0.0.0/24 set protocols route-map out rule 1 action permit set protocols route-map out rule 1 set as-path prepend 65003 set protocols static route 20.0.0.0/24 interface eth0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.0.0.1/24 set protocols bgp 65001 as-path access-list 1 entry 1 action permit _65002_ set protocols bgp 65001 as-path access-list 1 entry 2 action deny 88888 set protocols bgp 65001 neighbor DUT1 remote-address 10.0.0.2 set protocols bgp 65001 neighbor DUT1 remote-as 65002 set protocols bgp 65001 neighbor DUT1 route-map import RM set protocols bgp 65001 neighbor DUT1 soft-reconfiguration inbound set protocols bgp 65001 network 10.0.0.0/24 set protocols route-map RM rule 1 action permit set protocols route-map RM rule 1 match as-path 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command protocols bgp show ip as-path-access-list at DUT0 and check if output contains the following tokens:
permit _65002_Show output
AS path access list 1 permit _65002_ deny 88888
Step 4: Run command protocols bgp clear all at DUT0.
Step 5: Run command protocols bgp show ip neighbors neighbor DUT1 received-routes at DUT0 and check if output does not contain the following tokens:
filtered
Step 6: Run command protocols bgp show ip neighbors neighbor DUT1 filtered-routes at DUT0 and check if output does not contain the following tokens:
20.0.0.0
AS-path filter to deny a regex
Description
Verify that the AS-path filter correctly denies a BGP route based on a specified AS-path regular expression.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.0.0.2/24 set protocols bgp 65002 neighbor DUT0 remote-address 10.0.0.1 set protocols bgp 65002 neighbor DUT0 remote-as 65001 set protocols bgp 65002 neighbor DUT0 route-map export out set protocols bgp 65002 network 10.0.0.0/24 set protocols bgp 65002 network 20.0.0.0/24 set protocols route-map out rule 1 action permit set protocols route-map out rule 1 set as-path prepend 65003 set protocols static route 20.0.0.0/24 interface eth0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.0.0.1/24 set protocols bgp 65001 as-path access-list 1 entry 1 action deny _65002_ set protocols bgp 65001 as-path access-list 1 entry 2 action deny 88888 set protocols bgp 65001 neighbor DUT1 remote-address 10.0.0.2 set protocols bgp 65001 neighbor DUT1 remote-as 65002 set protocols bgp 65001 neighbor DUT1 route-map import RM set protocols bgp 65001 neighbor DUT1 soft-reconfiguration inbound set protocols bgp 65001 network 10.0.0.0/24 set protocols route-map RM rule 1 action permit set protocols route-map RM rule 1 match as-path 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command protocols bgp show ip as-path-access-list at DUT0 and check if output contains the following tokens:
deny _65002_Show output
AS path access list 1 deny _65002_ deny 88888
Step 4: Run command protocols bgp clear all at DUT0.
Step 5: Run command protocols bgp show ip neighbors neighbor DUT1 received-routes at DUT0 and check if output contains the following tokens:
filteredShow output
BGP table version is 1, local router ID is 10.0.0.1, vrf id 0 Default local pref 100, local AS 65001 local address (null) Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 10.0.0.2 0 0 65002 65003 i *> 20.0.0.0/24 10.0.0.2 0 0 65002 65003 i Total number of prefixes 2 (2 filtered)
Step 6: Run command protocols bgp show ip neighbors neighbor DUT1 filtered-routes at DUT0 and check if output contains the following tokens:
20.0.0.0Show output
BGP table version is 1, local router ID is 10.0.0.1, vrf id 0 Default local pref 100, local AS 65001 local address (null) Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 10.0.0.2 0 0 65002 65003 i *> 20.0.0.0/24 10.0.0.2 0 0 65002 65003 i Total number of prefixes 2