====================
AS-path Access Lists
====================

.. sidebar:: Contents

  .. contents::
      :depth: 3
      :local:


This chapter covers some aspects related to the :osdx:cfg:`protocols bgp * as-path access-list *` command,
which is a tool used for BGP **traffic filtering**.

These AS-path access-lists can be applied to a **route-map** using the :osdx:cfg:`protocols route-map *` command.

There are certain aspects that are worth mentioning before explaining the AS-path configuration:

 * **Access-lists**: Multiple access-lists can be defined, each with a unique **numeric identifier**.
 * **List Entries**: Each access-list contains entries, each identified by a unique number.
   Every entry specifies an **action** (permit or deny) and includes a regular expression for matching criteria.

This type of filtering can also be used with a VRF.


Configuration
=============

This is the syntax to create a :osdx:cfg:`protocols bgp * as-path access-list *`:

.. code-block:: none

  set protocols bgp <as> as-path access-list <access-list_number> entry <entry_number> action <permit/deny> [...]

Common regular expressions for AS-Path filtering:
  * Match AS at the beginning of the path: ``<AS>_``
  * Match AS at the end of the path: ``_<AS>``
  * Match AS in the middle of the path: ``_<AS>_``

An AS-path access-list (:osdx:cfg:`protocols bgp * as-path access-list *`) can
be assigned to a route-map as a match criteria inside it. For doing so, the following
command will be used:

.. code-block:: none

  set protocols route-map <rmap_name> rule <rule_id> match as-path <as-path_access-list-id>
  set protocols route-map <rmap_name> rule <rule_id> action <permit/deny>

.. important::
  To assign an access-list used in BGP with VRF use ``set protocols route-map <rmap_name> rule <rule_id> match vrf-as-path <as-path_access-list-id>``.

After associating the access-list with the route-map, import it into the BGP session with:

.. code-block:: none

  set protocols bgp <as> neighbor <neighbor> route-map import <rmap_name>

.. note::
    Use :osdx:cfg:`protocols bgp * neighbor * soft-reconfiguration inbound` to enable soft reconfiguration,
    which allows a BGP router to retain a copy of all received routes, enabling policy changes to be applied
    without resetting the BGP session or requesting routes again from the neighbor.
    After making changes, consider using the :osdx:op:`protocols bgp clear all` command to refresh the BGP
    session and retrieve routes from the neighbor.


Examples
========

Discarding an advised route
----------------------------

Let's suppose we want to set up a :osdx:cfg:`protocols bgp * as-path access-list *` where a route
through AS 65002 must be filtered, which means that the mentioned AS can't appear in the route anywhere.

First of all an access-list must be created to deny routes where 65002 appears.
On OSDx this can achieved by configuring the following commands:

.. code-block:: none

  set protocols bgp 65002 as-path access-list 1 entry 1 action deny _65002_

Finally, to use this access-list in a route-map you have to use these commands:

.. code-block:: none

  set protocols route-map RM rule 1 action permit
  set protocols route-map RM rule 1 match as-path 1
  set protocols bgp 65001 neighbor DUT1 route-map import RM

Permitting an advertised route
------------------------------

Let's suppose we want to set up a :osdx:cfg:`protocols bgp * as-path access-list *` where a route
through AS 65002 must be permitted, which means that the mentioned AS must appear in the route.

First of all an access-list must be created to permit routes where 65002 appears.
On OSDx this can achieved by configuring the following commands:

.. code-block:: none

  set protocols bgp 65002 as-path access-list 1 entry 1 action permit _65002_

Finally, to use this access-list in a route-map you have to use these commands:

.. code-block:: none

  set protocols route-map RM rule 1 action permit
  set protocols route-map RM rule 1 match as-path 1
  set protocols bgp 65001 neighbor DUT1 route-map import RM

:doc:`Here </examples/protocols/bgp/bgpaspath>` you can find more examples related to
:osdx:cfg:`protocols bgp * as-path access-list *`, and :doc:`here </examples/protocols/vrf/bgp/bgpaspath>`
you can find examples using a VRF.

Monitoring
==========

The related operational command :osdx:op:`protocols bgp show ip as-path-access-list`
can be used to display the `AS-path access-list's` entries.

*Example:*

.. code-block:: none

  admin@osdx$ protocols bgp show ip as-path-access-list
  AS path access list 1
      deny _65002_
  admin@osdx$


.. osdx:cmdtree:: cfg
  :maxdepth: 4

  protocols bgp * as-path