AS-path Access Lists
This chapter covers some aspects related to the protocols bgp <u32> as-path access-list <u32> command,
which is a tool used for BGP traffic filtering.
These AS-path access-lists can be applied to a route-map using the protocols route-map <txt> command.
There are certain aspects that are worth mentioning before explaining the AS-path configuration:
Access-lists: Multiple access-lists can be defined, each with a unique numeric identifier.
List Entries: Each access-list contains entries, each identified by a unique number. Every entry specifies an action (permit or deny) and includes a regular expression for matching criteria.
This type of filtering can also be used with a VRF.
Configuration
This is the syntax to create a protocols bgp <u32> as-path access-list <u32>:
set protocols bgp <as> as-path access-list <access-list_number> entry <entry_number> action <permit/deny> [...]
- Common regular expressions for AS-Path filtering:
Match AS at the beginning of the path:
<AS>_Match AS at the end of the path:
_<AS>Match AS in the middle of the path:
_<AS>_
An AS-path access-list (protocols bgp <u32> as-path access-list <u32>) can
be assigned to a route-map as a match criteria inside it. For doing so, the following
command will be used:
set protocols route-map <rmap_name> rule <rule_id> match as-path <as-path_access-list-id>
set protocols route-map <rmap_name> rule <rule_id> action <permit/deny>
Important
To assign an access-list used in BGP with VRF use set protocols route-map <rmap_name> rule <rule_id> match vrf-as-path <as-path_access-list-id>.
After associating the access-list with the route-map, import it into the BGP session with:
set protocols bgp <as> neighbor <neighbor> route-map import <rmap_name>
Note
Use protocols bgp <u32> neighbor <txt> soft-reconfiguration inbound to enable soft reconfiguration,
which allows a BGP router to retain a copy of all received routes, enabling policy changes to be applied
without resetting the BGP session or requesting routes again from the neighbor.
After making changes, consider using the protocols bgp clear all command to refresh the BGP
session and retrieve routes from the neighbor.
Examples
Discarding an advised route
Let’s suppose we want to set up a protocols bgp <u32> as-path access-list <u32> where a route
through AS 65002 must be filtered, which means that the mentioned AS can’t appear in the route anywhere.
First of all an access-list must be created to deny routes where 65002 appears. On OSDx this can achieved by configuring the following commands:
set protocols bgp 65002 as-path access-list 1 entry 1 action deny _65002_
Finally, to use this access-list in a route-map you have to use these commands:
set protocols route-map RM rule 1 action permit
set protocols route-map RM rule 1 match as-path 1
set protocols bgp 65001 neighbor DUT1 route-map import RM
Permitting an advertised route
Let’s suppose we want to set up a protocols bgp <u32> as-path access-list <u32> where a route
through AS 65002 must be permitted, which means that the mentioned AS must appear in the route.
First of all an access-list must be created to permit routes where 65002 appears. On OSDx this can achieved by configuring the following commands:
set protocols bgp 65002 as-path access-list 1 entry 1 action permit _65002_
Finally, to use this access-list in a route-map you have to use these commands:
set protocols route-map RM rule 1 action permit
set protocols route-map RM rule 1 match as-path 1
set protocols bgp 65001 neighbor DUT1 route-map import RM
Here you can find more examples related to
protocols bgp <u32> as-path access-list <u32>, and here
you can find examples using a VRF.
Monitoring
The related operational command protocols bgp show ip as-path-access-list
can be used to display the AS-path access-list’s entries.
Example:
admin@osdx$ protocols bgp show ip as-path-access-list
AS path access list 1
deny _65002_
admin@osdx$