Bgp As Path

This scenario demonstrates how to set AS-path access-lists for BGP.

AS-path filter to permit a regex

Description

Verify that the AS-path filter correctly permits a BGP route based on a specified AS-path regular expression.

Scenario

Step 1: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.0.0.2/24
set protocols bgp 65002 neighbor DUT0 remote-address 10.0.0.1
set protocols bgp 65002 neighbor DUT0 remote-as 65001
set protocols bgp 65002 neighbor DUT0 route-map export out
set protocols bgp 65002 network 10.0.0.0/24
set protocols bgp 65002 network 172.16.0.0/24
set protocols route-map out rule 1 action permit
set protocols route-map out rule 1 set as-path prepend 65003
set protocols static route 172.16.0.0/24 interface eth0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.0.0.1/24
set interfaces ethernet eth0 vrf RED
set protocols route-map RM rule 1 action permit
set protocols route-map RM rule 1 match vrf-as-path 1
set protocols vrf RED bgp 65001 as-path access-list 1 entry 1 action permit _65002_
set protocols vrf RED bgp 65001 as-path access-list 1 entry 2 action deny 88888
set protocols vrf RED bgp 65001 neighbor DUT1 remote-address 10.0.0.2
set protocols vrf RED bgp 65001 neighbor DUT1 remote-as 65002
set protocols vrf RED bgp 65001 neighbor DUT1 route-map import RM
set protocols vrf RED bgp 65001 neighbor DUT1 soft-reconfiguration inbound
set protocols vrf RED bgp 65001 network 10.0.0.0/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 3: Run the command protocols vrf RED bgp show ip as-path-access-list on DUT0 and check whether the output contains the following tokens:

permit _65002_

Show output

AS path access list 1
    permit _65002_
    deny 88888

Step 4: Run the command protocols vrf RED bgp clear all on DUT0.

Step 5: Run the command protocols vrf RED bgp show ip summary on DUT0 and check whether the output contains the following tokens:

Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.0.0.1, local AS number 65001 VRF RED vrf-id 249
BGP table version 2
RIB entries 3, using 456 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.0.0.2        10.0.0.1        4      65002         6         6        2    0    0 00:00:05  Established        2 (Policy) N/A

Total number of neighbors 1

Step 6: Run the command protocols vrf RED bgp show ip on DUT0 and check whether the output contains the following tokens:

172.16.0.0

Show output

BGP table version is 2, local router ID is 10.0.0.1, vrf id 249
Default local pref 100, local AS 65001
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.0.0.0/24      0.0.0.0                  0         32768 i
 *                    10.0.0.2                 0             0 65002 65003 i
 *>  172.16.0.0/24    10.0.0.2                 0             0 65002 65003 i

Displayed 2 routes and 3 total paths

---

AS-path filter to deny a regex

Description

Verify that the AS-path filter correctly denies a BGP route based on a specified AS-path regular expression.

Scenario

Step 1: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.0.0.2/24
set protocols bgp 65002 neighbor DUT0 remote-address 10.0.0.1
set protocols bgp 65002 neighbor DUT0 remote-as 65001
set protocols bgp 65002 neighbor DUT0 route-map export out
set protocols bgp 65002 network 10.0.0.0/24
set protocols bgp 65002 network 172.16.0.0/24
set protocols route-map out rule 1 action permit
set protocols route-map out rule 1 set as-path prepend 65003
set protocols static route 172.16.0.0/24 interface eth0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.0.0.1/24
set interfaces ethernet eth0 vrf RED
set protocols route-map RM rule 1 action permit
set protocols route-map RM rule 1 match vrf-as-path 1
set protocols vrf RED bgp 65001 as-path access-list 1 entry 1 action deny _65002_
set protocols vrf RED bgp 65001 as-path access-list 1 entry 2 action deny 88888
set protocols vrf RED bgp 65001 neighbor DUT1 remote-address 10.0.0.2
set protocols vrf RED bgp 65001 neighbor DUT1 remote-as 65002
set protocols vrf RED bgp 65001 neighbor DUT1 route-map import RM
set protocols vrf RED bgp 65001 neighbor DUT1 soft-reconfiguration inbound
set protocols vrf RED bgp 65001 network 10.0.0.0/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 3: Run the command protocols vrf RED bgp show ip as-path-access-list on DUT0 and check whether the output contains the following tokens:

deny _65002_

Show output

AS path access list 1
    deny _65002_
    deny 88888

Step 4: Run the command protocols vrf RED bgp clear all on DUT0.

Step 5: Run the command protocols vrf RED bgp show ip summary on DUT0 and check whether the output contains the following tokens:

Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.0.0.1, local AS number 65001 VRF RED vrf-id 250
BGP table version 1
RIB entries 3, using 456 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.0.0.2        10.0.0.1        4      65002         6         6        1    0    0 00:00:04  Established        0 (Policy) N/A

Total number of neighbors 1

Step 6: Run the command protocols vrf RED bgp show ip on DUT0 and check whether the output does not contain the following tokens:

172.16.0.0

Show output

BGP table version is 1, local router ID is 10.0.0.1, vrf id 250
Default local pref 100, local AS 65001
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.0.0.0/24      0.0.0.0                  0         32768 i

Displayed 1 routes and 1 total paths

---