BGP AS Path Access Lists¶
AS Path access lists entries determine if networks are allowed or denied in specific BGP configuration contexts. They are primarily used in BGP route maps, but also can be used in other areas of BGP configuration which accept AS Path lists as parameters.
The order of entries inside an AS Path list is important, and this order is determined by a sequence number. As with other access lists, AS Path access lists implicitly deny anything not matched.
BGP AS Path Configuration¶
To create a new AS Path list, from config-frr-bgp
mode, use the as-path
<name>
command, which enters config-aspath
mode:
tnsr(config-frr-bgp)# as-path myasp
tnsr(config-aspath)#
config-aspath
mode contains only the rule <seq> (permit|deny) <pattern>
command which defines a new AS Path rule with the following parameters:
- <seq>:
The sequence number for this rule, which controls the order in which rules are matched inside this AS Path list. Each rule must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use
10
,20
,30
, rather than1
,2
,3
.- (permit|deny):
The action taken when this AS Path rule is matched, either
permit
ordeny
.- <pattern>:
A regular expression pattern which will match on the AS number.
Regular expression patterns support common pattern special characters for matching, but also a special
_
character. The_
character matches common AS delimiters such as start of line, end of line, space, comma, braces, and parenthesis. The_
character can be used on either side of an AS number to match it exactly, such as_65534_
.
BGP AS Path Example¶
This AS Path could match an empty AS value or the specific value of 65002
,
and no others:
tnsr(config-frr-bgp)# as-path myasp
tnsr(config-aspath)# rule 10 permit ^$
tnsr(config-aspath)# rule 20 permit _65002_
tnsr(config-aspath)# exit
tnsr(config-frr-bgp)#
This AS Path will match only when the path being compared starts with 65500
.
This is a common way to ensure that routes from a peer contain the expected AS
in the AS Path.
tnsr(config)# route dynamic bgp
tnsr(config-frr-bgp)# as-path R2-AS
tnsr(config-aspath)# rule 10 permit ^65005
tnsr(config-aspath)# exit
tnsr(config-frr-bgp)# exit
tnsr(config)# route dynamic route-map CHECK-R2-AS
tnsr(config-route-map)# sequence 10
tnsr(config-route-map-rule)# policy permit
tnsr(config-route-map-rule)# match as-path R2-AS
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# exit
tnsr(config)# route dynamic bgp
tnsr(config-frr-bgp)# server 65002
tnsr(config-bgp)# neighbor 10.2.222.2
tnsr(config-bgp-neighbor)# remote-as 65005
tnsr(config-bgp)# address-family ipv4 unicast
tnsr(config-bgp-ip4uni)# neighbor 10.2.222.2
tnsr(config-bgp-ip4uni-nbr)# route-map CHECK-R2-AS in
tnsr(config-bgp-ip4uni-nbr)# exit
tnsr(config-bgp-ip4uni)# exit
tnsr(config-bgp)# exit
tnsr(config-frr-bgp)# exit
tnsr(config)#
BGP AS Path Status¶
To view AS Path lists, use the show route dynamic bgp as-path [<name>]
command. Add the name of an AS Path list to restrict the output to a single
entry.
tnsr(config)# show route dynamic bgp as-path
Name Seq Policy Pattern
----- --- ------ -------
R2-AS 10 permit ^65005
myasp 10 permit ^$
myasp 20 permit _65002_