BGP regexp exercises

these exercises are from http://www.catspace.com/goodies/regexp.htm
Copyright © 2002 Alchemy, Inc. All rights reserved.


1. Construct a regular expression that matches the AS path "48 206 1852 444". Note that AS 48 is directly connected to your AS, and that the routes were injected into BGP by AS 444.

2. Construct a regular expression that matches any path your AS learned directly from AS 777.

3. Construct a regular expression that matches any AS path for which the routes were injected into BGP by AS 888.

4. Construct one regular expression that matches all of the following AS paths (and no others):

101 202 303 400
101 202 303 401
101 202 303 402
101 202 303 403
101 202 303 404
101 202 303 405
101 202 303 406
101 202 303 407

5. Construct one regular expression that matches both of the following AS paths (and no others):

101 202 303 404
101 303 202 404

6. The command "show ip bgp" displays a Cisco router's entire BGP RIB (Routing Information Base). Give a "show" command that displays only the portion of the RIB that matches only the following conditions:

Your AS learned the path directly from AS 777, and
The routes were injected into BGP by AS 888, and
The path can transit any combination of Autonomous Systems between AS 777 and AS 888, as well as a path directly from AS 777 to AS 888.

7. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

456 111 928
456 131 928
456 151 928
456 161 928
456 171 928
456 181 928

8. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

10 21 100
43 54 100
76 87 100
91 12 100

9. Give a "show" command that displays only the portion of the BGP RIB that meets the following conditions:

Your AS learned the routes directly from AS 555, and
The routes were injected into BGP by AS 902, and
The routes passed through AS 87 somewhere along the way.

10. Give a "show" command that displays only the routes in the IP routing table that were learned by BGP.

11. Construct an AS path ACL (Access Control List) that denies any path in which the digit "6" appears in any AS number in the path, and permits all other paths.

12. Construct an AS path ACL that permits all paths for which the routes were injected into BGP by AS 303 or AS 304, and denies all other paths.

13. Construct an AS path ACL that denies all paths for which the routes were learned from AS 1, AS 20, AS 21, or AS 22, and permits all other paths.

14. Construct an AS path ACL that permits all paths for which the routes were injected by AS 6005, denies all paths for which the routes were injected by any AS in the ranges from 6001 to 6004 and 6006 to 6009, and permits all other paths.

15. Construct an AS path ACL that permits any AS paths your router learned directly from any AS whose AS number begins with the digit "5", and denies all other paths.

16. Construct an AS path ACL that:

Permits all AS paths,
Except those that originate in AS 200,
Unless the path originated in AS 200, was advertised by AS 200 directly to AS 300, passed through 400 (but did not have to pass directly from 400 to 300), and was learned directly from 500. These paths are permitted.

17. Construct an AS path ACL that:

Permits any path that originated in an even-numbered AS, and
Denies any path that originated in an odd-numbered AS, except that
Any path that originated in AS 79 or 799 is permitted.

18. Give a "show" command that displays all routes in the BGP RIB that originated in your AS.

19. Give a "show" command that displays all routes in the BGP RIB that did not originate in your AS.

20. Construct an AS path ACL that permits all AS paths that are exactly three Autonomous Systems long.

21. Construct an AS path ACL that permits all AS paths that are at least two Autonomous Systems in length.


ANSWERS:

1. The regexp is:

^48_206_1852_444$


2. The regexp is:

^777_


3. The regexp is:

_888$


4. The regexp is:

^101_202_303_40[0-7]$


5. The regexp is:

^101_(202_303|303_202)_404$


6. The command is:

show ip bgp regexp ^777_(.+_)*888$

- or -

show ip bgp regexp ^777(_.+)*_888$

Note that the following regular expression is incorrect:

^777_.*_888$

In the absence of an AS between 777 and 888, this regular expression requires two spaces between successive AS numbers (and AS paths never have more than one space between successive AS numbers).


7. The command is:

show ip bgp regexp ^456_1[135-8]1_928$


8. The command is:

show ip bgp regexp ^(10_21|43_54|76_87|91_12)_100$


9. The command is:

show ip bgp regexp ^555_(.+_)*87_(.+_)*902$


10. The command is:

show ip route bgp


11. The AS path ACL is:

ip as-path access-list 11 deny 6
ip as-path access-list 11 permit .*


12. The AS path ACL is:

ip as-path access-list 12 permit _30[34]$


13. The AS path ACL is:

ip as-path access-list 13 deny ^(1|2[012])_
ip as-path access-list 13 permit .*


14. The AS path ACL is:

ip as-path access-list 14 deny _600[1-4]$
ip as-path access-list 14 deny _600[6-9]$
ip as-path access-list 14 permit .*

This will also work:
ip as-path access-list 14 deny _600[1-46-9]$
ip as-path access-list 14 permit .*


15. The AS path ACL is:

ip as-path access-list 15 permit ^5


16. The AS path ACL is:

ip as-path access-list 16 permit ^500_(.+_)*400_(.+_)*300_200$
ip as-path access-list 16 deny _200$
ip as-path access-list 16 permit .*


17. The AS path ACL is:

ip as-path access-list 17 permit [02468]$
ip as-path access-list 17 permit _(799?)$


18. The AS path ACL is:

show ip bgp regexp ^$


19. A correct AS path ACL is:

show ip bgp regexp .+


20. A correct AS path ACL is:

ip as-path access-list 20 permit ^[0-9]+_[0-9]+_[0-9]+$


21. Four correct AS path ACL's are:

ip as-path access-list 21 permit [0-9]+_[0-9]+

ip as-path access-list 21 permit ._.

ip as-path access-list 21 permit . .

ip as-path access-list 21 permit ( )



--------------------------------------------------------------------------------
Try some "regexps" on a real Internet core router! route-server.ip.att.net
route-server.cerf.net
Note: These are not a web sites, you are accessing them with Telnet. If they don't respond, try again later (they don't support an infinite number of inbound VTY sessions). Also, be aware that their BGP RIBs and IP routing tables contain over 100K entries, so commands that require sorting (such as "show ip bgp regexp") may require a little time to process.

When you get in, try some "show" commands, like:
sh ver
sh ip route (the output of this is over 100K lines)
sh ip route summary
sh ip bgp summary
sh ip bgp (the output is well over 100K lines)
sh ip bgp regexp ...
sh proc cpu
sh mem

0 Comments:

Post a Comment

<< Home