Using RegEx to Remove AS Numbers from BGP AS-Path Attribute
Resolution
Overview
There are different attributes that determine how BGP chooses the path to reach a prefix/network. Network engineers can influence these attributes to match their network requirements. This document describes how to manipulate the AS_path (autonomous path) attribute using regular expressions.
For this document, the example objective is for the Palo Alto Networks firewall to prefer the path through ISP_2 to reach the 172.30.2.0/23 network. We can achieve this by removing AS numbers 200 and 400 from the AS_path learned from ISP_2 for this prefix.
Network Scenario
The following topology will be used for this document:
Steps
- Go to Network > Virtual Routers and select the appropriate router
- Next, go to BGP > Import
- Enter a rule name, enable the rule, and select the appropriate eBGP peer
- In the match tab, enter (200|400) for the regex expression and 172.30.2.0/23 for the address prefix to modify its AS_Path.
Note: To modify the AS_Path for all prefixes, leave the address prefix tab blank. - In the Action tab, set Action to 'Allow' and select the 'Remove' radio button to remove the AS paths.
- Press OK and the Import rule should look like the following:
Note: If the configuration is committed at this point, the desired AS_paths would be removed but only the 172.30.2.0/23 prefix would be imported from the eBGP peer.
There is an implicit deny rule that is triggered once any rules are created in the export or import tabs (the same is true for OSPF export). Add an allow rule to make sure you are importing other prefixes. The Import tab should now appear like the following: - Commit and verify
Verification
Before the configuration, ISP_1 is the preferred path to reach the 172.30.2.0/24 network as shown in the image below:
After the configuration, ISP_2 is now the preferred path to reach 172.30.2.0/23 since it has a shorter AS_path to the destination network.
Other Regular Expressions:
^$ - Routes that originated from this AS
_2345_ - Routes that passed through 2345
^2345_ - Routes learned from 2345
_2345$ - Routes originated from AS 2345. (Could sometimes be same as ^$)
(400|500|600) - Match either 400, 500 or 600
See Also
Regular expression syntax for patterns in custom app signature
owner: tasonibare