首先給出正則表達式的基本規則
使用三臺Cisco2500實現圖中的拓撲進行正則表達式測試:
由於Cisco配置大家都很熟悉,這裏僅給出London用as-path prepend模擬路由的配置。
模擬as-path
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 4 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.5.0 0.0.0.255
access-list 6 permit 192.168.6.0 0.0.0.255
access-list 7 permit 192.168.7.0 0.0.0.255
access-list 8 permit 192.168.8.0 0.0.0.255
access-list 9 permit 192.168.9.0 0.0.0.255
!
route-map set-path permit 10
match ip address 1
set as-path prepend 63 89 99
!
route-map set-path permit 20
match ip address 2
set as-path prepend 60
!
route-map set-path permit 30
match ip address 3
set as-path prepend 61
!
route-map set-path permit 40
match ip address 4
set as-path prepend 61 62
!
route-map set-path permit 50
match ip address 5
set as-path prepend 61 62 63
!
route-map set-path permit 60
match ip address 6
set as-path prepend 61 62 63 63
!
route-map set-path permit 70
match ip address 7
set as-path prepend 62 89 63
!
route-map set-path permit 80
match ip address 8
set as-path prepend 61 89 56 99
!
route-map set-path permit 90
match ip address 9
set as-path prepend 51 89
!
route-map set-path permit 100
!
router bgp 51
neighbor 10.1.1.2 route-map set-path out
使用Juniper Olive跑三臺logical-router實現圖中的拓撲進行正則表達式測試:
root@ph# show
version 7.1R1.3;
system {
host-name ph;
}
logical-routers {
Denver {
interfaces {
fxp2 {
unit 11 {
vlan-id 11;
family inet {
address 10.1.1.5/30;
}
}
}
}
protocols {
bgp {
group juniper {
type external;
peer-as 52;
neighbor 10.1.1.6;
}
}
}
routing-options {
autonomous-system 53;
}
}
Florence {
interfaces {
fxp1 {
unit 11 {
vlan-id 11;
family inet {
address 10.1.1.6/30;
}
}
}
fxp2 {
unit 10 {
vlan-id 10;
family inet {
address 10.1.1.2/30;
}
}
}
}
protocols {
bgp {
group cisco {
type external;
peer-as 51;
neighbor 10.1.1.1;
}
group juniper {
type external;
peer-as 53;
neighbor 10.1.1.5 {
export test-filter;
}
}
}
}
policy-options {
policy-statement test-filter {
term term1 {
from as-path test;
then accept;
}
term term2 {
then reject;
}
}
as-path test "(51)+ (61|62)? 89 .*";
}
routing-options {
autonomous-system 52;
}
}
London {
interfaces {
fxp1 {
unit 10 {
vlan-id 10;
family inet {
address 10.1.1.1/30;
}
}
}
}
protocols {
bgp {
group cisco {
type external;
export redistribute-static;
peer-as 52;
neighbor 10.1.1.2;
}
}
}
policy-options {
policy-statement redistribute-static {
term term1 {
from {
protocol static;
route-filter 192.168.1.0/24 exact;
}
then accept;
}
term term2 {
from {
protocol static;
route-filter 192.168.2.0/24 exact;
}
then {
as-path-expand 60;
accept;
}
}
term term3 {
from {
protocol static;
route-filter 192.168.3.0/24 exact;
}
then {
as-path-expand 61;
accept;
}
}
term term4 {
from {
protocol static;
route-filter 192.168.4.0/24 exact;
}
then {
as-path-expand "61 62";
accept;
}
}
term term5 {
from {
protocol static;
route-filter 192.168.5.0/24 exact;
}
then {
as-path-expand "61 62 63";
accept;
}
}
term term6 {
from {
protocol static;
route-filter 192.168.6.0/24 exact;
}
then {
as-path-expand "61 62 63 63";
accept;
}
}
term term7 {
from {
protocol static;
route-filter 192.168.7.0/24 exact;
}
then {
as-path-expand "62 89 63";
accept;
}
}
term term8 {
from {
protocol static;
route-filter 192.168.8.0/24 exact;
}
then {
as-path-expand "61 89 56 99";
accept;
}
}
term term9 {
from {
protocol static;
route-filter 192.168.9.0/24 exact;
}
then {
as-path-expand "51 89";
accept;
}
}
term term0 {
from {
protocol static;
route-filter 192.168.0.0/24 exact;
}
then {
as-path-expand "63 89 99";
accept;
}
}
}
}
routing-options {
static {
route 192.168.1.0/24 reject;
route 192.168.2.0/24 reject;
route 192.168.3.0/24 reject;
route 192.168.4.0/24 reject;
route 192.168.5.0/24 reject;
route 192.168.6.0/24 reject;
route 192.168.7.0/24 reject;
route 192.168.8.0/24 reject;
route 192.168.9.0/24 reject;
route 192.168.0.0/24 reject;
}
autonomous-system 51;
}
}
}
interfaces {
fxp1 {
vlan-tagging;
}
fxp2 {
vlan-tagging;
}
}
[edit]
root@ph#
Juniper Olive測試:
root@ph# run show route terse logical-router Florence
inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 10.1.1.0/30 D 0 >fxp2.10
* 10.1.1.2/32 L 0 Local
* 10.1.1.4/30 D 0 >fxp1.11
* 10.1.1.6/32 L 0 Local
* 192.168.0.0/24 B 170 100 >10.1.1.1 51 63 89 99 I
* 192.168.1.0/24 B 170 100 >10.1.1.1 51 I
* 192.168.2.0/24 B 170 100 >10.1.1.1 51 60 I
* 192.168.3.0/24 B 170 100 >10.1.1.1 51 61 I
* 192.168.4.0/24 B 170 100 >10.1.1.1 51 61 62 I
* 192.168.5.0/24 B 170 100 >10.1.1.1 51 61 62 63 I
* 192.168.6.0/24 B 170 100 >10.1.1.1 51 61 62 63 63 I
* 192.168.7.0/24 B 170 100 >10.1.1.1 51 62 89 63 I
* 192.168.8.0/24 B 170 100 >10.1.1.1 51 61 89 56 99 I
* 192.168.9.0/24 B 170 100 >10.1.1.1 51 51 89 I
[edit logical-routers Florence policy-options]
root@ph# run show route terse logical-router Denver
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 10.1.1.4/30 D 0 >fxp2.11
* 10.1.1.5/32 L 0 Local
* 192.168.7.0/24 B 170 100 >10.1.1.6 52 51 62 89 63 I
* 192.168.8.0/24 B 170 100 >10.1.1.6 52 51 61 89 56 99 I
* 192.168.9.0/24 B 170 100 >10.1.1.6 52 51 51 89 I
後語:
1、"(51)+ (61|62)? 89 .*" 在Cisco路由器上寫爲:^(51)+_(61|62)?_89_.* ,不過在此次測試過程中,Cisco只能在Denver上學到192.168.7.0/24和192.168.8.0/24兩條路由。
2、_6[^1-3]$在Cisco路由器上可以過濾出不以as61、62、63起源的路由,該正則表達式在Juniper路由器上必須寫成".* [^61-63]",而不能寫成".* 6[^1-3]"