Improve the Performance of AS Path Lookup in BGP Policy
SUMMARY
AS Path Lookup in a BGP Policy Without Regular Expression Overview
When working with BGP AS paths and routing policy match conditions, you can configure BGP policies to check for an autonomous system (AS) match in an AS path without using regular expressions. The BGP policy compares the AS to an AS-list or As-list-group and returns true if it finds a match. You can configure the BGP policy to check for a matching origin, neighbor, or transit AS. This feature provides a faster alternative to match origin, transit, and peer AS numbers than using a regular expression.
Benefits of AS-Path without using regular expression in BGP policy:
- Optimized lookup for origin, neighbor, transit ASes improves the performance.
- Provides a faster lookup in terms of speed.
The following operations to match the ASes in an AS path are supported:
-
Match the Originating AS in the AS Path—Compares the AS that originated the route. Evaluates if the right most AS number on the AS path belongs to the
as-list
oras-list-group
specified in theas-path-origins
configuration statement at the[edit policy-options policy-statement policy-name from]
hierarchy level. In the case where the route has been aggregated, and the location of the originating AS contains an AS-set, theas-path-origins
operator evaluates to true if any AS contained in the AS-set belongs to theas-list
oras-list-group
specified in theas-path-origins
configuration statement. -
Match the Neighbor AS in the AS Path—Compares the neighbor AS in the AS path. Evaluates if the first AS number on the AS path matches the
as-list
oras-list-group
specified in theas-path-neighbors
configuration statement at the[edit policy-options policy-statement policy-name from]
hierarchy level. If the neighboring AS location happens to be an AS-set, theas-path-neighbors
operator evaluates to true if any AS contained in the AS-set belongs to theas-list
oras-list-group
specified in theas-path-neighbors
configuration statement. -
Match the Transit AS in the AS Path—Compares any AS in the AS-Path. Evaluates when any AS belongs to the
as-list
oras-list-group
specified in theas-path-transit
configuration statement at the[edit policy-options policy-statement policy-name from]
hierarchy level. In the case of AS-set, the as-path-transit operator compares all the ASes in the AS-set.
Configure AS Path Lookup Without Using Regular Expression
You can configure AS path lookups by defining AS lists, or AS list groups for origin, neighbor, and transit ASes and filter the routes without using regular expression.
The table here shows configurations of universal match based on regular expressions and equivalent match with faster execution time.
Match type | Universal match based on regular expressions | Equivalent match with faster execution time |
---|---|---|
Peer | set policy-options as-path peer-match "^101.*" | set policy-options as-list peer-match members 101 |
Transit | set policy-options as-path transit-match ".*61453.*10001.*40007$" | set policy-options as-list transit-match members 61453 |
Origin | set policy-options as-path origin-match ".*54367$" | set policy-options as-list origin-match members 54367 |
The following sample configuration shows how you can define AS lists (as-list
as-list-name
) for origin, neighbor, and transit ASes and how
you can use policies to filter the routes without using regular expression:
Step 1: Define AS lists for matching origin, neighbor, and transit AS and apply it as a filter to filter the routes using policies.
set policy-options as-list origin-match members 54367 set policy-options as-list neighbor-match members 101 set policy-options as-list transit-match members 61453 set policy-options as-list transit-match members 10001
You can also define AS list groups (as-list-group
group-name
) for matching origin, neighbor, and transit ASes
to filter the routes using policies. The following is a sample configuration to define AS
list groups to match origin ASes to filter the routes using policies:
set policy-options as-list-group origin_group as-list origin-match-1 members 3-4 set policy-options as-list-group origin_group as-list origin-match-2 members 6-9 set policy-options policy-statement neighbor-accept term 1 from as-path-origins as-list-group origin_group set policy-options policy-statement neighbor-accept term 1 then accept set policy-options policy-statement neighbor-accept term 2 then reject
AS list groups to match the origin, neighbor, and transit ASes could be an AS member (for example, 101) or a range of AS members (for example, 6-9). In this case, all the routes originating from 6, 7, 8, 9 will be matched.
If you are using a range of AS members (as-start to as-finish), then the as-start member value should be less than or equal to as-finish member value. The AS member or the AS member range (as-start to as-finish) cannot be 0.
The as-list
or as-list-group
defines an AS set.
While performing an AS set lookup for origins and neighbors, the first or last AS from an AS path is matched. In the case of transits, there could be multiple iterations on the AS path to perform AS set lookup.
Step 2: Configure policies to match and filter routes based on origin, neighbor, and transit ASes.
set policy-options policy-statement as-list-match term transit-match from as-path-transits as-list transit-match set policy-options policy-statement as-list-match term transit-match then local-preference 300 set policy-options policy-statement as-list-match term transit-match then accept set policy-options policy-statement as-list-match term origin-match from as-path-origins as-list origin-match set policy-options policy-statement as-list-match term origin-match then local-preference 400 set policy-options policy-statement as-list-match term origin-match then accept set policy-options policy-statement as-list-match term neighbor-match from as-path-neighbors as-list peer-match set policy-options policy-statement as-list-match term peer-match then local-preference 200 set policy-options policy-statement as-list-match term peer-match then accept
Step 3: Define the local autonomous system.
set routing-options autonomous-system 100
Step 4: Apply the policy as BGP import policy to filter the routes.
set protocols bgp group ebgp-1 type external set protocols bgp group ebgp-1 import as-list-match set protocols bgp group ebgp-1 family inet unicast set protocols bgp group ebgp-1 neighbor 192.168.1.2 peer-as 101 set protocols bgp group ebgp-1 neighbor 192.168.1.6 peer-as 102
This policy can be applied as an import or export policy to filter the routes to take corresponding action defined in the policy.
You can use the show route
CLI command to view the routes in the routing
table.
The configuration statements in the from clause match condition occurs in both
[edit policy-options policy-statement policy-name
from]
and [edit policy-options policy-statement
policy-name term term-name from]
hierarchy levels.