Specifications
160 ExtremeWare XOS 11.0 Concepts Guide
Security
Autonomous system expressions. The AS-path keyword uses a regular expression string to match
against the autonomous system (AS) path. Table 31 lists the regular expressions that can be used in the
match conditions for Border Gateway Path (BGP) AS path and community. Table 32 shows examples of
regular expressions and the AS paths they match.
nlri [<ipaddress> | any]/<mask-length> {exact};
nlri [<ipaddress> | any] mask <mask> {exact};
Where <ipaddress> and <mask> are in dotted decimal
format, <mask-length> is an integer in the range [0 - 32],
and keyword any matches any IP address with a given (or
larger) mask/mask-length.
origin [igp | egp | incomplete]; Where igp, egp and incomplete are the Border Gateway
Protocol (BGP) route origin values.
tag <number>; Where <number> is a 4-byte unsigned number.
route-origin [direct | static | icmp | egp | ggp | hello |
rip | isis | esis | cisco-igrp | ospf | bgp | idrp | dvmrp |
mospf | pim-dm | pim-sm | ospf-intra | ospf-inter |
ospf-extern1 | ospf-extern2 | bootp | e-bgp | i-bgp |
mbgp | i-mbgp | e-mbgp | isis-level-1 | isis-level-2 |
isis-level-1-external | isis-level-2-external]
Matches the origin (different from BGP route origin) of a
route.
A match statement "route-origin bgp" will match routes
whose origin are "I-bgp" or "e-bgp" or "I-mbgp" or "e-mbgp".
Similarly, the match statement "route-origin ospf" will match
routes whose origin is "ospf-inta" or "ospf-inter" or
"ospf-as-external" or "ospf-extern-1" or "ospf-extern-2"
Table 31: AS regular expression notation
Character Definition
N As number
N
1
- N
2
Range of AS numbers, where N
1
and N
2
are AS numbers and N
1
< N
2
[N
x
... N
y
] Group of AS numbers, where N
x
and N
y
are AS numbers or a range of AS numbers
[^N
x
... N
y
] Any AS numbers other than the ones in the group
. Matches any number
^ Matches the beginning of the AS path
$ Matches the end of the AS path
– Matches the beginning or end, or a space
- Separates the beginning and end of a range of numbers
* Matches 0 or more instances
+ Matches 1 or more instances
? Matches 0 or 1 instance
{ Start of AS SET segment in the AS path
} End of AS SET segment in the AS path
( Start of a confederation segment in the AS path
) End of a confederation segment in the AS path
Table 30: Policy match conditions (continued)
Match Condition Description