Access-Lists

Access-Lists are used to create filters that may be used to limit the flow of information between routers. ip as-path access-lists are used to control which routes will be accepted from or sent to peers. The remainder of this document discusses these access-lists.

Access-Lists are referred to by numbers. They are a series of rules that are processed in order. Each rule has a sense permit or deny. Rules also have a regular expression that is used to match the AS path of the route being passed through the access-list. The first rule that matches is applied and processing of the access-list stops. Access-lists have an implicit rule to deny any AS path, but for clarity it is useful to add this implicitly.

Access-List regular expressions have the following special characters:

.	Match any character.
*	Match any number of the preceding element. This will match 0 instances of the preceding element.
+	Match one or more of the preceding element.
?	Match zero or one of the preceding element.
^	Match the beginning of the AS path.
$	Match the end of the AS path.
_ (underscore)	Match The beginning or end of the AS path or a space.
[]	Define a character class. That is match any one of the literals enclosed in the brackets. [145] will match 1, 4 or 5,
- (dash)	Specify a range of characters in a character class. 1-3 will match 1, 2 or 3.
\	Match following special character. \[ will match a [.

Three generic filters as described by Freedman are below. Access-List 1 permits all routes as the first rule matches any AS path and processing stops there.

ip as-path access-list 1 permit .*
ip as-path access-list 1 deny .*

Access-List 2 denies all routes.

ip as-path access-list 2 deny .*

Access-List 3 allows only routes with an empty AS path, that is routes originating from the Autonomous System that this router belongs to.

ip as-path access-list 3 permit ^$
ip as-path access-list 3 deny .*

References

Please see references.

Copyright © 2000 Horms

Last Updated: Fri Oct 13 21:54:14 2000