Appendix B. A Regular-Expression Tutorial

This tutorial follows the excellent presentation made by Jeffrey E. F. Friedl in his book Mastering Regular Expressions. The book is listed as recommended reading at the end of this appendix, although almost everything you need to know about regular expressions (regex) to work with Cisco IOS Software is covered in the very first chapter of the book. Nonetheless, the book recommendation stands because you are very likely to find regular expressions useful in a wide variety of applications within the data communications and data processing industry. Friedl presents the subject clearly and with a liberal dose of humor.

Literals and Metacharacters

A typical AS_PATH filter might look like this:

ip as-path access-list 83 permit ^1_701_(_5646_|_1240_).*

The string of characters following the permit keyword is a regular expression. The regex is composed of literals and metacharacters. Literals are just text characters that describe what the regex will try to match. In this example, 1, 701, 5646, and 1240 are literals describing autonomous system numbers.

Metacharacters are special regular-expression characters that act as operators, telling the regex how to perform matches. Table B-1 shows the metacharacters available for use with Cisco IOS; the remainder of this appendix describes how each of the metacharacters are used.

Table B-1 Regular-Expression Metacharacters Relevant to AS_PATH Access Lists

Delineation: Matching the Start and End of Lines

Consider the following AS_PATH filter:

ip as-path access-list 20 permit 850

This filter matches any AS_PATH that includes the string 850. Examples of matching AS_PATHs are (850), (23, 5, 850, 155), and (3568, 5850, 310). A match is found whether the string is alone in the attribute, one of several AS numbers in the attribute, or even a part of a larger AS number in the attribute.

Suppose, however, that you want to match only an AS_PATH that contains the single AS number 850. For this, you must be able to delineate the beginning and end of a line. A caret (^) matches the beginning of a line, and a dollar sign ($) matches the end of a line. So,

ip as-path access-list 20 permit ^850$

tells the regex to match the beginning of the line, followed immediately by the string 850, followed immediately by the end of the line.

You also can use the two metacharacters to match an empty AS_PATH:

ip as-path access-list 21 permit ^$

In this case, the regex matches the beginning of a line followed immediately by the end of the line; if any other characters exist between the beginning and end of the line, no match is made.

Bracketing: Matching a Set of Characters

Brackets enable you to specify a range of single characters. For example:

ip as-path access-list 22 permit ^85[0123459]$

This filter matches AS_PATHs with any single AS number 850, 851, 852, 853, 854, 855, or 859.

If the range of characters is contiguous, you can specify just the beginning and end character in the sequence:

ip as-path access-list 23 permit ^85[0-5]$

This filter matches the same group of AS numbers as the preceding filter, with the exception of 859.

Negating: Matching Everything Except a Set of Characters

When a caret is used inside a bracket, it negates the range specified in the bracket. As a result, the regex matches on everything except the range. For example:

ip as-path access-list 24 permit ^85[^0-5]$

This filter looks like the preceding filter, with the exception of the added caret inside the bracket, signifying "not 0–5." The regex will therefore match an AS_PATH with a single AS number in the range 856–859.

Wildcard: Matching Any Single Character

A dot (.) matches any single character. Interestingly, the single character may be a space. Consider the following filter:

ip as-path access-list 24 permit ^85.

This filter matches an AS_PATH that begins with an AS number in the range 850–859. And because the dot also matches white space, AS number 85 will match.

Alternation: Matching One of a Set of Characters

A bar (|) is used to specify an OR operation. That is, a literal on one or the other side of the bar can be matched. For example:

ip as-path access-list 25 permit ^(851 | 852)$

This filter matches an AS_PATH in which there is a single AS number, which is either 851 or 852. You may extend the OR function to check for more than two possible matches:

ip as-path access-list 26 permit ^(851 | 852 | 6341 | 53)$

Optional Characters: Matching a Character That May or May Not Be There

The question mark (?) matches zero or one instances of a literal. For example:

ip as-path access-list 27 permit ^(850)?$

This filter matches an AS_PATH in which there is either a single AS number 850 or an empty list. Note the use of parentheses here, to show that the metacharacter applies to the entire AS number. If the expression 850? is used, the metacharacter applies only to the last character. The expression would match 85 or 850.

Repetition: Matching a Number of Repeating Characters

You can use two metacharacters to match repeating literals: The asterisk (*) matches zero or more instances of a literal, and the plus (+) matches one or more instances. For example:

ip as-path access-list 28 permit ^(850)*$

This filter matches an AS_PATH in which there are no AS numbers, or in which one or more AS numbers 850 exist. That is, the AS path could be (850), (850, 850), (850, 850, 850), and so on.

The following filter is similar, except that there must be at least one AS number 850 in the AS_PATH:

ip as-path access-list 29 permit ^(850)+$

Boundaries: Delineating Literals

The underscore (_) is used when you want to specify a string of literals and must specify their separation. Suppose, for example, that you want to match on the specific AS_PATH (5610, 148, 284, 13). The filter is as follows:

ip as-path access-list 30 permit ^5610_148_284_13$

The underscore matches a beginning of line, an end of line, a comma, or a space. Notice the difference between the preceding filter and this filter:

ip as-path access-list 31 permit _5610_148_284_13_

Because the first filter specified the beginning and end of the line, only AS_PATH (5610, 148, 284, 13) matches. In this second filter, the specified sequence must be included in the AS_PATH, but it is not necessarily the only AS numbers in the attribute. So, AS_PATHs (5610, 148, 284, 13), (23, 15, 5610, 148, 284, 13), and (5610, 148, 284, 13, 3005) all match.

Putting It All Together: A Complex Example

The real power of regular expressions comes into play when the metacharacters are used in combination to match some complex string of literals. Consider the following filter:

ip as-path access-list 10 permit ^(550)+_[880|2304]?_1805_.*

This filter looks for AS_PATHs in which the last AS before the route was received was 550. The caret preceding that number specifies that 550 is the first number in the list. The plus sign following the number means that there must be at least one instance of 550, but there can be more. By allowing for more than one instance of the number, the filter has allowed for the possibility that AS 550 is practicing path prepending, as discussed in Chapter 3, "Configuring and Troubleshooting Border Gateway Protocol 4."

Following the one or more instances of 550, there may or may not be a single instance of either 880 or 2304. Next, there must be a single instance of 1805. The last part of the expression specifies that after 1805, the AS_PATH can consist of any number of subsequent AS numbers, including none.

Recommended Reading

Friedl, Jeffrey E. F. Mastering Regular Expressions. Sebastopol, California: O’Reilly & Associates; 1997.