Le jeudi 14 juillet 2011 à 00:00 -0700, Jonathan Lassoff a écrit : > On Wed, Jul 13, 2011 at 11:02 PM, Michael Hallgren <m.hallg...@free.fr> wrote: > > Le mercredi 13 juillet 2011 à 18:25 +0200, Daniel Verlouw a écrit : > >> see > >> <https://puck.nether.net/pipermail/juniper-nsp/2010-July/017473.html> > >> > >> Not supported. I requested an ER back then, don't think it ever got > >> implemented... > > > > Thanks Daniel, I'll do the same then... Must be considered pretty basic > > from a regexp point of view, I think. Right? :) > > From a user and standardization perspective, they seem pretty simple, > but are actually difficult to implement very efficiently since the > time it takes to do the search is non-deterministic.
Yes, I'm aware of the theoretical and the implementation sides of these things. To be more precise, I should rather have said "basic from a functional point of view in this AS_PATH context". > > Here's a nice accessible write-up about DFA vs NFA regex engines that > touches on this: http://swtch.com/~rsc/regexp/regexp1.html I good article. Thanks. > > Honestly, what's the use case of a backreference for an AS path? It > seems like BGP loop detection would never allow a path like "A X X A", > in which case if it's just used to search for repetition (as mentioned > above), why not just use the "+" and "*" operators? e.g. "^(701 )+" > For one, you may want to enforce closest exit with a peer by assigning a common (higher) local preference to A, A A, A A A, etc. To catch any A with a single policy definition, you may want to filter what you import by (.)( \1)*$. If '\1' not available, you would have to define a specific filter for each (session with) A. (Yes, I know, this should not be needed in theory, because of peering agreements. But the world is not always perfect... And, yes, I agree, it's a question of choice: feature versus additional complexity...) > Cheers, > jof Cheers mh
signature.asc
Description: This is a digitally signed message part
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp