Table 4: Usage of 'clause.predicate.atom'

Table 4: Usage of clause.predicate.atom This complex DML attribute represents an atomic predicate, which is a predicate that can be applied to the path attribute of a route. The atomic predicate indicates the path attribute to which it applies (sub-attribute attribute), and includes an expression for matching values of that attribute (sub-attribute matcher). Zero or more instances of atom may be present within the clause.predicate attribute.

The attribute sub-attribute of atom is a simple DML attribute whose value is a string which represents a BGP path attribute to which an atomic predicate will be applied. If the value of the path attribute has multiple valid equivalent representations (such as traditional and NHI values), then the value of attribute will also indicate which representation of the path attribute the atomic predicate is to be applied to. In this manner, policy filtering can be done on any representation of the value of a path attribute. Exactly one instance of this DML attribute must be present in a clause.predicate.atom DML attribute.

Currently, the only acceptable values of attribute are origin, as_path, nhi_path, next_hop_ip, next_hop_nhi, med, local_pref, atomic_agg, aggregator_ip, aggregator_nhi, communities, originator_id_ip, originator_id_nhi, and cluster_list. As of the current implementation, the following path attributes have not been implemented (and thus their associated filtering capabilities are not yet useful): MULTI_EXIT_DISC (MED), ATOMIC_AGGREGATE, AGGREGATOR, and COMMUNITIES.

The matcher sub-attribute of atom is a simple DML attribute whose value is a string used for matching BGP path attribute values during the evaluation of an atomic predicate. An atomic predicate evaluates to true for a particular path attribute if the value of the path attribute is a successful match with the matcher string. The interpretation of the string, and what constitutes a successful match, differs for different values of attribute. It is often, though not always, a regular expression, a list of values, or a range of values. The string must be enclosed in double-quotes, though the double-quotes themselves are discarded before the string is used for matching. Exactly one instance of this DML attribute must be present in a clause.predicate.atom DML attribute. This table describes the interpretation and usage of the values of matcher given the various values of the corresponding attribute.

`attribute` value	`matcher` usage
`origin`	The only three meaningful values of `matcher` are `"igp"`, `"egp"`, and `"inc"`. They correspond to the BGP ORIGIN path attribute values of IGP, EGP, and INCOMPLETE, respectively.
`as_path`	Meaningful values of `matcher` are regular expressions for matching an AS path in string form. To be considered a successful match, the given regular expression need only fit a substring of the string form of the AS path. (A full string match can always be forced by using the standard regular expression characters `^` and `$` appropriately.) The string form of an AS path always begins and ends with a space. Following the beginning space is a sequence of space-separated AS numbers. Thus, the format of an AS path string is `" n₁ n₂ ··· n_k "` (the double-quotes are not part of the regular expression), where each `n_i` is an AS number (integer), and `k >= 1`. AS path segment type information (AS_SET and AS_SEQUENCE) is lost when an AS path is represented in this string form. Ordering of segments is preserved, and ordering of AS numbers within AS_SEQUENCE segments is preserved, but by definition, AS numbers in AS_SET segments have no defined ordering, and thus there is no pre-determined order in which the string will contain AS numbers from such a segment. For example, an AS path consisting of the AS_SEQUENCE `(1 2)` followed by the AS_SET `{3 4}` could be represented either by the string `" 1 2 3 4 "` or the string `" 1 2 4 3 "`, but no others. The standard regular expression syntax is supported for matching, along with many useful extensions. Refer to documentation for the `gnu.regexp` Java package for complete details. As an example, one might set the value of `matcher` to `"^ 3 "` to match all AS paths which begin with AS number `3`. Note the difference between `"^ 3 "` and `" 3 "`. The latter will find a match in the AS path string `" 1 2 3 4 "`, while the former will not. Also note that `"^ 3"` will match an AS path string such as `" 34 701 12 "`, due to the fact that there is no space following the `3`.
`nhi_path`	Meaningful values of `matcher` are regular expressions for matching an AS path in string form. The only difference between using `as_path` and `nhi_path` is in the way that ASes in the path are represented. For `as_path`, each element in the path is a traditional AS path number (an integer). (See the discussion of `as_path` above.) For `nhi_path`, each element in the path is an NHI address representing the AS. Because each AS in SSFNet corresponds directly to a `Net`, the NHI address of such a `Net` also serves as a unique AS identifier. The format of an AS path string using NHI addresses is `" n₁ n₂ ··· n_k "` (the double-quotes are not part of the regular expression), where each `n_i` is an NHI address, and `k >= 1`. As an example, one might set the value of `matcher` to `"^ 3:1:1 "` to match all AS paths which begin with the AS NHI identifier `3:1:1`. Refer to the preceding discussion of `as_path` for additional information.
`next_hop_ip`	Meaningful values of `matcher` are regular expressions for matching part or all of a route's next hop IP address, which is represented in dotted-quad plus prefix length notation. For example, a value of `"^129\.1\.2\.0/28$"` would only match the exact IP address `129.1.2.0/28`. (Note that different IP addresses which represent equivalent IP address blocks but which have extra bits set, such as `129.1.2.1/28`, will not be matched since matching is based only on the string comparison, not the actual IP block represented. This should not be a major concern in most scenarios.) The backslashes (`\`) are required since dot (`.`) is a special character in regular expressions. A value of `"^129"` would match any IP address beginning in `129`, and a value of `"/24$"` would match any IP address ending in `/24`, etc.
`next_hop_nhi`	Meaningful values of `matcher` are regular expressions for matching part or all of a route's next hop IP address, which is represented by an NHI address. For example, a value of `"^11:2:1(0)$"` would only match the exact NHI address `11:2:1(0)`, while a value of `"^11:"` would match any NHI address whose first network ID is `11`. Note that a value of `"^11"` would also match an NHI address such as `117:3(2)` because the trailing colon (`:`) was omitted.
`med`	Not yet implemented. A warning message is reported. The usage notes below will apply once implementation is complete. A meaningful value of `matcher` is either a (possibly empty) list of integers or a range of integers. A list of integers must either be the empty string (`""`) or be of the form `"i₁,i₂,...,i_k"`, where `k >= 1`. A range of integers must be of the form `"[j₁,j₂]"`, where `j₁` and/or `j₂` may be omitted to indicate open-ended ranges. There can be no spaces in either form of the expression. If the actual MULTI_EXIT_DISC (MED) value appears in the integer list or falls in the integer range, then there is a match. Routes with no MED attribute can be matched by using an empty integer list (`""`). For example, `"1,4,7"` matches the MED values `1`, `4` and `7`; `"[4,9]"` matches the MED values `4` through `9` inclusive; `"[3,]"` matches all MED values greater than or equal to `3`; `""` matches exactly those routes which do not have the MED attribute; and `"[,]"` matches exactly those routes which do have the MED attribute. As of the release of this document, the MED path attribute is unimplemented, and thus filtering on it is not yet meaningful.
`local_pref`	A meaningful value of `matcher` is either a (possibly empty) list of integers or a range of integers. The specification and behavior of the `matcher` in this case is perfectly analogous to the `med` case described previously.
`atomic_agg`	Not yet implemented. A warning message is reported.
`aggregator`	Not yet implemented. A warning message is reported.
`communities`	Not yet implemented. A warning message is reported.
`originator_id_ip`	Meaningful values of `matcher` are regular expressions for matching part or all of a route's originator ID. In this case, an originator ID is an IP address represented in dotted-quad plus prefix length notation. The specification and behavior of the `matcher` in this case is perfectly analogous to the `next_hop_ip` case described above.
`originator_id_nhi`	Meaningful values of `matcher` are regular expressions for matching part or all of a route's originator ID. In this case, an originator ID is an NHI address. The specification and behavior of the `matcher` in this case is perfectly analogous to the `next_hop_nhi` case described previously.
`cluster_list`	Meaningful values of `matcher` are regular expressions for matching a cluster list in string form. To be considered a successful match, the given regular expression need only fit a substring of the string form of the cluster list. The string form of the cluster list always begins and ends with a space. Following the beginning space is a sequence of space-separated cluster numbers. Thus, the format of a cluster list string is `" n₁ n₂ ··· n_k "` (the double-quotes are not part of the regular expression), where each `n_i` is a cluster number (integer), and `k >= 1`. Matching for cluster lists works the same way as does matching for AS paths. (See the above discussion regarding the `attribute` value of `as_path`.)