RE: Prefix filtering (BGP)

From: Earl Aboytes (earl@xxxxxxxxxxxx)
Date: Sat May 27 2000 - 13:40:03 GMT-3

• Next message: Li Chaoyong (Company): "How to telnet into a router without password"
• Previous message: Li Chaoyong (Company): "How to telnet into a router without password"
• Maybe in reply to: Earl Aboytes: "Prefix filtering (BGP)"
• Next in thread: Kevin M. Woods: "Re: Prefix filtering (BGP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
OK. I read page 310 in Halabi's book and it is exactly the same as the doc
CD. Go figure. Halabi works for Cisco. I am sure he wrote both. I am not
sure what is going on here. Why do you need this? If you filter
160.0.0.0/8 and in the process filter 160.0.0.0/9 and others, so what!
Isn't 160.0.0.0/9 a subset of 160.0.0.0/8? Can anyone shed some light on
this?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Earl Aboytes
Senior Technical Conultant
GTE Managed Solutions
805-381-8817
earl.aboytes@telops.gte.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Muthu
Mohanasundaram
Sent: Friday, May 26, 2000 7:40 PM
To: Earl Aboytes; ccielab@groupstudy.com
Subject: Re: Prefix filtering (BGP)

Hi Earl,

I think what you need is this;

access-list 101 permit ip 160.0.0.0 0.255.255.255
255.0.0.0 0.0.0.0 ( and not 255.0.0.0 0.255.255.255)

Here the 160.0.0.0 0.255.255.255 means the all the IP
addresses whose first octect is 160.

The 255.0.0.0 0.0.0.0 means that the mask of the above
supernet should be exactly 255.0.0.0 ( as specified by
the windcards 0.0.0.0) In this case the second pair is
not the destination address and mask.

For more info see Page 310 of Bassam Halabi.

Good Luck,

Mohan.

--- Earl Aboytes <earl@linkline.com> wrote:
> Here is a kewl question.
>
> Can anyone explain what is going on here?
> Using access lists to filter supernets is a bit
> tricky. Assume, for example, that a router has
> different subnets of 160.10.x.x and you want to
> advertise 160.0.0.0/8 only. The following access
> list would permit 160.0.0.0/8, 160.0.0.0/9 and so on
> (remember, this is a class B address space).
> access-list 1 permit 160.0.0.0 0.0.0.255
>
> To restrict the update to 160.0.0.0/8 only, you have
> to use an extended access list, such as the
> following:
> access-list 101 permit ip 160.0.0.0 0.255.255.255
> 255.0.0.0 0.255.255.255
>
> What are they talking about!?!?!?!?
> To me it looks like the destination network is
> 255.0.0.0/8. Is that what is supposed to be going
> on here? Can anyone shed some light on this?
>
>

• Next message: Li Chaoyong (Company): "How to telnet into a router without password"
• Previous message: Li Chaoyong (Company): "How to telnet into a router without password"
• Maybe in reply to: Earl Aboytes: "Prefix filtering (BGP)"
• Next in thread: Kevin M. Woods: "Re: Prefix filtering (BGP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:31 GMT-3