From: Kevin M. Woods (kev@xxxxxxx)
Date: Sat May 27 2000 - 15:57:26 GMT-3
When using distribute-lists it is always best to be as specific as possible
for the routes in question. Leaking routes is never a good idea.
Suppose you only wanted 160.0.0.0/19 at a private interconnect point so you
configure:
router bgp 64512
nei 10.0.1.1 remote-as 64513
nei 10.0.1.1 distribute-list 10 in
!
access-list 10 permit 160.0.0.0 0.0.31.255
This is fine, but your peering partner can still sneak in 160.0.0.0/8, or a
160.0.0.0/16, etc. This could lead to a saturated circuit. The same goes
for the other way around--suppose you only wanted to send out 160.0.0.0/19.
Of course extended access-lists are not the best way to solve this problem;
prefix-lists have several advantages including better readability, sequence
numbers for incremental updates, faster processing, etc:
router bgp 64512
nei 10.0.1.1 remote-as 64513
nei 10.0.1.1 prefix-list as64513-in in
!
ip prefix-list as64513-in description Private Interconnect (AS64513)
ip prefix-list as64513-in seq 10 permit 160.0.0.0/19
Kevin
// OK. I read page 310 in Halabi's book and it is exactly the same as the doc
// CD. Go figure. Halabi works for Cisco. I am sure he wrote both. I am not
// sure what is going on here. Why do you need this? If you filter
// 160.0.0.0/8 and in the process filter 160.0.0.0/9 and others, so what!
// Isn't 160.0.0.0/9 a subset of 160.0.0.0/8? Can anyone shed some light on
// this?
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Earl Aboytes
// Senior Technical Conultant
// GTE Managed Solutions
// 805-381-8817
// earl.aboytes@telops.gte.com
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:31 GMT-3