From: Earl Aboytes (earl@xxxxxxxxxxxx)
Date: Mon Aug 28 2000 - 04:55:48 GMT-3
John,
This confused me for a long time also. It has to do with route aggregation
in the BGP tables. If you want to restrict an update to only one advertised
supernet, you could use an access-list with a distribute list to restrict an
update of only the supermet. For example, if you had many subnets and
wanted to advertise specific submets to one ISP (we'll call it ISP1) and you
wanted to send just the supernet to another ISP (we'll call it ISP2) then
you could use a prefix filter for ISP2 to send only the supernet.
ISP1 router
AS 10
10.10.10.10
ISP2 Router
AS 20
20.20.20.20
Your router
AS 30
30.30.30.30
neighbor 10.10.10.10 remote-as 10
neighbor 20.20.20.20 remote-as 20
neighbor 20.20.20.20 distribute-list 101 out
Access-list 101 permit ip 30.0.0.0 0.0.0.0 255.0.0.0 0.0.0.0
This permits only the advertisement of 30.0.0.0/8 and nothing else to
neighbor 20.20.20.20 at ISP2. The wildcards after the prefix permit only
that prefix. The wildcards after the mask permit only that mask.
Hope this helps.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Earl Aboytes CCIE #6097
Senior Technical Consultant
GTE Managed Solutions
805-381-8817
earl.aboytes@verizon.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of John
Conzone
Sent: Sunday, August 27, 2000 4:52 PM
To: Kent; Aaron DuShey; 'Simon Baxter'; 'CCIE Group Study (E-mail)'
Subject: Re: An access-list challenge
Guys, someone help me out. I'm all right with class b, class c, and even
and odd. But the mask thing is confusing me.
How do you filter a mask in an bgp update? Source of the route okay, the
destination the route points to okay, but the mask?
I don't get it and its pissing me off!
----- Original Message -----
From: "Kent" <cciecn@yahoo.com>
To: "Aaron DuShey" <aaron.dushey@dushey-consulting.com>; "'Simon Baxter'"
<Simon.Baxter@au.logical.com>; "'CCIE Group Study (E-mail)'"
<ccielab@groupstudy.com>
Sent: Sunday, August 27, 2000 7:20 PM
Subject: RE: An access-list challenge
> Mine looks like this:
>
> 101 deny ip 128.0.0.0 63.254.255.255 0.0.0.0
> 255.254.0.0
>
> 101 deny ip 192.0.1.0 31.255.254.255 255.255.255.128
> 0.0.0.127
>
> 101 permit any
>
> I assume that 135.120.0.0 is a even class B and
> 192.168.1.0 is odd class C.
>
> Thanks
>
> Kent
>
> --- Aaron DuShey <aaron.dushey@dushey-consulting.com>
> wrote:
> > access-list 101 deny ip 129.0.0.0 0.254.255.255
> > host 255.255.0.0
> > access-list 101 deny ip 192.168.1.0 0.0.254.255
> > host 255.255.255.0
> >
> > 1st statement-Deny even numbered class B matching
> > last bit in 2nd octet as
> > even-host 255.255.0.0 matches class B
> > 2nd statement-Deny odd(1) numbers class c(host
> > 255.255.255.0)
> >
> > Yes no?
> > good challenge
> >
> > Aaron DuShey
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > Simon Baxter
> > Sent: Saturday, August 26, 2000 5:51 PM
> > To: CCIE Group Study (E-mail)
> > Subject: An access-list challenge
> >
> >
> > For anybody up to it..
> >
> > not too nasty..
> >
> > RTRA
> > router bgp 100
> > distribute-list 101 in
> >
> >
> > create access-list 101 so that RTRA doesn't accept
> > even numbered class B
> > routes with a mask <16 bits or odd numbered class C
> > routes with a mask >24
> > bits.
> >
> >
> >
> > I hope it didn't take you as long as it did me!!
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:31 GMT-3