Re: question on extended access-lists for BG P route filtering

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Fri Sep 29 2000 - 13:17:33 GMT-3

• Next message: Eddie Parra: "RE: writing on lab test"
• Previous message: Sam Munzani: "Re: writing on lab test"
• Maybe in reply to: Connary, Julie Ann: "question on extended access-lists for BG P route filtering"
• Next in thread: Kevin Baumgartner: "Re: question on extended access-lists for BG P route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Regarding same thread. Your network is different subnets of 172.16.0.0. You
are at BGP border router and told to advertise a supernet on 172.0.0.0 only
to your EBGP neighbor how do you do it?

I tried aggregate address, network address etc. but doesn't work because in
your routing table there is no route for that supernet. I tried turning off
sync and that didn't help either.

When I add a route "ip route 172.0.0.0 255.0.0.0 null 0" it works but
creates other problems. For an example, you are reaching some /30 subnets of
the same subnet using default-network command within your network. The
moment you have this /8 route, it will take precedence over default route
because of longest match rule.

Static routing is not allowed.

Sam

> Shouldn't you just use an aggregate-route with the summary-only option to
> suppress those other networks? That's seems the easiest to me. If you use
an
> access-list that says 172.16.0.0 0.0.255.255, I think it would advertise
all
> three of those networks you listed.
>
> I could be wrong.
>
> Tony
>
> ----- Original Message -----
> From: "Connary, Julie Ann" <jconnary@cisco.com>
> To: <ccielab@groupstudy.com>
> Sent: Friday, September 29, 2000 10:46 AM
> Subject: question on extended access-lists for BG P route filtering
>
>
> > Hi All,
> >
> > In Halabi's Internet routing Architecture book he has the following
> example
> > that confuses me (page 310):
> >
> > If you want to filter 172.16.0.0/16 such that only 172.16.0.0/16 and not
> > 172.16.0.0/17, 172.16.0.0/18 ... are
> > also permitted you must use and extended access-list. Thus the standard
> > access-list of will not work:
> >
> > access-list 1 permit 172.16.0.0 0.0.255.255
> >
> >
> > He then goes on to defined an extended access list as:
> >
> > access-list access-list-number permit ip network-number
> > network-do-no-care-bits mask mask-do-not-care-bit.
> >
> > And gives the following example:
> >
> > access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
> >
> >
> > My question is, where did he get that definition of an extended
> access-list
> > that says the second
> > set of address/mask pairs is a mask/mask-wildcards pair? Is this
specific
> > to how BGP will
> > use the extended-access list vs. using the access-list in say an ACL? I
> > always understood the second pair
> > was the destination network or host.
> >
> > Julie Ann
> >
> >
> >

• Next message: Eddie Parra: "RE: writing on lab test"
• Previous message: Sam Munzani: "Re: writing on lab test"
• Maybe in reply to: Connary, Julie Ann: "question on extended access-lists for BG P route filtering"
• Next in thread: Kevin Baumgartner: "Re: question on extended access-lists for BG P route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3