Fwd: Re: question on extended access-lists for BG P route filtering

From: Kevin Baumgartner (kbaumgar@xxxxxxxxx)
Date: Fri Sep 29 2000 - 13:50:51 GMT-3

• Next message: Kevin M. Woods: "Re: question on extended access-lists for BG P route filtering"
• Previous message: Kevin Baumgartner: "Re: writing on lab test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
OK I just had a thought about what this access-list might by all about.
Since this is a aggregiate address this is going to be broadcast (or unicast) t
o
all BGP neighbors. Hence the destination address of 255.255.0.0 0.0.0.0.

  So if this is the case than the access-list makes sense. But I could be
completely off with this theory. Best I can come up with.

  Kevin

>Date: Fri, 29 Sep 2000 09:36:41 -0700
>To: "Connary, Julie Ann" <jconnary@cisco.com>
>From: Kevin Baumgartner <kbaumgar@witbier.cisco.com>
>Subject: Re: question on extended access-lists for BG P route filtering
>Cc: ccielab@groupstudy.com
>
>Yea I saw the same and was trying to understand how this access-list works.
>
> So the concept was to only allow the summary route 172.16.0.0 through and
>not any of the 172.16.1.0, 172.16.2.0.
>
>And access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
>
>would do this.
>
> But like you I still don't understand how this access-list will do that.
>
> Kevin
>
>
>At 10:46 AM 9/29/00 -0400, you wrote:
>>Hi All,
>>
>>In Halabi's Internet routing Architecture book he has the following example t
hat confuses me (page 310):
>>
>>If you want to filter 172.16.0.0/16 such that only 172.16.0.0/16 and not 172.
16.0.0/17, 172.16.0.0/18 ... are
>>also permitted you must use and extended access-list. Thus the standard acces
s-list of will not work:
>>
>>access-list 1 permit 172.16.0.0 0.0.255.255
>>
>>
>>He then goes on to defined an extended access list as:
>>
>>access-list access-list-number permit ip network-number network-do-no-care-bi
ts mask mask-do-not-care-bit.
>>
>>And gives the following example:
>>
>>access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
>>
>>
>>My question is, where did he get that definition of an extended access-list t
hat says the second
>>set of address/mask pairs is a mask/mask-wildcards pair? Is this specific to
how BGP will
>>use the extended-access list vs. using the access-list in say an ACL? I alwa
ys understood the second pair
>>was the destination network or host.
>>
>>Julie Ann
>>
>>
>>

• Next message: Kevin M. Woods: "Re: question on extended access-lists for BG P route filtering"
• Previous message: Kevin Baumgartner: "Re: writing on lab test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3