Re: Match prefixes gt using access-list?

From: Roman Rodichev (rodic000@xxxxxxxxxxx)
Date: Sat Jun 02 2001 - 13:04:18 GMT-3

   
you are correct, that's the same thing. If you show run that's how it will
show up:

access-list 101 deny ip 0.0.0.0 255.255.224.0 0.0.0.0 255.255.224.0

>From: "Bob Chahal" <bob.chahal@ntlworld.com>
>Reply-To: "Bob Chahal" <bob.chahal@ntlworld.com>
>To: "Roman Rodichev" <rodic000@hotmail.com>, <dward@pla.net.au>,
><ccielab@groupstudy.com>
>Subject: Re: Match prefixes gt using access-list?
>Date: Sat, 2 Jun 2001 16:58:21 +0100
>
>Roman
>
>just so I can develope a clearer understanding of these types of
>access-lists wouldn't
>
>access-list 101 deny ip 0.0.0.0 255.255.224.0 0.0.0.0 255.255.224.0
>
>do the same thing as
>
>access-list 100 permit ip 0.0.0.0 255.255.224.0 255.255.224.0 225.255.224.0
>
>Bob
>----- Original Message -----
>From: "Roman Rodichev" <rodic000@hotmail.com>
>To: <bob.chahal@ntlworld.com>; <dward@pla.net.au>; <ccielab@groupstudy.com>
>Sent: Saturday, June 02, 2001 4:19 PM
>Subject: Re: Match prefixes gt using access-list?
>
>
> >
> > Actually. That's right, it depends on what you mean Darren. Is "better"
> > longer or shorter? "Better" could be a more specific route. But "Better"
> > could be a larger summary. It's just I can't find a reson why you would
>want
> > to get >/19 routes. ISPs usually want larger summaries. That's why this
> > should be correct:
> >
> > access-list 100 permit ip 0.0.0.0 255.255.224.0 255.255.224.0
>225.255.224.0
> >
> > You basically want the least significant 13 bits (last 13 bits) of the
>mask
> > to be 0's. So these masks would match:
> >
> > 255.255.224.0
> > 255.255.192.0
> > 255.255.128.0 and so on...
> >
> > But this one wouldn't: 255.255.240.0
> >
> > my 2 cents
> >
> >
> > >From: "Bob Chahal" <bob.chahal@ntlworld.com>
> > >Reply-To: "Bob Chahal" <bob.chahal@ntlworld.com>
> > >To: "Darren Ward" <dward@pla.net.au>, <ccielab@groupstudy.com>
> > >Subject: Re: Match prefixes gt using access-list?
> > >Date: Sat, 2 Jun 2001 12:35:09 +0100
> > >
> > >No sure what you mean by better but if you want to filter /19 or longer
> > >prefixes from a neighbor
> > >
> > >then
> > >
> > >access-list 101 deny ip 0.0.0.0 255.255.255.255 255.255.224.0
>0.0.31.255
> > >access-list 101 permit ip any any
> > >
> > >router bgp xx
> > >neighb y.y.y.y remote zz
> > >neighb distribute-list 101 in
> > >
> > >
> > >
> > >----- Original Message -----
> > >From: "Darren Ward" <dward@pla.net.au>
> > >To: <ccielab@groupstudy.com>
> > >Sent: Saturday, June 02, 2001 11:16 AM
> > >Subject: BGP: Match prefixes gt using access-list?
> > >
> > >
> > > > Hi All,
> > > >
> > > > I've ben asked a damn good question by a co-worker and I must admit
>I'm
> > > > not exactly sure how to solve it.
> > > >
> > > > Q: Filter BGP advertisements to a neighbour so that only routes that
>are
> > > > /19 or better are advertised WITHOUT using a prefix-list.
> > > >
> > > > A:
> > > >
> > > > I know it will be a BGP extended IP access-list using the
>network/mask
> > > > pair but can't figure out the mask section properly.
> > > >
> > > > access-list 100 permit ip 0.0.0.0 255.255.224.0 255.255.224.0
> > > > 225.255.224.0
> > > >
> > > > Now, I _think_ this means match ANY network where the last 13 bits
>are
> > > > all zero AND the last 13 bits of the netmask are all zeros but allow
> > > > more zeros the base 13 bits (greater than /19)
> > > >
> > > > Is this correct?
> > > >
> > > > Darren Ward
> > > > (Sydney June 27-28)
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > >**Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:17 GMT-3