From: Darek Kuzma (darekk@xxxxxxxxxxxxx)
Date: Mon Jun 04 2001 - 17:22:03 GMT-3
Darren,
Yes. I think you are right.
I have to admit that I first didn't understand the requrement correctly and
thought you want to configure list to allow /19 - /32 but when I read it one
more time I realized that better means shorter so you meant /0 - /19.
Anyway for /19 - /32 I came up with:
access-list 100 permit ip 0.0.0.0 255.255.255.255 255.255.224.0 0.0.31.255
explanation:
first part will take care to advertise any network: all bits are set to 1 =
don't care so it will accept all networks
second part will make sure that mask will be at least /19 : 255.255.224.0 =
/19 and we requre that at least first 19 bits are matched (first 19 bits are
set to 0 = care bit) and we don't care about remaining 13 bits. This way we
can allow everything beetween /19 and /32.
Can you verify?
Thanks,
Darek
Darren Ward wrote:
> Hi All,
>
> I've ben asked a damn good question by a co-worker and I must admit I'm
> not exactly sure how to solve it.
>
> Q: Filter BGP advertisements to a neighbour so that only routes that are
> /19 or better are advertised WITHOUT using a prefix-list.
>
> A:
>
> I know it will be a BGP extended IP access-list using the network/mask
> pair but can't figure out the mask section properly.
>
> access-list 100 permit ip 0.0.0.0 255.255.224.0 255.255.224.0
> 225.255.224.0
>
> Now, I _think_ this means match ANY network where the last 13 bits are
> all zero AND the last 13 bits of the netmask are all zeros but allow
> more zeros the base 13 bits (greater than /19)
>
> Is this correct?
>
> Darren Ward
> (Sydney June 27-28)
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:17 GMT-3