Re: BGP filtering

From: Jason Gardiner (gardiner@xxxxxxxxxx)
Date: Wed Aug 08 2001 - 09:59:48 GMT-3

• Next message: Rick Foltz: "routing loop scenerio"
• Previous message: Yves Fauser: "Re: Manipulating Administrative Distances"
• Maybe in reply to: Sal Nathoo: "BGP filtering"
• Next in thread: Sal Nathoo: "Re: BGP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This is just off the top of my head; I haven't run through it, yet. But
you show:

> ip prefix-list NAMEONE {permit|deny} 192.168.160.0/16 le 19

Isn't 192.168.160.0/16 a part of 192.168.0.0?

It should be ip prefix-list NAMEONE {permit|deny} 192.168.160.0/19 le 19

The number after the le only indicates the length of the subnets allowed
to be announced out of the aggregate block. It would only allow the /19
to get through, not, say 192.168.161.0/24. This is how many of the
larger providers work to reduce the size of the global routing table.

Jon Carmichael wrote:
>
> It sounds as if you are asking for a filter of a range of NLRI when you say
> "range of routes." In all cases, when I'm thinking of a "range" I must go
> back to the binary, --frequently I draw two numbers in binary on a scratch
> paper and a line where I think the mask would go, and then I can see the
> range. -And why? Because I'm going to write a access-list and I need to
> figure out the proper wildcard mask. --So I would take your example, --of
> say 100 to 500, --but 500 does not fit in anybody's eight bit octet. How
> about 160 to 192, because it's easy to see... So draw both numbers on a
> piece of paper like this....
>
> 1010000 --binary 160
> 1100000 --binary 192
>
> and then I draw a vertical line with my simulated pencil here, this line is
> where the mask would go, --say..
>
> |
> 101|00000
> 110|00000
> |
> 000|11111
>
> And then I invert that as 00011111, which is decimal 31, and for a range of
> NLRI of say 192.168.160.0 thru 192.168.192.0 I can write my access list for
> a route filter as ..
>
> access-list 1 {permit|deny} 192.168.160.0 0.0.31.255
>
> I think I do this almost once every day.
>
> Prefix lists are still a little elusive to me tho, --so I play with those a
> little more lately, --where if I wanted to do exactly the same
> thing, --perhaps someone will jump in and help us out here....
>
> ip prefix-list NAMEONE {permit|deny} 192.168.160.0/16 le 19
>
> That does not work, --when you go back and do a "show ip prefix-list" it
> looks like 192.168.0.0/16 le 19. Can anybody tell us how to do the same
> thing with a prefix-list?
>
> JONC
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Sal Nathoo
> Sent: Tuesday, August 07, 2001 2:56 PM
> To: ccielab@groupstudy.com
> Subject: BGP filtering
>
> Hi Guys,
>
> Can someone tell me commands are used to filter a
> range of routes (ex. between 100 to 500) from EBGP
> neighbors?
>
> Thanks in advance
>
> Saleem
>

• Next message: Rick Foltz: "routing loop scenerio"
• Previous message: Yves Fauser: "Re: Manipulating Administrative Distances"
• Maybe in reply to: Sal Nathoo: "BGP filtering"
• Next in thread: Sal Nathoo: "Re: BGP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3