RE: *************:BGP and ACL

From: Liban.Mohamed@mail.sprint.com
Date: Tue Sep 10 2002 - 04:14:02 GMT-3

• Next message: Chris Hugo: "Re: changing the origin of BGP route using "set origin" command"
• Previous message: Hunt Lee: "Help Help!!"
• Next in thread: Jayashanker Warrier: "Re: RE: *************:BGP and ACL"
• Maybe reply: Jayashanker Warrier: "Re: RE: *************:BGP and ACL"
• Maybe reply: Brian McGahan: "RE: RE: *************:BGP and ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Remember guys, it's applied both the BGP peer and the interface, will
that cause anytype of blackhole.
now this was a mistake done by someOne.
 
 
 
 
 
 
thanks,
 
 

-----Original Message-----
From: rfc10000 [mailto:rfc10000@hotmail.com]
Sent: Tuesday, September 10, 2002 2:28 AM
To: Liban.Mohamed
Cc: rfc10000
Subject: *************:BGP and ACL

if the ACL apply on the bgp's neighbor, it just cause the bgp action.
if it will applied on one interface,

all the traffice on this interface will be blocked
 

----- T-J<SJ<~ -----
7"<~HK: Liban.Mohamed@mail.sprint.com
7"KMJ1<d: 2002Dj9TB10HU 13:24
JU<~HK: ccielab@groupstudy.com
3-KM: liban.mohamed@mail.sprint.com
VwLb: BGP and ACL
 
I ran to an issue last-week and i would like to get your opinion. I
have a customer that has OC3 circuit. that is running BGP with us.
below is a sample of our BGP config.

sl-gw34-chi#sho run | inc x.x.x.x
neighbor x.x.x.x.x remote-as x.x.x
neighbor x.x.x.x version 4
neighbor x.x.x.x distribute-list 86 in
neighbor x.x.x.x route-map transit-in in
neighbor x.x.x.x route-map full-routes out
neighbor x.x.x.x maximum-prefix 500

access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255
access-list 86 permit x.x.x.x 0..0.0.255

Now this is the problem. Last week they send e-mail to update thier
distribute-list. but one of the NOC engineers updated but he also
applied ACL on thier interface
he entered the following command: don't ask me why he did this ;)
config t
int pos 0/0
ip access-group 86 in

after he applied this. all traffic stoped floading this link. Will this
cause the traffic to stop. since we have ACL applied on the interface
and the BGP with the same #86

any suggestion would help..

Liban Mohamed
IP Engineer
Sprintlink Operation Engineering team
CCNA,CCDA,CCNP,CCDP.
www.sprint.net.
  _____

4SMxU>5C5=8|6`PEO"!#MSN Explorer Cb7QOBTX#: http://explorer.msn.com/lccn

• Next message: Chris Hugo: "Re: changing the origin of BGP route using "set origin" command"
• Previous message: Hunt Lee: "Help Help!!"
• Next in thread: Jayashanker Warrier: "Re: RE: *************:BGP and ACL"
• Maybe reply: Jayashanker Warrier: "Re: RE: *************:BGP and ACL"
• Maybe reply: Brian McGahan: "RE: RE: *************:BGP and ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:48 GMT-3