RE: BGP AS path filtering - DOC CD example

From: George Cassels (glcassels3@nc.rr.com)
Date: Fri Jun 24 2005 - 17:02:42 GMT-3

• Next message: John Matus: "ipv6 isis woes #2"
• Previous message: John Matus: "ipv6 isis woes: can't get adj's up"
• Maybe in reply to: Rasal Abdul Kader: "BGP AS path filtering - DOC CD example"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually no it does not look right it will send routes that pass ASpath
acl 1 and receive routes that pass aspath acl 2 from neigh 193.1.12.10.

I have another question though. I did a lab today which wanted me to
only allow routes that came through or originated from AS 1. When I did
the AS path ACL I did

Ip as-path access-list 1 permit _1_

And under BGP I did

Router bgp X
Neigh x.x.x.x filter-list 1 in

The funny thing was that this is allowed all routes in. I then put the
aspath acl in a route-map and applied the route-map to the neighbor
inbound and it worked because there was only one seq in the route-map so
everything else was denied. My question though is are as-path ACLs like
IP based ACLs with a deny at the end of the list?

I noticed in the example from the cisco site that they show an example
with only deny statements, but say it will only block the AS's in the
list and not all.

See below

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
iprrp_r/ip2_i1g.htm#wp1036594

Examples
The following example creates autonomous-system path access list (number
500) that specifies that the BGP neighbor with IP address 10.125.1.1 is
not to be sent advertisements about any path through or from the
adjacent autonomous system 123:

ip as-path access-list 500 deny _123_

ip as-path access-list 500 deny ^123$

router bgp 109

 network 10.108.0.0

 neighbor 10.140.6.6 remote-as 123

 neighbor 10.125.1.1 remote-as 47

 neighbor 10.125.1.1 filter-list 1 out

George

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Rasal Abdul Kader
Sent: Friday, June 24, 2005 12:42 PM
To: Cisco certification
Subject: BGP AS path filtering - DOC CD example

Could someone tell if the below is correct. I got it from the DOC CD
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fipr_c/ipcprt2/1cfbgp.htm#wp1002924

--------------------------------------------------------
The following example shows BGP path filtering by neighbor. Only the
routes that pass autonomous system path access list 2 will be sent to
193.1.12.10. Similarly, only routes passing access list 3 will be
accepted from 193.1.12.10.

router bgp 200
 neighbor 193.1.12.10 remote-as 100
 neighbor 193.1.12.10 filter-list 1 out
 neighbor 193.1.12.10 filter-list 2 in
ip as-path access-list 1 permit _109_
ip as-path access-list 2 permit _200$
ip as-path access-list 2 permit ^100$
ip as-path access-list 3 deny _690$
ip as-path access-list 3 permit .*

• Next message: John Matus: "ipv6 isis woes #2"
• Previous message: John Matus: "ipv6 isis woes: can't get adj's up"
• Maybe in reply to: Rasal Abdul Kader: "BGP AS path filtering - DOC CD example"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:43 GMT-3