Hi Ivan,
Have you tried "match mpls experimental" ?
On Fri, Mar 26, 2010 at 7:35 PM, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
> Well, it wouldn't, cause iBGP session is est between CE routers with
> RID 1.1.7.7 and 1.1.6.6.
> I added at the end of bgp ACL:
>
> 50 permit tcp host 1.1.7.7 host 1.1.6.6 eq bgp
> 60 permit tcp host 1.1.7.7 eq bgp host 1.1.6.6
> 100 permit tcp any any eq bgp
> 110 permit tcp any eq bgp any
>
> just to see if something will be matched, but no. Nothing.
>
>
> Regards
>
> On Fri, Mar 26, 2010 at 2:02 AM, Mark Matters <markccie_at_gmail.com> wrote:
> > But wouldn't that traffic already be defined with the acl's you have in
> your
> > first post?
> >
> > On Thu, Mar 25, 2010 at 8:54 PM, Mark Matters <markccie_at_gmail.com>
> wrote:
> >>
> >> I was reading about this the other day. I would say yes because all the
> >> routing is handled by the control plane.
> >> On Thu, Mar 25, 2010 at 1:34 PM, Ivan Hrvatska <ivanzghr_at_gmail.com>
> wrote:
> >>>
> >>> Now, I don't get it what you don't get.. :)
> >>> Question was about defining all INPUT traffic that will hit CP of R2
> >>> (LDP, EIGRP, BGP, OSPF) with ACLs that will be later used in class
> >>> maps. So as I'm familiar with this topic CP takes care of routing
> >>> protocol packets, all mgmt packets destined to that R2 router, and
> >>> maybe something more.
> >>> I gave scenario, told what routing protocols are running between
> >>> routers in scenario, gave what I think that solution is.
> >>> The thing that bugs me is next: if traffic traverse through the R2,
> >>> specific BGP traffic between CE routers (let's say that CE routers are
> >>> running iBGP session). And that iBGP session is established between
> >>> loopbacks, and to establish that TCP session R2 has to check it's vrf
> >>> routing table for that loopbacks, cause CE routers are exchanging OSPF
> >>> routes via MPLS VPN. Does that action of checking vrf routing table on
> >>> R2 also impact R2's CP and should be defined in one of the ACLs which
> >>> will be used in class-map, and class-maps will be used in police-map
> >>> for some policing?
> >>>
> >>> On Thu, Mar 25, 2010 at 3:34 PM, Marko Milivojevic <
> markom_at_ipexpert.com>
> >>> wrote:
> >>> > On Thu, Mar 25, 2010 at 10:32, Ivan Hrvatska <ivanzghr_at_gmail.com>
> >>> > wrote:
> >>> >> OK. It isn't like that. Each protocol has it's own policing to be
> >>> >> defined, but that is not question. Question is defining traffic with
> >>> >> ACLs for given scenario.
> >>> >
> >>> > It's pretty hard to give answer to the question you don't know :-).
> >>> > I'd go with Eseosa's answer barring more details about the actual
> >>> > question.
> >>> >
> >>> > Also note, CoPP differentiates between routing protocol traffic and
> >>> > other kinds of traffic. You can apply your policies only to the
> subset
> >>> > not even touching routing protocols.
> >>> >
> >>> > --
> >>> > Marko Milivojevic - CCIE #18427
> >>> > Senior Technical Instructor - IPexpert
> >>> >
> >>> > YES! We include 400 hours of REAL rack
> >>> > time with our Blended Learning Solution!
> >>> >
> >>> > Mailto: markom_at_ipexpert.com
> >>> > Telephone: +1.810.326.1444
> >>> > Fax: +1.810.454.0130
> >>> > Web: http://www.ipexpert.com/
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 26 2010 - 21:26:14 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:36 ART