Tuesday, March 6, 2012

Route-Filtering-ACL

Some route filtering examples are below and a little bit of explanation.
ip access-list standard incoming_updates
Permit 206.200.10.0  =match everything that begins with 206.200.10.0 and it can be any prefix length size /25/26/26/28/ - /32. If the last octet is anything but 0 then it does not match and will not be permitted.
Permit 206.200.10.0 0.0.0.255 = match only 206.200.10 and permit anything else on the last octet. It can be any prefix length /25/26/26/28/ - /32

Some examples are below of what gets filtered and what does not with each of the above statements in BGP.

On the neighboring router, I am advertising 206.200.10.0/27 and 206.200.10.32/27. When I permit only 206.200.10.0, I can only see 206.200.10.0/27 in my bgp topology.  When I permit 206.200.10.0 0.0.0.255 I can then see both routes, 206.200.10.0/27 and 206.200.10.32/27.

R2#show ip access-lists incoming-updates
Standard IP access list incoming-updates
    10 permit 10.10.10.0 (7 matches)
    20 permit 11.11.11.0 (7 matches)
    30 permit 206.200.10.0 (1 match)

R2#show ip bgp
BGP table version is 23, local router ID is 11.11.11.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.10.0/24    11.11.11.1               0             0 6500 i
r> 11.11.11.0/24    11.11.11.1               0             0 6500 i
*> 206.200.10.0/27  11.11.11.1               0             0 6500 i
R2#

Standard IP access list incoming-updates
    10 permit 10.10.10.0 (8 matches)
    20 permit 11.11.11.0 (8 matches)
    30 permit 206.200.10.0, wildcard bits 0.0.0.255 (2 matches)

R2#show ip bgp
BGP table version is 24, local router ID is 11.11.11.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.10.0/24    11.11.11.1               0             0 6500 i
r> 11.11.11.0/24    11.11.11.1               0             0 6500 i
*> 206.200.10.0/27  11.11.11.1               0             0 6500 i
*> 206.200.10.32/27 11.11.11.1               0             0 6500 i
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)