Solved

eBGP policy and ACL in interface

Posted on 2016-11-18
7
64 Views
Last Modified: 2016-11-21
Hi Anyone can answer the question? Two routers (RouterA and B) have eBGP connection. RouterA sends the routes 10.0.0.0 and 20.0.0.0 to routerB. The routerB’ interface allow 10.0.0.0 in and routerB’ eBGP allow 20.0.0.0 in. My question is which route can come into the routerB? Thank you
0
Comment
Question by:eemoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 29

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 41894114
Since ACLs in your case are assigned to interface and traffic from other router is permitted - All routes that are advertised from other eBGP peer will be accepted. Filtering routes is performed by distribution lists in BGP configuration. Distribution lists filter routes according to ACL list and direction in which filtering is applied.
0
 

Author Comment

by:eemoon
ID: 41894959
Hi Predrag Jovic, Thank you so much for your fast reply.
If the ACL is used in interface or in route-map(and then used in bgp), i think the former is only filter traffic/data and do not filter routes. The later can directly filter routes. Do you think i am right?
0
 
LVL 29

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 41895019
Not sure that I can understand properly last post, so here comes example. :)
This one will filter traffic, but not routes:
access-list 100 permit ip x.x.x.x 0.0.0.255 y.y.y.y 0.0.255.255
!
interface gi0/1
 ip access-group 100 in

Open in new window

This one will filter routes (there are also other ways to achieve the same (link below)):
router bgp 1567
 neighbor x.x.x.x remote-as 2065
 neighbor x.x.x.x distribute-list 101 in
!
access-list 101 permit ip x.x.x.0 0.0.0.255 255.255.255.0 0.0.0.255

Open in new window

This access-list permits routes that are subnets of x.x.x.0/24. (permits x.x.x.0/24, x.x.x.0/25, x.x.x.128/25, x.x.x.0/26, x.x.x.64/26  ..... etc...)

For more details please read Cisco article - Block One or More Networks From a BGP Peer
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:eemoon
ID: 41895153
We agree on the issue. so I can summarize it like this: All ACL only impact on traffic directly and do not impact routes if the ACL is associated with interface. And all the ACL only impact on routes and do not impact traffic directly if the ACL is associated with routing protocol and not associated with interface, right?
0
 
LVL 29

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 41895355
Sounds good. The way it is written I would remove word "all" from both sentences, but than again, I am not native speaker.
0
 

Author Closing Comment

by:eemoon
ID: 41895936
Thank you!
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 41895953
You're welcome.
0

Featured Post

Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AS-Path BGP Attribute 7 44
TLS 1.0 & Windows 7 - How to disable? 16 249
VLAN access port question 3 51
Unable to login to Cisco C800 Ver 15.3(3)M4 8 57
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question