Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

eBGP policy and ACL in interface

Posted on 2016-11-18
7
Medium Priority
?
72 Views
Last Modified: 2016-11-21
Hi Anyone can answer the question? Two routers (RouterA and B) have eBGP connection. RouterA sends the routes 10.0.0.0 and 20.0.0.0 to routerB. The routerB’ interface allow 10.0.0.0 in and routerB’ eBGP allow 20.0.0.0 in. My question is which route can come into the routerB? Thank you
0
Comment
Question by:eemoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 31

Assisted Solution

by:Predrag
Predrag earned 2000 total points
ID: 41894114
Since ACLs in your case are assigned to interface and traffic from other router is permitted - All routes that are advertised from other eBGP peer will be accepted. Filtering routes is performed by distribution lists in BGP configuration. Distribution lists filter routes according to ACL list and direction in which filtering is applied.
0
 

Author Comment

by:eemoon
ID: 41894959
Hi Predrag Jovic, Thank you so much for your fast reply.
If the ACL is used in interface or in route-map(and then used in bgp), i think the former is only filter traffic/data and do not filter routes. The later can directly filter routes. Do you think i am right?
0
 
LVL 31

Accepted Solution

by:
Predrag earned 2000 total points
ID: 41895019
Not sure that I can understand properly last post, so here comes example. :)
This one will filter traffic, but not routes:
access-list 100 permit ip x.x.x.x 0.0.0.255 y.y.y.y 0.0.255.255
!
interface gi0/1
 ip access-group 100 in

Open in new window

This one will filter routes (there are also other ways to achieve the same (link below)):
router bgp 1567
 neighbor x.x.x.x remote-as 2065
 neighbor x.x.x.x distribute-list 101 in
!
access-list 101 permit ip x.x.x.0 0.0.0.255 255.255.255.0 0.0.0.255

Open in new window

This access-list permits routes that are subnets of x.x.x.0/24. (permits x.x.x.0/24, x.x.x.0/25, x.x.x.128/25, x.x.x.0/26, x.x.x.64/26  ..... etc...)

For more details please read Cisco article - Block One or More Networks From a BGP Peer
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:eemoon
ID: 41895153
We agree on the issue. so I can summarize it like this: All ACL only impact on traffic directly and do not impact routes if the ACL is associated with interface. And all the ACL only impact on routes and do not impact traffic directly if the ACL is associated with routing protocol and not associated with interface, right?
0
 
LVL 31

Assisted Solution

by:Predrag
Predrag earned 2000 total points
ID: 41895355
Sounds good. The way it is written I would remove word "all" from both sentences, but than again, I am not native speaker.
0
 

Author Closing Comment

by:eemoon
ID: 41895936
Thank you!
0
 
LVL 31

Expert Comment

by:Predrag
ID: 41895953
You're welcome.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question