eBGP policy and ACL in interface

Hi Anyone can answer the question? Two routers (RouterA and B) have eBGP connection. RouterA sends the routes 10.0.0.0 and 20.0.0.0 to routerB. The routerB’ interface allow 10.0.0.0 in and routerB’ eBGP allow 20.0.0.0 in. My question is which route can come into the routerB? Thank you
eemoonAsked:
Who is Participating?
 
JustInCaseCommented:
Not sure that I can understand properly last post, so here comes example. :)
This one will filter traffic, but not routes:
access-list 100 permit ip x.x.x.x 0.0.0.255 y.y.y.y 0.0.255.255
!
interface gi0/1
 ip access-group 100 in

Open in new window

This one will filter routes (there are also other ways to achieve the same (link below)):
router bgp 1567
 neighbor x.x.x.x remote-as 2065
 neighbor x.x.x.x distribute-list 101 in
!
access-list 101 permit ip x.x.x.0 0.0.0.255 255.255.255.0 0.0.0.255

Open in new window

This access-list permits routes that are subnets of x.x.x.0/24. (permits x.x.x.0/24, x.x.x.0/25, x.x.x.128/25, x.x.x.0/26, x.x.x.64/26  ..... etc...)

For more details please read Cisco article - Block One or More Networks From a BGP Peer
0
 
JustInCaseCommented:
Since ACLs in your case are assigned to interface and traffic from other router is permitted - All routes that are advertised from other eBGP peer will be accepted. Filtering routes is performed by distribution lists in BGP configuration. Distribution lists filter routes according to ACL list and direction in which filtering is applied.
0
 
eemoonAuthor Commented:
Hi Predrag Jovic, Thank you so much for your fast reply.
If the ACL is used in interface or in route-map(and then used in bgp), i think the former is only filter traffic/data and do not filter routes. The later can directly filter routes. Do you think i am right?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
eemoonAuthor Commented:
We agree on the issue. so I can summarize it like this: All ACL only impact on traffic directly and do not impact routes if the ACL is associated with interface. And all the ACL only impact on routes and do not impact traffic directly if the ACL is associated with routing protocol and not associated with interface, right?
0
 
JustInCaseCommented:
Sounds good. The way it is written I would remove word "all" from both sentences, but than again, I am not native speaker.
0
 
eemoonAuthor Commented:
Thank you!
0
 
JustInCaseCommented:
You're welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.