Solved

eBGP policy and ACL in interface

Posted on 2016-11-18
7
52 Views
Last Modified: 2016-11-21
Hi Anyone can answer the question? Two routers (RouterA and B) have eBGP connection. RouterA sends the routes 10.0.0.0 and 20.0.0.0 to routerB. The routerB’ interface allow 10.0.0.0 in and routerB’ eBGP allow 20.0.0.0 in. My question is which route can come into the routerB? Thank you
0
Comment
Question by:eemoon
  • 4
  • 3
7 Comments
 
LVL 27

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 41894114
Since ACLs in your case are assigned to interface and traffic from other router is permitted - All routes that are advertised from other eBGP peer will be accepted. Filtering routes is performed by distribution lists in BGP configuration. Distribution lists filter routes according to ACL list and direction in which filtering is applied.
0
 

Author Comment

by:eemoon
ID: 41894959
Hi Predrag Jovic, Thank you so much for your fast reply.
If the ACL is used in interface or in route-map(and then used in bgp), i think the former is only filter traffic/data and do not filter routes. The later can directly filter routes. Do you think i am right?
0
 
LVL 27

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 41895019
Not sure that I can understand properly last post, so here comes example. :)
This one will filter traffic, but not routes:
access-list 100 permit ip x.x.x.x 0.0.0.255 y.y.y.y 0.0.255.255
!
interface gi0/1
 ip access-group 100 in

Open in new window

This one will filter routes (there are also other ways to achieve the same (link below)):
router bgp 1567
 neighbor x.x.x.x remote-as 2065
 neighbor x.x.x.x distribute-list 101 in
!
access-list 101 permit ip x.x.x.0 0.0.0.255 255.255.255.0 0.0.0.255

Open in new window

This access-list permits routes that are subnets of x.x.x.0/24. (permits x.x.x.0/24, x.x.x.0/25, x.x.x.128/25, x.x.x.0/26, x.x.x.64/26  ..... etc...)

For more details please read Cisco article - Block One or More Networks From a BGP Peer
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:eemoon
ID: 41895153
We agree on the issue. so I can summarize it like this: All ACL only impact on traffic directly and do not impact routes if the ACL is associated with interface. And all the ACL only impact on routes and do not impact traffic directly if the ACL is associated with routing protocol and not associated with interface, right?
0
 
LVL 27

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 500 total points
ID: 41895355
Sounds good. The way it is written I would remove word "all" from both sentences, but than again, I am not native speaker.
0
 

Author Closing Comment

by:eemoon
ID: 41895936
Thank you!
0
 
LVL 27

Expert Comment

by:Predrag Jovic
ID: 41895953
You're welcome.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Destination host unreachable 12 95
EIGRP Load sharing 12 75
WAN Site Edge Routers 15 56
EIGRP - redistribute without the default route 5 36
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question