[23662] in North American Network Operators' Group
RE: Cisco Route filtering [was Re: OPS: BGP spew from ASN 7374]
daemon@ATHENA.MIT.EDU (Alex P. Rudnev)
Fri Apr 9 06:27:42 1999
Date: Fri, 9 Apr 1999 14:23:04 +0400 (MSD)
From: "Alex P. Rudnev" <alex@Relcom.EU.net>
To: "Martin, Christian" <CMartin@mercury.balink.com>
Cc: "'alex@nac.net'" <alex@tempest.nac.net>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <c=US%a=_%p=BAIS%l=MERCURY-990408231615Z-5428@mercury.balink.com>
Errors-To: owner-nanog-outgoing@merit.edu
> > Let's assume for a moment that I have a network of 209.123/18
> > (1/4 of a
> > classful B).
> >
> > Let's further assume that my upstream filters me with:
> >
> > access-list 2002 permit ip host 209.123.0.0 host 255.255.0.0
> > neigh 2.3.4.5 distrib 2002 in
> >
> > Will my /18 announcement make it through this /16 filter?
>
>
> No. The ACL specifies an exact match.
You should change 'host 255.255.0.0' to '255.255.0.0 0.0.255.255' to
allow any _more specific_ mask. Read CISCO docs.
>
> > Would the same be true with a prefix-length filter, which I assume the
> > syntax would be:
> >
> > ip prefix-list 1 permit 209.123.0.0/16
> > neigh 2.3.4.5 prefix-list 1 in
> >
>
> Same deal.
>
> Chris
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
