Filtering BGP networks with access list

Discussion in 'Cisco' started by jlamanna@gmail.com, Jun 23, 2010.

  1. Guest

    Hi,
    I currently advertise 4 /24s through BGP.
    I have my distribute list set up as an access list:

    access-list 110 permit ip xxx.xxx.184.0 0.0.0.255 any
    access-list 110 permit ip xxx.xxx.185.0 0.0.0.255 any
    access-list 110 permit ip xxx.xxx.186.0 0.0.0.255 any
    access-list 110 permit ip xxx.xxx.187.0 0.0.0.255 any

    I am trying to turn up a "virtual circuit" with one of my ISPs that
    will be routing part of one of these networks to a remote site.
    Obviously, because of this, I must stop announcing this network
    through BGP with them.

    If this network is xxx.xxx.187.48/30, what is the best way to filter
    it out of the BGP advertisements?
    Can I just add:
    access-list 110 deny ip host xxx.xxx.187.48 host 255.255.255.252 to
    the beginning of my access list?
    Or do I have to do something more complicated?

    Thanks.

    -- James
    , Jun 23, 2010
    #1
    1. Advertising

  2. Daniel-G Guest

    said the following on 23/06/2010 02:11:
    > Hi,
    > I currently advertise 4 /24s through BGP.
    > I have my distribute list set up as an access list:
    >
    > access-list 110 permit ip xxx.xxx.184.0 0.0.0.255 any
    > access-list 110 permit ip xxx.xxx.185.0 0.0.0.255 any
    > access-list 110 permit ip xxx.xxx.186.0 0.0.0.255 any
    > access-list 110 permit ip xxx.xxx.187.0 0.0.0.255 any
    >
    > I am trying to turn up a "virtual circuit" with one of my ISPs that
    > will be routing part of one of these networks to a remote site.
    > Obviously, because of this, I must stop announcing this network
    > through BGP with them.
    >
    > If this network is xxx.xxx.187.48/30, what is the best way to filter
    > it out of the BGP advertisements?
    > Can I just add:
    > access-list 110 deny ip host xxx.xxx.187.48 host 255.255.255.252 to
    > the beginning of my access list?
    > Or do I have to do something more complicated?
    >
    > Thanks.
    >
    > -- James

    isn't xxx.xxx.187.48/30 included in xxx.xxx.187.0/24 ?

    am I dumb?
    Daniel-G, Jun 25, 2010
    #2
    1. Advertising

  3. Daniel-G Guest

    Daniel-G said the following on 06/25/2010 03:39 PM:
    > said the following on 23/06/2010 02:11:
    >> Hi,
    >> I currently advertise 4 /24s through BGP.
    >> I have my distribute list set up as an access list:
    >>
    >> access-list 110 permit ip xxx.xxx.184.0 0.0.0.255 any
    >> access-list 110 permit ip xxx.xxx.185.0 0.0.0.255 any
    >> access-list 110 permit ip xxx.xxx.186.0 0.0.0.255 any
    >> access-list 110 permit ip xxx.xxx.187.0 0.0.0.255 any
    >>
    >> I am trying to turn up a "virtual circuit" with one of my ISPs that
    >> will be routing part of one of these networks to a remote site.
    >> Obviously, because of this, I must stop announcing this network
    >> through BGP with them.
    >>
    >> If this network is xxx.xxx.187.48/30, what is the best way to filter
    >> it out of the BGP advertisements?
    >> Can I just add:
    >> access-list 110 deny ip host xxx.xxx.187.48 host 255.255.255.252 to
    >> the beginning of my access list?
    >> Or do I have to do something more complicated?
    >>
    >> Thanks.
    >>
    >> -- James

    > isn't xxx.xxx.187.48/30 included in xxx.xxx.187.0/24 ?
    >
    > am I dumb?

    I'd better read twice before answering
    yes deny will do it, you saw already I guess
    Daniel-G, Jun 26, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Spuds

    BGP filtering question

    Spuds, Jul 17, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,295
    Spuds
    Jul 17, 2003
  2. PS2 gamer
    Replies:
    6
    Views:
    6,823
    Hansang Bae
    Jun 9, 2004
  3. Jaime
    Replies:
    0
    Views:
    717
    Jaime
    Dec 18, 2004
  4. Glen Watson

    BGP filtering PA and PI blocks

    Glen Watson, Jun 12, 2006, in forum: Cisco
    Replies:
    7
    Views:
    1,069
  5. Southern Kiwi
    Replies:
    6
    Views:
    2,174
    Southern Kiwi
    Mar 19, 2006
Loading...

Share This Page