Re: RE: *************:BGP and ACL

From: Jayashanker Warrier (jwarrier@rediffmail.com)
Date: Tue Sep 10 2002 - 04:35:48 GMT-3

• Next message: Zeb Khan: "Re: Access server configuration : Reverse Telnet"
• Previous message: Chris Hugo: "Re: changing the origin of BGP route using "set origin" command"
• Maybe in reply to: Liban.Mohamed@mail.sprint.com: "RE: *************:BGP and ACL"
• Next in thread: Brian McGahan: "RE: RE: *************:BGP and ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Before it gets to BGP the access-list in the interface will takes
whatever action you have specified. So if it is deny all it
denies all or if it is permit some and deny others it does that.

Thanks

J

On Tue, 10 Sep 2002 Liban.Mohamed@mail.sprint.com wrote :
>Remember guys, it's applied both the BGP peer and the interface,
>will
>that cause anytype of blackhole.
>now this was a mistake done by someOne.
>
>
>
>
>
>
>thanks,
>
>
>
>-----Original Message-----
> From: rfc10000 [mailto:rfc10000@hotmail.com]
>Sent: Tuesday, September 10, 2002 2:28 AM
>To: Liban.Mohamed
>Cc: rfc10000
>Subject: *************:BGP and ACL
>
>
>
>if the ACL apply on the bgp's neighbor, it just cause the bgp
>action.
>if it will applied on one interface,
>
>all the traffice on this interface will be blocked
>
>
>----- T-J<SJ<~ -----
>7"<~HK: Liban.Mohamed@mail.sprint.com
>7"KMJ1<d: 2002Dj9TB10HU 13:24
>JU<~HK: ccielab@groupstudy.com
>3-KM: liban.mohamed@mail.sprint.com
>VwLb: BGP and ACL
>
>I ran to an issue last-week and i would like to get your opinion.
>I
>have a customer that has OC3 circuit. that is running BGP with
>us.
>below is a sample of our BGP config.
>
>
>sl-gw34-chi#sho run | inc x.x.x.x
>neighbor x.x.x.x.x remote-as x.x.x
>neighbor x.x.x.x version 4
>neighbor x.x.x.x distribute-list 86 in
>neighbor x.x.x.x route-map transit-in in
>neighbor x.x.x.x route-map full-routes out
>neighbor x.x.x.x maximum-prefix 500
>
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>access-list 86 permit x.x.x.x 0..0.0.255
>
>Now this is the problem. Last week they send e-mail to update
>thier
>distribute-list. but one of the NOC engineers updated but he
>also
>applied ACL on thier interface
>he entered the following command: don't ask me why he did this
>;)
>config t
>int pos 0/0
>ip access-group 86 in
>
>after he applied this. all traffic stoped floading this link.
>Will this
>cause the traffic to stop. since we have ACL applied on the
>interface
>and the BGP with the same #86
>
>
>any suggestion would help..
>
>
>
>Liban Mohamed
>IP Engineer
>Sprintlink Operation Engineering team
>CCNA,CCDA,CCNP,CCDP.
>www.sprint.net.
> _____
>
>4SMxU>5C5=8|6`PEO"!#MSN Explorer Cb7QOBTX#:
>http://explorer.msn.com/lccn

• Next message: Zeb Khan: "Re: Access server configuration : Reverse Telnet"
• Previous message: Chris Hugo: "Re: changing the origin of BGP route using "set origin" command"
• Maybe in reply to: Liban.Mohamed@mail.sprint.com: "RE: *************:BGP and ACL"
• Next in thread: Brian McGahan: "RE: RE: *************:BGP and ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:48 GMT-3