BGP redistribute route-map question.

Would anyone like to take a stab at how I am getting so many matches on my ACL?

Thanks, Crzzy1

Would anyone like to take a stab at how I am getting so many matches on my ACL?

Thanks, Crzzy1

Beats me. Almost seems that the matches really coincide with the implicit deny all at the end. Don't understand why these host matches get a match, either.

I'd like to see what happens with a "deny" on line 10 instead of a permit, and a "permit any any" at line 20.......

It could be that "host 0.0.0.0" actually is the internal coding for "any" in an access list. Although I would expect that it would come back as "permit ip any any" on show running-config.

Ah wait a minute!!! Surely these should be standard ACLs? What does ANY extended ACL mean in the context of route filtering? What is the source, what is the dest.?

I have written the stuff below now so I will leave it in but I can't see that it is relevant given the above.

Might just be a bug, after all who is going to test such an ACL?

10 permit ip host 0.0.0.0 host 0.0.0.0 is synonymous with 10 permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

ie all zeros IP address with no wildcard bits.

I suppose that the BGP process might interpret that as a default route or something but that would be a bug.

Surely the answer is to get rid of that line in the ACL and put in what is required?

Usually all routes would be of course perm ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

zeros IP address with all bits wildcarded.

Ah wait a minute!!! Surely these should be standard ACLs? What does ANY extended ACL mean in the context of route filtering? What is the source, what is the dest.?

I'm stumped as to why you are seeing so many matches. But as to your other question..... Extended ACLs have always ben a tool used in route filtering.

For instance, if I wanted to look for any route at all which had an exact msk of /19:

access-list 199 permit ip 0.0.0.0 255.255.0.0 255.255.224.0 0.0.0.0

This is saying look for a route which looks like this x.x.0.0 (0.0.0.0

255.255.0.0)

AND has an exact mask of 255.255.224.0 (255.255.224.0 0.0.0.0)

Using extended ACLs for purposes such as this has been around for a while, before prefix lists, I beleive. An extended ACL is not always looking for source and destination addresses, you see......

-ja

I see no reason to use an extended ACL for redistribution. Just a standard ACL or a distribute list will do. I agree with Rob (also BOD43), that this is probably a bug, Rob is right in asking who would ever use it for this purpose, and therefore test it for this, or even care?

Crzzy1

Again, I don't know why all the matches, either. I was simply pointing out that using an extended ACL for the purpose of route filtering is an available tool, and when doing so the commonly understood idea of "Source_Add +wcm" / "Dest_Add + wcm" doesn't apply...

-ja