Reference ACL for Route Filtering. An Additional Aggregation Route is Referenced

Publication Date:  2012-07-18 Views:  261 Downloads:  0
Issue Description
BSR1 and BSR2 are two routers on the network. On BSR1, configure the routing policy to reference a specific route from BSR2.
The network topology is as follows:
On BSR 2, there are two aggregation routes 192.168.0.0/11 and 192.168.0.0/16. BSR 1 needs to apply 192.168.0.0/16.
After the configuration, both 192.168.0.0/11 and 192.168.0.0/16 are imported.
Alarm Information
None
Handling Process
On BSR1, run the following commands:
Step 1  Run system-view to enter the system view.
Step 2  Run ip ip-prefix test 192.168.0.0 0.0.255.255 greater-equal 16 less-equal 16 to configure the IPv4 address prefix list.
Set both the greater-equal and less-equal values to 16, that is, only the route with the mask of 16 bytes is imported.
Step 3  Run route-policy test permit node 10 to create the routing policy node and enter the routing policy view.
Step 4  Run if-match ip-prefix test to match the IP address prefix list.
----End
After the preceding configuration is complete, only 192.168.0.0/16 is imported. Route 192.168.0.0/11 is filtered out.
Root Cause
Check the routing policy configuration on BSR1. The applied policy matching condition is ACL. The ACL is configured as follows:
#
acl 2001
rule 10 permit source 192.168.0.0 0.0.255.255
The IP prefixes of the referenced routes are 192.168.0.0/11 and 192.168.0.0/16.
The ACL referenced by the routing policy can only be the standard ACL, that is, only the source IP address and mask are included.
A match is found if only the prefix number matches the standard ACL. The length is irrelevant (the IP prefix consists of prefix number and prefix length). Therefore, the routes both match the ACL and are imported.
Suggestions
During route filtering, note the application of ACL and IP prefix. The accurate mask length is needed. Use the IP prefix to define the mask length.

END