We deploy BGP route policy on the new link that connect between GW and ISP for mapping and filter the traffic forwarding to ISP and make the traffic balance between GW and ISP. But it cannot match the route so traffic will be discarding and no have traffic pass through the new link
Modify ACL 2101 and 2102 that was filter route to be advertised out to TI network by separate some IP pool out from those ACL and create it into new ACL 2501 and 2502
Create new route-policy new-med-TI1 and match new ACL into this new policy then apply cost by follow the old policy med-TI1 on each router.
no have traffic pass through
We try to modify new ACL to match the Pool to be full class not sub-class and deny this pool out from the old ACL as below
acl number 2502
rule 130 permit source 22.214.171.124 0.0.63.255
rule 140 permit source 126.96.36.199 0.0.63.255
rule 150 permit source 188.8.131.52 0.0.63.255
rule 160 permit source 184.108.40.206 0.0.63.255
rule 5000 deny
acl number 2102
undo rule 130 permit source 220.127.116.11 0.0.63.255
undo rule 140 permit source 18.104.22.168 0.0.63.255
undo rule 150 permit source 22.214.171.124 0.0.63.255
undo rule 160 permit source 126.96.36.199 0.0.63.255
rule 130 deny source 188.8.131.52 0.0.63.255
rule 140 deny source 184.108.40.206 0.0.63.255
rule 150 deny source 220.127.116.11 0.0.63.255
rule 160 deny source 18.104.22.168 0.0.63.255
We check the ACL match on the new link and found that it cannot match the IP pool that we put it in the ACL.
We display the statistics of traffic flow on the interface and found that no have any traffic pass out to MTG-GW
Before send routing to peer, router will check if the routing already be aggregated, and then check ACL. Because the routing already is aggregated, so when it checking ACL, all the rules that are the sub-network cannot be matched, only rule 5000 is matched, so it will be deny.