When checking the correctness of route filtering access control lists, you cannot rely on the technique we used previously (making sure that applications run correctly). Applications can run correctly even when taking a route that does not match the policy you are trying to implement. To make sure that route filtering access lists are correct, you need to use various diagnostic tools implemented in routers and hosts. The first tool is an examination of the routing table. The command show ip route displays a Cisco router’s routing table. For routing policies that affect incoming routing updates, the show ip route command can verify that your routing policy implementation is correct.

Let’s look at one of our previous routing policy implementations to see how we can use show ip route to verify an implementation’s correctness. The first example in Chapter 4 deals with the network shown in Figure 5.3.

Figure 5-3. Restricting routes sent and received

Router 3, located in Site B, seeks to restrict the routes it receives from Site D. Since Site D uses only network 19.0.0.0/8 and does not transit any traffic from any other sites, Site B should hear about network 19.0.0.0/8 only in the ...