topic Re: IP Prefix List Question in Routing and SD-WAN

IP Prefix List Question

kramer977 — Sun, 18 Aug 2019 15:57:16 GMT

Hi all,

Quick question about prefix lists. I'm peering with a partner and injecting a route map IN (BGP), which restricts the prefixes advertised to us, but a quick question, because I'm trying to save the amount of config to be written up. The partner is advertising a lot of /23 and /24s.

Example: Let's say the partner is advertising 192.168.206.0/23 and 192.168.207.0/24 as two separate prefixes. To save 2 entries for both prefixes, I thought of writing up a config in this manner:
ip prefix-list CISCO seq 5 permit 192.168.206.0/23 le 24.

My understand is that this will allow both the 192.168.206.0/23 and 192.168.207.0/24.

Does this look correct?

Thanks

Re: IP Prefix List Question

Georg Pauwen — Sun, 18 Aug 2019 16:22:50 GMT

Hello,

ip prefix-list CISCO seq 5 permit 192.168.206.0/23 le 24.

would indeed filter both routes, however, in your specific case:

ip prefix-list CISCO seq 5 permit 192.168.206.0/23

would be sufficient, since 192.168.207.0/24 overlaps with 192.168.206.0/23.

Re: IP Prefix List Question

kramer977 — Sun, 18 Aug 2019 16:34:59 GMT

Hi Georg,

Thanks for the reply.

In my case though, 2 separate prefixes will be advertised: 192.168.206.0/23 and 192.168.207.0/24. When dealing with ip prefix lists, if you don't specify le or ge, doesn't the exact prefix match? If it was an access list, I see the /23 covering /24 and allowing, but I thought the prefix lists work a little different and match exact, without the le/ge defined. Wouldn't that be the purpose of introducing the le/ge variables?

So in my case, if I were to configure "ip prefix-list CISCO seq 5 permit 192.168.206.0/23", wouldn't the advertised prefix of 192.168.207.0/24 be blocked?

Re: IP Prefix List Question

Georg Pauwen — Sun, 18 Aug 2019 17:11:28 GMT

Hello,

I tested this n GNS3.

ip prefix-list CISCO seq 5 permit 192.168.206.0/23

filters both the 23 and the 24 route. I guess if you don't specify an 'le' it will block everything above /23.

Re: IP Prefix List Question

kramer977 — Sun, 18 Aug 2019 17:23:59 GMT

Hi,

Do you mean it filtered 192.168.206.0/23 and 192.168.206.0/24, but not the 192.168.207.0/24?

So in my case it's true, we require the le 24.

Thanks

Re: IP Prefix List Question

Georg Pauwen — Sun, 18 Aug 2019 17:29:01 GMT

Hello,

you don't require the 'le 24'. Below are the configs I used, both routes are being blocked:

router bgp 1
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 1
neighbor 192.168.1.2 route-map DENY in
!
ip prefix-list CISCO seq 5 deny 192.168.206.0/23
!
route-map DENY permit 10
match ip address prefix-list CISCO

router bgp 1
bgp log-neighbor-changes
network 192.168.206.0 mask 255.255.254.0
network 192.168.207.0
neighbor 192.168.1.1 remote-as 1
!
ip route 192.168.206.0 255.255.254.0 Null0
ip route 192.168.207.0 255.255.255.0 Null0

Re: IP Prefix List Question

Giuseppe Larosa — Mon, 19 Aug 2019 09:22:14 GMT

Hello Georg,

your configuration is using a route-map with deny action and then invokes a prefix-list with deny statement.

In my opinion both prefixes are blocked by the implicit deny any action of the route-map

Try to add the following

route-map DENY permit 20

and you will see both routes accepted.

I agree with original poster if you want to have a prefix-list matching both 192.168.206.0/23 and 1+92.168.207.0/24 I would use the following syntax

ip prefix-list CISCO permit 192.168.206.0/23 le 24.

For the original poster:

the partner is sending to you both /23 and /24 with purpose of allowing you to use the most specific route

Filtering the routes the partner is sending to you may not be a wise decision.

Edit:

for the original poster

After reading again your first post in the thread I now understand you are just trying to save lines on the prefix-list used in the route-map not to filter received routes to minimize number of received prefixes (like denying /24 if /23 exists)

Hope to help

Giuseppe

Re: IP Prefix List Question

kramer977 — Mon, 19 Aug 2019 10:28:07 GMT

Hi Giuseppe,

Yes, it's been requested that I accept both prefixes, but both prefixes will not be advertised to us at the same time. They have redundancy and fail over with in their network which will automatically control what advertisements are advertised to us, in the event of an outage. This is why they requested that both specific prefixes are allowed on our end.

I have a question out of curiosity. If I remove the le 24, for eg: ip prefix-list CISCO seq 5 permit 192.168.206.0/23,

would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?

Thanks

Re: IP Prefix List Question

Giuseppe Larosa — Mon, 19 Aug 2019 10:35:43 GMT

Hello kramer977,

yes the partner is doing some traffic engineering using more specific routes for this.

I have a question out of curiosity. If I remove the le 24, for eg: ip prefix-list CISCO seq 5 permit 192.168.206.0/23,

would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?

Yes it should allow only 192.168.206.0/23 and not the more specific prefixes.

when no operator like le or ge is present the prefix-list looks for an exact match with the prefix.

Hope to help

Giuseppe

Re: IP Prefix List Question

kramer977 — Mon, 19 Aug 2019 11:09:30 GMT

Exactly as I thought. Much appreciated, thank you.