Re: Understanding RFC1918 prefix list

GabsC2 · ‎08-15-2024

Good day,

I'm studying prefix list and I seen in several documents that they use a prefix list for RFC 1918 to explain the use of prefix lists, the list is the following:

ip prefix-list RFC1918 seq 5 permit 192.168.0.0/16 ge 32

ip prefix-list RFC1918 seq 10 deny 0.0.0.0/0 ge 32

ip prefix-list RFC1918 seq 15 permit 10.0.0.0/8 le 32

ip prefix-list RFC1918 seq 20 permit 172.16.0.0/12 le 32

ip prefix-list RFC1918 seq 25 permit 192.168.0.0/16 le 32

I understand that sequence 5 permits all /32 prefixes in the 192.168.0.0/16 bit pattern, sequence 10 denies all /32 prefixes in any bit pattern, and sequences 15, 20, and 25 permit routes in the appropriate network ranges but ge and le has the equal than so if sequence 10 blocks all the /32 IPs doesn't it blocks all the hosts IPs in the 10.0.0.0 - 172.16.0.0 and 192.168.0.0 subnets?

And doesn't the /32 hosts in the 192.168.0.0 subnet are in sequence 5? So the sequence 25 already permits the /32 hosts in the 192.168.0.0 subnet in my understanding

I don't get why sequence 10 is not at the last of the prefix list. If I had to create an prefix list to permit the RFC 1918 addresses I'll do it this way

ip prefix-list RFC1918 seq 15 permit 10.0.0.0/8 le 32

ip prefix-list RFC1918 seq 20 permit 172.16.0.0/12 le 32

ip prefix-list RFC1918 seq 25 permit 192.168.0.0/16 le 32

If someone can help me understand this I'll be very appreciated because I get, or I least I think I do, how prefix list works but this specific RFC 1918 prefix list goes beyond my understanding.

MHM Cisco World · ‎08-15-2024

where you find these prefix list

seq 5 and 10 is wrong

MHM

GabsC2 · ‎08-16-2024

Good day,

Thanks for answering @MHM Cisco World , that example is in the official updated documentation on the Cisco CCNP and CCIE Encore book and in the CCNP ENARSI book. That's why I'm asking because in both updated book they use the same example and using the same prefix lists.

GabsC2 · ‎08-16-2024

I testes the Prefix list in GNS3 and it works as I said, not as it should regarding the documentation

With the prefix list activated

R2#

interface Loopback0
ip address 172.16.50.1 255.255.255.255
ip ospf 2 area 0

From a PC connected into R1 to the lo0 of R2

PC1> ping 172.16.50.1

*10.10.10.1 icmp_seq=1 ttl=255 time=0.586 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.1 icmp_seq=2 ttl=255 time=0.594 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.1 icmp_seq=3 ttl=255 time=0.578 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.1 icmp_seq=4 ttl=255 time=0.788 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.1 icmp_seq=5 ttl=255 time=0.552 ms (ICMP type:3, code:1, Destination host unreachable)

With the prefix list deactivated

PC1> ping 172.16.50.1

84 bytes from 172.16.50.1 icmp_seq=1 ttl=254 time=1.058 ms
84 bytes from 172.16.50.1 icmp_seq=2 ttl=254 time=0.904 ms
84 bytes from 172.16.50.1 icmp_seq=3 ttl=254 time=0.979 ms
84 bytes from 172.16.50.1 icmp_seq=4 ttl=254 time=1.181 ms
84 bytes from 172.16.50.1 icmp_seq=5 ttl=254 time=0.949 ms

PC1>

MHM Cisco World · ‎08-16-2024

Ge 32 is no meaning' there is no mask larger than 32.

Let me check my notes

Thanks

MHM

GabsC2 · ‎08-16-2024

Yes, since ge means greater or equal than I get that it means all the /32 or hosts but since le means less or equal than the le /32 contains the ge /32 because there is not any mask greater than /32. That's why I doesn't understand sequences 5 and 10

MHM Cisco World · ‎08-18-2024

Hi Friend I make lab and test ge 32
indeed it use perfectly for prefix with /32
in lab I add four LO
LO1 10.1.1.1/32
LO2 10.2.2.2/32
LO3 10.3.3.3/32
LO10 10.0.0.1/24

the idea is to advertise only /32 prefix so I test three prefix
ip prefix-list MHM-1 seq 5 permit 10.0.0.0/8 le 32 <<-this make BGP advertise the prefix /32 + /24 because "le 32" meaning any prefix less than or equal 32
ip prefix-list MHM-2 seq 5 permit 10.0.0.0/8 ge 32 <<-this make BGP advertise ONLY the prefix /32 because "ge 32" here ge 32 is meaning great or equal 32, the prefix not use great than 32 part of "ge 32" because it not make sense but it totally use part equal to 32 and hence ONLY prefix equal to /32 is advertise
ip prefix-list MHM-3 seq 5 permit 10.0.0.0/0 ge 32 <<-this additional prefix I test where instead of using 10.0.0.0/8 I use 10.0.0.0/0 to show you that the prefix only care about equal /32 when we use "ge 32"

in End the book is correct this prefix list with "ge 32" is very good and simple to advertise filter prefix with /32 mask

MHM

GabsC2 · ‎08-18-2024

Good day,

Thanks for answering @MHM Cisco World . Yes, using the ge /32 for permitting only the hosts is correct, the issue is with the 2nd line

ip prefix-list RFC1918 seq 10 deny 0.0.0.0/0 ge 32

This one blocks all the traffic for all the other /32 hosts included in lines 15, 20 and 25 and there's no reason to use line 25 if I'm using line 5

MHM Cisco World · ‎08-19-2024

let list all prefix-list here and explain one by one
but before you must know care and dont care
for this prefix 192.168.0.0/16 the router care about 192.168 (16 bits) and dont care about any bits after that

ip prefix-list RFC1918 seq 5 permit 192.168.0.0/16 ge 32<<- this as I mention before match only prefix
that start with 192.168.x.x and it mask is /32

ip prefix-list RFC1918 seq 10 deny 0.0.0.0/0 ge 32<<- this prevent any prefix what ever it and it mask is /32

ip prefix-list RFC1918 seq 15 permit 10.0.0.0/8 le 32 <<- this will match any prefix start with 10.x.x.x and it mask between /8 to /32 (except 32)

ip prefix-list RFC1918 seq 20 permit 172.16.0.0/12 le 32<<- this will match any prefix start with 172.16.x.x and it mask between /12 to /32 (except 32)

ip prefix-list RFC1918 seq 25 permit 192.168.0.0/16 le 32 <<- this will match any prefix start with 192.168.x.x and it mask between /16 to /32 (except 32)

Screenshot (855).png Screenshot (858).png Screenshot (859).png