Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5528
Views
0
Helpful
4
Replies

ip prefix-list modification help

ben.posner
Level 1
Level 1

‎08-06-2010 12:26 PM - edited ‎03-01-2019 02:20 PM

i need to modify my internet edge bgp advertisements to exclude a small slice of the end of our ip space and i can't wrap my brain around what i need to do to modify the prefix list. my company uses the 192.168.0.0 thru 192.168.11.255 ip space and shown below in our existing bgp configuration (slightly modified to protect the innocent). I want to cut out the very last /29 net out of the 192.168.11.0 network.

router bgp 65001

bgp always-compare-med

bgp log-neighbor-changes

bgp bestpath as-path multipath-relax

neighbor 1.1.1.1 remote-as 65002

neighbor 1.1.1.1 ebgp-multihop 255

maximum-paths 2

!

address-family ipv4

  neighbor 1.1.1.1 activate

  neighbor 1.1.1.1 prefix-list mycompany-list out

  network 192.168.0.0 mask 255.255.248.0

  network 192.168.8.0 mask 255.255.252.0

ip prefix-list mycompany-list seq 70 permit 192.168.0.0/21 le 24

ip prefix-list mycompany-list seq 71 permit 192.168.8.0/22 le 24

now, i know i could just remove the prefix-list and change the advertised networks with the following but i'd really like to know how to do it via a prefix-list.

network 192.168.0.0       255.255.248.0

network 192.168.8.0       255.255.254.0

network 192.168.10.0     255.255.255.0

network 192.168.11.0     255.255.255.128

network 192.168.11.128  255.255.255.192

network 192.168.11.192  255.255.255.224

network 192.168.11.224  255.255.255.240

network 192.168.11.240  255.255.255.248

Any help that anyone can provide is much appreciated!

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-07-2010 03:16 AM

Hello Ben,

you need to explicitly deny the subnet that you don't want to advertise with a statement with the lowest sequence number in order to be processed first.

let's suppose you want to deny 192.168.5.0/24:

conf t

ip prefix-list mycompany-list seq 10 deny 192.168.5.0/24

end

you shoul see:

>>ip prefix-list mycompany-list seq 10 deny 192.168.5.0/24

ip prefix-list mycompany-list seq 70 permit 192.168.0.0/21 le 24

ip prefix-list mycompany-list seq 71 permit 192.168.8.0/22 le 24

Hope to help

Giuseppe

0 Helpful

ben.posner
Level 1
Level 1
In response to Giuseppe Larosa

‎08-08-2010 06:33 PM

i tried applying your suggestion and we still saw the larger 192.168.8.0/22 supernet being advertised... still missing something.

i tried writing the prefix-list explictitly stating only the networks i wanted advertised but something went wrong and we lost some internet connectivity from the outside so i had to pull things back to the way they were. this is what i tried:

first i added lines 75 thur 105 so the list looked like this:

ip prefix-list stateofnh-list seq 65 deny 192.168.11.248/29       <- your suggestion applied

ip prefix-list stateofnh-list seq 70 permit 192.168.0.0/21 le 24  <- original line

ip prefix-list stateofnh-list seq 71 permit 192.168.8.0/22 le 24  <- oiriginal line

ip prefix-list stateofnh-list seq 75 permit 192.168.8.0/23          <- new stuff starts here

ip prefix-list stateofnh-list seq 80 permit 192.168.10.0/24

ip prefix-list stateofnh-list seq 85 permit 192.168.11.0/25

ip prefix-list stateofnh-list seq 90 permit 192.168.11.128/26

ip prefix-list stateofnh-list seq 95 permit 192.168.11.192/27

ip prefix-list stateofnh-list seq 100 permit 192.168.11.224/28

ip prefix-list stateofnh-list seq 105 permit 192.168.11.240/29

then i removed lines 65 and 71 leaving just this:

ip prefix-list stateofnh-list seq 70 permit 192.168.0.0/21 le 24  <- original line

ip prefix-list stateofnh-list seq 75 permit 192.168.8.0/23          <- new stuff

ip prefix-list stateofnh-list seq 80 permit 192.168.10.0/24

ip prefix-list stateofnh-list seq 85 permit 192.168.11.0/25

ip prefix-list stateofnh-list seq 90 permit 192.168.11.128/26

ip prefix-list stateofnh-list seq 95 permit 192.168.11.192/27

ip prefix-list stateofnh-list seq 100 permit 192.168.11.224/28

ip prefix-list stateofnh-list seq 105 permit 192.168.11.240/29

but like i said, suddenly several sites we host became unavailable from and i quickly peeled everything back. suggestions?

0 Helpful

ben.posner
Level 1
Level 1
In response to ben.posner

‎08-09-2010 02:27 PM

well, turns out this was all for naught! our isp won't even advertise any network smaller than a /25... had to pull it all back the way it was.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ben.posner

‎08-10-2010 04:19 AM

Hello Ben,

yes in the public internet the limit can be /24

so you were worrying about advertising a subnet filtered by your provider

this also explains the connectivity problems that you had during the attempt.

Sorry if I've given you misleading information.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents