03-24-2014 03:55 PM - edited 03-04-2019 10:39 PM
I have a prefix list that looks something like this:
ip prefix-list my_pref_name seq 5 permit 10.1.1.0/24
ip prefix-list my_pref_name seq 10 deny 0.0.0.0/0 le 32
What does the second statement do? It was my understanding that it would block a the default route from being advertised. Is that true?
Isn't there an implicit deny at the end of a prefix list and wouldn't that implicit deny block the defalut route?
as always, thanks for your help.
03-24-2014 06:22 PM
Hi,
ip prefix-list my_pref_name seq 5 permit 10.1.1.0/24
ip prefix-list my_pref_name seq 10 deny 0.0.0.0/0 le 32
This means:-
Check the first 0 bits of the prefix 0.0.0.0
The subnet mask must be less than or equal to 32
This equates to anything
Therfore you statements means deny evething else except the 1st line
of the prefix list.
If you use a default route in a prefix list you use the following::-
ip prefix-list LIST permit 0.0.0.0/0
The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
This link may help
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfbgp.html#wp1001470
Hope this helps
Regards
Alex
03-24-2014 06:22 PM
Alex,
Prefix-lists also have an implicit deny.
Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list. When there is a match, the route is used. More specifically, whether a prefix is permitted or denied is based upon the following rules:
•An empty prefix list permits all prefixes.
•An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
•When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.
-Vishesh
03-24-2014 06:40 PM
Vishesh,
+5
Thanks for correcting my mistake, I have removed the BAD statement ftom my post
03-25-2014 06:51 AM
thanks everyone for a lively discussion.
03-25-2014 03:21 AM
Hi,
IMHO, the sentence "When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen." is not correct.
It should be "The action (permit/deny) specified in the first matching entry is chosen."
The behaviour is similar to the access-list matching.
Here is an example from my lab:
Originally, my router was receiving:
c2811-R1#sh ip bgp
BGP table version is 49, local router ID is 200.1.1.1
...
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 192.168.11.5 0 32768 i
*> 10.200.238.0/24 0.0.0.0 0 32768 i
*> 192.168.22.0 192.168.11.7 0 0 65098 i
I used
ip prefix-list test seq 15 deny 192.168.0.0/16 le 32
ip prefix-list test seq 20 permit 192.168.22.0/24 le 32
and applied it to filter the prefixes received from the 192.168.11.7 neighbor.
After that:
c2811-R1#sh ip bgp
...
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 192.168.11.5 0 32768 i
*> 10.200.238.0/24 0.0.0.0 0 32768 i
c2811-R1#
I.e., the 192.168.22.0/24 prefix was denied by the first (matching) entry within the prefix list, not permitted by the second entry. Even while the second entry was the most specific match!
Best regards,
Milan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide