bgp prefix list question

DARYLE DIANIS · ‎03-24-2014

I have a prefix list that looks something like this:

ip prefix-list my_pref_name seq 5 permit 10.1.1.0/24

ip prefix-list my_pref_name seq 10 deny 0.0.0.0/0 le 32

What does the second statement do? It was my understanding that it would block a the default route from being advertised. Is that true?

Isn't there an implicit deny at the end of a prefix list and wouldn't that implicit deny block the defalut route?

as always, thanks for your help.

acampbell · ‎03-24-2014

Hi,

ip prefix-list my_pref_name seq 5 permit 10.1.1.0/24
ip prefix-list my_pref_name seq 10 deny 0.0.0.0/0 le 32

This means:-
Check the first 0 bits of the prefix 0.0.0.0
The subnet mask must be less than or equal to 32
This equates to anything
Therfore you statements means deny evething else except the 1st line
of the prefix list.

If you use a default route in a prefix list you use the following::-

ip prefix-list LIST permit 0.0.0.0/0

The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.

This link may help

http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfbgp.html#wp1001470

Hope this helps

Regards

Alex

Regards, Alex. Please rate useful posts.

Vishesh Verma · ‎03-24-2014

Alex,

Prefix-lists also have an implicit deny.

How the System Filters Traffic by Prefix List

Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list. When there is a match, the route is used. More specifically, whether a prefix is permitted or denied is based upon the following rules:

•An empty prefix list permits all prefixes.

•An implicit deny is assumed if a given prefix does not match any entries of a prefix list.

•When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.

-Vishesh

acampbell · ‎03-24-2014

Vishesh,

+5

Thanks for correcting my mistake, I have removed the BAD statement ftom my post

Regards, Alex. Please rate useful posts.

DARYLE DIANIS · ‎03-25-2014

thanks everyone for a lively discussion.

milan.kulik · ‎03-25-2014

Hi,

IMHO, the sentence "When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen." is not correct.

It should be "The action (permit/deny) specified in the first matching entry is chosen."

The behaviour is similar to the access-list matching.

Here is an example from my lab:

Originally, my router was receiving:

c2811-R1#sh ip bgp
BGP table version is 49, local router ID is 200.1.1.1
...

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          192.168.11.5             0         32768 i
*> 10.200.238.0/24 0.0.0.0                  0         32768 i
*> 192.168.22.0     192.168.11.7             0             0 65098 i

I used

ip prefix-list test seq 15 deny 192.168.0.0/16 le 32
ip prefix-list test seq 20 permit 192.168.22.0/24 le 32

and applied it to filter the prefixes received from the 192.168.11.7 neighbor.

After that:

c2811-R1#sh ip bgp
...

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          192.168.11.5             0         32768 i
*> 10.200.238.0/24 0.0.0.0                  0         32768 i
c2811-R1#

I.e., the 192.168.22.0/24 prefix was denied by the first (matching) entry within the prefix list, not permitted by the second entry. Even while the second entry was the most specific match!

Best regards,

Milan