Solved: BGP Prefix-list

shawkatalvi · ‎02-17-2009

Hi Guys,

Can someone point me a good tutorial for Prefix-list? After reading couple of doc it's not very clear!

I have a prefix-list as follows:

ip prefix-list routes_in seq 10 permit 172.24.0.0/16 ge 22

ip prefix-list routes_in seq 15 permit 192.168.0.0/16 ge 24

ip prefix-list routes_in seq 20 permit 192.2.0.0/16 ge 24

ip prefix-list routes_in seq 25 permit 192.3.0.0/16 ge 24

ip prefix-list routes_in seq 30 permit 10.80.0.0/16 ge 24

ip prefix-list routes_in seq 35 permit 10.90.0.0/16 ge 24

ip prefix-list routes_in seq 40 permit 10.100.0.0/16 ge 24

ip prefix-list routes_in seq 45 permit 10.120.0.0/16 ge 24

ip prefix-list routes_in seq 50 permit 10.222.0.0/16 ge 24

ip prefix-list routes_in seq 55 permit 10.223.0.0/16 ge 24

ip prefix-list routes_in seq 60 permit 10.227.0.0/16 ge 24

ip prefix-list routes_in seq 65 permit 10.228.0.0/16 ge 24

ip prefix-list routes_in seq 70 permit 10.229.0.0/16 ge 24

!

ip prefix-list routes_out seq 75 permit 172.20.0.0/16 ge 22

ip prefix-list routes_out seq 80 permit 176.20.0.0/16 ge 22

ip prefix-list routes_out seq 85 permit 192.168.0.0/16 ge 24

ip prefix-list routes_out seq 90 permit 172.24.23.0/24

I need to block 192.168.40.0/24 in the outbound, how do I do this? as 192.168.0.0/16 ge 24 already in place??

Thanks.

Istvan_Rabai · ‎02-17-2009

Hi Shawkat,

You need to insert into the prefix-list the following line:

ip prefix-list routes_out seq 83 deny 192.168.40.0/24

So the whole route_out prefix-list will look like this:

ip prefix-list routes_out seq 75 permit 172.20.0.0/16 ge 22

ip prefix-list routes_out seq 80 permit 176.20.0.0/16 ge 22

ip prefix-list routes_out seq 83 deny 192.168.40.0/24

ip prefix-list routes_out seq 85 permit 192.168.0.0/16 ge 24

ip prefix-list routes_out seq 90 permit 172.24.23.0/24

Prefix-lists are evaluated in the order of the given sequence numbers.

ip prefix-list routes_out seq 83 deny 192.168.40.0/24 states a more specific prefix than ip prefix-list routes_out seq 85 permit 192.168.0.0/16 ge 24.

Therefore line 83 must have a lower sequence number to block 192.168.40.0/24, before line 85 permits 192.168.0.0/16 ge 24 (which embraces 192.168.40.0/24 as well).

For more info, see this thread on my explanation on how prefix-lists work.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cc30111/2#selected_message

Cheers:

Istvan

View solution in original post

Istvan_Rabai · ‎02-17-2009

Hi Shawkat,

You need to insert into the prefix-list the following line:

ip prefix-list routes_out seq 83 deny 192.168.40.0/24

So the whole route_out prefix-list will look like this:

ip prefix-list routes_out seq 75 permit 172.20.0.0/16 ge 22

ip prefix-list routes_out seq 80 permit 176.20.0.0/16 ge 22

ip prefix-list routes_out seq 83 deny 192.168.40.0/24

ip prefix-list routes_out seq 85 permit 192.168.0.0/16 ge 24

ip prefix-list routes_out seq 90 permit 172.24.23.0/24

Prefix-lists are evaluated in the order of the given sequence numbers.

ip prefix-list routes_out seq 83 deny 192.168.40.0/24 states a more specific prefix than ip prefix-list routes_out seq 85 permit 192.168.0.0/16 ge 24.

Therefore line 83 must have a lower sequence number to block 192.168.40.0/24, before line 85 permits 192.168.0.0/16 ge 24 (which embraces 192.168.40.0/24 as well).

For more info, see this thread on my explanation on how prefix-lists work.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cc30111/2#selected_message

Cheers:

Istvan

shawkatalvi · ‎02-18-2009

Thanks a lot Istvan. Very good explanation. This one worked perfect.

cheers.

Istvan_Rabai · ‎02-18-2009

You're welcome Shawkat,

It's good to hear that I was helpful.

Istvan