05-02-2010 09:16 AM - edited 03-04-2019 08:20 AM
Hi all,
I'm hoping you might be able to assist me; in repsect to BGP, what is the difference between distribute and prefix lists and when would you use one over the other?
Thanks!
Solved! Go to Solution.
05-02-2010 10:43 AM
Hello Lrm001c474,
both distribute-list and prefix-list allows to filter routes received or advertised to a specific neighbor using as criteria a list of IP prefixes.
Distribute-list invokes general purpose IP ACLs, either standard or extended.
What is difficult with IP access-lists to implement a criteria like:
of this big address block accepts prefixes with some specific mask lenghts
This was done by using IP extended ACLs in a peculiar way to attempt to verify mask range.
IP prefix-lists are specific of route filtering, they have been introduced in IOS 12.0 and allows to implement in an efficient and much more readable manner criteria like the above.
all prefixes with length between /24 and /18 from 150.200.0.0/16
becomes:
ip prefix-list example seq 5 permit 150.200.0.0/16 le 18 ge 24
to write something similar with an extended ACL:
" source part" refers to the base network address 150.200.0.0
mask can be between 255.255.192.0 and 255.255.255.0 and this is the "destination part"
255.255.192.0 0.0.63.0
so the line should be:
access-list 111 permit ip host 150.200.0.0 255.255.192.0 0.0.63.0
that is really tricky to read.
Prefix-lists are also more efficient for the way they are implemented
So, the recommendation is to prefer prefix-lists over standard IP ACLs for BGP route filtering.
Also I prefer to put all matching criteria inside a route-map in order to be able to add other possible criteria like AS path access-lists without having to deal with the match order of different types of route filters (filter-list, distribute-list/prefix-list, route-map).
Again, in order to make configuration more readable.
Hope to help
Giuseppe
05-02-2010 10:43 AM
Hello Lrm001c474,
both distribute-list and prefix-list allows to filter routes received or advertised to a specific neighbor using as criteria a list of IP prefixes.
Distribute-list invokes general purpose IP ACLs, either standard or extended.
What is difficult with IP access-lists to implement a criteria like:
of this big address block accepts prefixes with some specific mask lenghts
This was done by using IP extended ACLs in a peculiar way to attempt to verify mask range.
IP prefix-lists are specific of route filtering, they have been introduced in IOS 12.0 and allows to implement in an efficient and much more readable manner criteria like the above.
all prefixes with length between /24 and /18 from 150.200.0.0/16
becomes:
ip prefix-list example seq 5 permit 150.200.0.0/16 le 18 ge 24
to write something similar with an extended ACL:
" source part" refers to the base network address 150.200.0.0
mask can be between 255.255.192.0 and 255.255.255.0 and this is the "destination part"
255.255.192.0 0.0.63.0
so the line should be:
access-list 111 permit ip host 150.200.0.0 255.255.192.0 0.0.63.0
that is really tricky to read.
Prefix-lists are also more efficient for the way they are implemented
So, the recommendation is to prefer prefix-lists over standard IP ACLs for BGP route filtering.
Also I prefer to put all matching criteria inside a route-map in order to be able to add other possible criteria like AS path access-lists without having to deal with the match order of different types of route filters (filter-list, distribute-list/prefix-list, route-map).
Again, in order to make configuration more readable.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide