Hi Georg,

Thanks for the reply.

In my case though, 2 separate prefixes will be advertised: 192.168.206.0/23 and 192.168.207.0/24.  When dealing with ip prefix lists, if you don't specify le or ge, doesn't the exact prefix match? If it was an access list, I see the /23 covering /24 and allowing, but I thought the prefix lists work a little different and match exact, without the le/ge defined. Wouldn't that be the purpose of introducing the le/ge variables?

So in my case, if I were to configure "ip prefix-list CISCO seq 5 permit 192.168.206.0/23", wouldn't the advertised prefix of 192.168.207.0/24 be blocked?

Hello,

I tested this n GNS3.

ip prefix-list CISCO seq 5 permit 192.168.206.0/23

filters both the 23 and the 24 route. I guess if you don't specify an 'le' it will block everything above /23.

Hi,

Do you mean it filtered 192.168.206.0/23 and 192.168.206.0/24, but not the 192.168.207.0/24?

So in my case it's true, we require the le 24.

Thanks

Hello,

you don't require the 'le 24'. Below are the configs I used, both routes are being blocked:

R1

router bgp 1
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 1
neighbor 192.168.1.2 route-map DENY in
!
ip prefix-list CISCO seq 5 deny 192.168.206.0/23
!
route-map DENY permit 10
match ip address prefix-list CISCO

R2

router bgp 1
bgp log-neighbor-changes
network 192.168.206.0 mask 255.255.254.0
network 192.168.207.0
neighbor 192.168.1.1 remote-as 1
!
ip route 192.168.206.0 255.255.254.0 Null0
ip route 192.168.207.0 255.255.255.0 Null0

Hello Georg,

your configuration is using a route-map with deny action and then invokes a prefix-list with deny statement.

In my opinion both prefixes are blocked by the implicit deny any action of the route-map

Try to add the following

route-map DENY permit 20

and you will see both routes accepted.

I agree with original poster if you want to have a prefix-list matching both 192.168.206.0/23 and 1+92.168.207.0/24 I would use the following syntax

ip prefix-list CISCO permit 192.168.206.0/23 le 24.

For the original poster:

the partner is sending to you both /23 and /24 with purpose of allowing you to use the most specific route

Filtering the routes the partner is sending to you may not be a wise decision.

Edit:

for the original poster

After reading again your first post in the thread I now understand you are just trying to save lines on the prefix-list used in the route-map  not to filter received routes to minimize number of received prefixes (like denying /24 if /23 exists)

Hope to help

Giuseppe

Hi Giuseppe,

Yes, it's been requested that I accept both prefixes, but both prefixes will not be advertised to us at the same time.  They have redundancy and fail over with in their network which will automatically control what advertisements are advertised to us, in the event of an outage.  This is why they requested that both specific prefixes are allowed on our end.

I have a question out of curiosity.  If I remove the le 24, for eg:  ip prefix-list CISCO seq 5 permit 192.168.206.0/23,

would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?

Thanks

Exactly as I thought.  Much appreciated, thank you.