08-18-2019 08:38 AM - edited 08-18-2019 08:57 AM
Hi all,
Quick question about prefix lists. I'm peering with a partner and injecting a route map IN (BGP), which restricts the prefixes advertised to us, but a quick question, because I'm trying to save the amount of config to be written up. The partner is advertising a lot of /23 and /24s.
Example: Let's say the partner is advertising 192.168.206.0/23 and 192.168.207.0/24 as two separate prefixes. To save 2 entries for both prefixes, I thought of writing up a config in this manner:
ip prefix-list CISCO seq 5 permit 192.168.206.0/23 le 24.
My understand is that this will allow both the 192.168.206.0/23 and 192.168.207.0/24.
Does this look correct?
Thanks
Solved! Go to Solution.
08-19-2019 03:35 AM
Hello kramer977,
yes the partner is doing some traffic engineering using more specific routes for this.
>>
I have a question out of curiosity. If I remove the le 24, for eg: ip prefix-list CISCO seq 5 permit 192.168.206.0/23,
would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?
Yes it should allow only 192.168.206.0/23 and not the more specific prefixes.
when no operator like le or ge is present the prefix-list looks for an exact match with the prefix.
Hope to help
Giuseppe
08-18-2019 09:22 AM
Hello,
ip prefix-list CISCO seq 5 permit 192.168.206.0/23 le 24.
would indeed filter both routes, however, in your specific case:
ip prefix-list CISCO seq 5 permit 192.168.206.0/23
would be sufficient, since 192.168.207.0/24 overlaps with 192.168.206.0/23.
08-18-2019 09:33 AM - edited 08-18-2019 09:34 AM
Hi Georg,
Thanks for the reply.
In my case though, 2 separate prefixes will be advertised: 192.168.206.0/23 and 192.168.207.0/24. When dealing with ip prefix lists, if you don't specify le or ge, doesn't the exact prefix match? If it was an access list, I see the /23 covering /24 and allowing, but I thought the prefix lists work a little different and match exact, without the le/ge defined. Wouldn't that be the purpose of introducing the le/ge variables?
So in my case, if I were to configure "ip prefix-list CISCO seq 5 permit 192.168.206.0/23", wouldn't the advertised prefix of 192.168.207.0/24 be blocked?
08-18-2019 10:11 AM
Hello,
I tested this n GNS3.
ip prefix-list CISCO seq 5 permit 192.168.206.0/23
filters both the 23 and the 24 route. I guess if you don't specify an 'le' it will block everything above /23.
08-18-2019 10:23 AM
Hi,
Do you mean it filtered 192.168.206.0/23 and 192.168.206.0/24, but not the 192.168.207.0/24?
So in my case it's true, we require the le 24.
Thanks
08-18-2019 10:29 AM
Hello,
you don't require the 'le 24'. Below are the configs I used, both routes are being blocked:
R1
router bgp 1
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 1
neighbor 192.168.1.2 route-map DENY in
!
ip prefix-list CISCO seq 5 deny 192.168.206.0/23
!
route-map DENY permit 10
match ip address prefix-list CISCO
R2
router bgp 1
bgp log-neighbor-changes
network 192.168.206.0 mask 255.255.254.0
network 192.168.207.0
neighbor 192.168.1.1 remote-as 1
!
ip route 192.168.206.0 255.255.254.0 Null0
ip route 192.168.207.0 255.255.255.0 Null0
08-19-2019 02:11 AM - edited 08-19-2019 02:22 AM
Hello Georg,
your configuration is using a route-map with deny action and then invokes a prefix-list with deny statement.
In my opinion both prefixes are blocked by the implicit deny any action of the route-map
Try to add the following
route-map DENY permit 20
and you will see both routes accepted.
I agree with original poster if you want to have a prefix-list matching both 192.168.206.0/23 and 1+92.168.207.0/24 I would use the following syntax
ip prefix-list CISCO permit 192.168.206.0/23 le 24.
For the original poster:
the partner is sending to you both /23 and /24 with purpose of allowing you to use the most specific route
Filtering the routes the partner is sending to you may not be a wise decision.
Edit:
for the original poster
After reading again your first post in the thread I now understand you are just trying to save lines on the prefix-list used in the route-map not to filter received routes to minimize number of received prefixes (like denying /24 if /23 exists)
Hope to help
Giuseppe
08-19-2019 03:28 AM
Hi Giuseppe,
Yes, it's been requested that I accept both prefixes, but both prefixes will not be advertised to us at the same time. They have redundancy and fail over with in their network which will automatically control what advertisements are advertised to us, in the event of an outage. This is why they requested that both specific prefixes are allowed on our end.
I have a question out of curiosity. If I remove the le 24, for eg: ip prefix-list CISCO seq 5 permit 192.168.206.0/23,
would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?
Thanks
08-19-2019 03:35 AM
Hello kramer977,
yes the partner is doing some traffic engineering using more specific routes for this.
>>
I have a question out of curiosity. If I remove the le 24, for eg: ip prefix-list CISCO seq 5 permit 192.168.206.0/23,
would this prefix list statement ONLY accept 192.168.206.0/23, and essentially deny any of these prefixes: 192.168.206.0/24 + 192.168.207.0/24?
Yes it should allow only 192.168.206.0/23 and not the more specific prefixes.
when no operator like le or ge is present the prefix-list looks for an exact match with the prefix.
Hope to help
Giuseppe
08-19-2019 04:09 AM - edited 08-19-2019 04:09 AM
Exactly as I thought. Much appreciated, thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide