Solved: ip prefix-list xxxx permit 10.100.0.0/16 ge 17

raghav.rai · ‎12-24-2023

Hello,

I just wanted to confirm below prefix-list will not advertise 10.100.0.0/16 but will advertise all smaller subnets with mask greater than 16.

ip prefix-list xxxx permit 10.100.0.0/16 ge 17

Tks,

Raghavendra

Harold Ritter · ‎12-25-2023

Hi @raghav.rai ,

The "sh bgp ipv4 uni" lists all of the BGP prefixes. The

sh bgp ipv4 uni prefix-list xxxx

lists all prefixes permitted by the prefix-list xxxx.

The only prefix not present in the output of the second command is "10.100.0.0/16" validating that this prefix is not permitted by the prefix-list.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

M02@rt37 · ‎12-24-2023

Hello @raghav.rai

The prefix list ip prefix-list xxxx permit 10.100.0.0/16 ge 17 will indeed permit the /16 subnet along with all smaller subnets with a prefix length greater than or equal to 17. So, it includes the /16 subnet, not excluding it.

If you want to exclude the /16 subnet and permit only smaller subnets, you should use the lt operator.

ip prefix-list xxxx permit 10.100.0.0/16 lt 16

This will permit all subnets with a prefix length less than or equal to 16, excluding the /16 subnet itself.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Harold Ritter · ‎12-24-2023

Hi M02@rt37 ,

> The prefix list ip prefix-list xxxx permit 10.100.0.0/16 ge 17 will indeed permit the /16 subnet

> along with all smaller subnets with a prefix length greater than or equal to 17.

10.100.0.0/16 would definitely be rejected by the prefix list. Only prefixes with a prefix length of 17 or longer would be permitted.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

M02@rt37 · ‎12-24-2023

Thanks for that clarification @Harold Ritter

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Harold Ritter · ‎12-24-2023

Hi @raghav.rai ,

If you have for example 10.100.0.0/16, 10.100.0.0/17 and 10.100.128.0/17, only the last 2 prefixes would be permitted through the prefix list.

The first prefix would be rejected because the prefix-list condition is for prefixes to have a prefix length of 17 or greater, which is not met by the first prefix.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

raghav.rai · ‎12-25-2023

I think this is the answer - however, I would like to test it once. Do you have an option to test this?

Harold Ritter · ‎12-25-2023

Hi @raghav.rai ,

Here's a quick test that shows the outcome of the prefix-list.

R1#sh runn | sec prefix
ip prefix-list xxxx seq 5 permit 10.100.0.0/16 ge 17

R1#sh bgp ipv4 uni
BGP table version is 28, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
x best-external, a additional-path, c RIB-compressed, 
t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.100.0.0/17 0.0.0.0 0 32768 i
*> 10.100.0.0/16 0.0.0.0 0 32768 i
*> 10.100.128.0/17 0.0.0.0 0 32768 i

R1#sh bgp ipv4 uni prefix-list xxxx
BGP table version is 28, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
x best-external, a additional-path, c RIB-compressed, 
t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.100.0.0/17 0.0.0.0 0 32768 i
*> 10.100.128.0/17 0.0.0.0 0 32768 i

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

raghav.rai · ‎12-25-2023

Thanks a lot Harold!

sorry could not decode your show outputs. Is it blocking 10.100.0.0/16 ?

Harold Ritter · ‎12-25-2023

Hi @raghav.rai ,

The "sh bgp ipv4 uni" lists all of the BGP prefixes. The

sh bgp ipv4 uni prefix-list xxxx

lists all prefixes permitted by the prefix-list xxxx.

The only prefix not present in the output of the second command is "10.100.0.0/16" validating that this prefix is not permitted by the prefix-list.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

raghav.rai · ‎12-25-2023

Thanks a lot!

Harold Ritter · ‎12-25-2023

You are very welcome @raghav.rai and thanks for the feedback

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México