Re: sanitize prefix list

Andriy Sidko · ‎08-14-2018

Hi guys.

for example I have following prefix list:

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.16/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 30 permit 192.168.172.32/29

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32

if I'd like to merge rules 10,20,30 to one. is list bellow is right?

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/26 ge 28 le 29
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32

Thank you.

Georg Pauwen · ‎08-14-2018

Hello,

according to my calculation, you need this:

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/27
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.32/29

You don't need a deny at the end, it is implicit:

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32

paul driver · ‎08-14-2018

Hello

@Andriy Sidko wrote:

Hi guys.

for example I have following prefix list:

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.16/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 30 permit 192.168.172.32/29

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32

if I'd like to merge rules 10,20,30 to one. is list bellow is right?

ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/26 ge 28 le 29
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32

Thank you.

Yes it would incorporate your subnets also 192.168.172.0/28 le 29 would allow subnets in 192.168.172.x greater than 28 and less /equal than 29

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Andriy Sidko · ‎08-15-2018

why 192.168.172.0/28 le 29 but not 192.168.172.0/26 ge 28 le 29

next closest subnet covers all three:

192.168.172.0/28
192.168.172.16/28
192.168.172.32/29

is 192.168.172.0/26 Why why 192.168.172.0/28 le 29 is better?

Thank you.

sivam siva · ‎08-16-2018

No , In your prefix-list "/28,/29" tells to match only prefixes ,not a subnet mask. when we write prefix-list with "le,ge" that will impact to match subnet mask, so in this prefix-list (10,20,30) nothing to match subnet mask, as georg told we can write this in two line ,listed below.

seq 10 permit 192.168.172.0/27 (this will allow prefix from 172.0 - 172.31)

seq 20 permit 192.168.172.32/29 (this will allow prefix from 172.32 - 172.39).