11-02-2017 10:51 AM - edited 03-05-2019 09:25 AM
Hello,
I am new to prefix-lists and I'm trying to understand them better. I have been using the CCNP Routing and Switching ROUTE 300-101 Cisco Press book to aid in my understanding and I'm having trouble following one of the examples about prefix-lists and wanted to see if anyone could shed some light on it for me.
One of the goals in the example is to filter routes that begin with 10.17.35 and 10.17.36 from a larger range of 10.17.32.0-10.17.63.255. Per the example this is accomplished with the following two lines:
ip prefix-list fred seq 5 deny 10.17.35.0/24 ge 25 le 25
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26
The explanation given is that the first line (sequence number 5) matches 10.17.35.0 /25 and 10.17.35.128 /25. I understand this because it would include the IP range of 10.17.35.0-10.17.35.255. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25
Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.
Solved! Go to Solution.
11-02-2017 02:02 PM - edited 11-02-2017 02:29 PM
Hello
@mjohnson3150 wrote:. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25
Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.
It all stems from subnetting the host bits -
1 bit = 128
2 bit = 64
3 bit = 32
4 bit = 16
5 bit = 8
6 bit = 4
7 bit = 2
8 bit = 1
So a /24 would be = 255.255.255.0 = Host 0 bit
/25 = 255.255.255.128 = 1 -- 24+1 = 25 or 128
/26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
/27 = 255.255.255.224 = 3 -- 24+3 = 27 or 128+64+32 =224
/28 = 255.255.255.240 = 4 -- 24+4 = 28 or 128+64+32+16 =240
/29 = 255.255.255.248 = 5 -- 24+5 = 29 or 128+64 +224+16+8 = 248
/30 = 255.255.255.252 = 6 -- 24+6 = 30 or 128+64 +224+16+8+4 = 252
/31 = 255.255.255.254 = 7 -- 24+7 = 31 or 128+64 +224+16+8+4+2 = 254
Now if you applied the above logic to prefix-lists it would produce the results you have below:
.
10.17.36.0 /26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
255-192 =63 - so ip range would be 10.17.36.0 -10.17.36 63
10.17.36.64 /26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
255-192 =63 - so ip range would be 10.17.36.64 -10.17.36 127
etc....
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26
This statement is saying allows any subnets in 10.17.36.0 greater than 26 and less /equal than 26 meaning ONLY /26
So this will include-
10.17.36.0 /26
10.17.36.64 /26
10.17.36.128 /26
10.17.36.192 /26
Lastly ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25 - would not work as it trying to match less/equal to a /25 and the above subnets dont fall into that range however if the le stated /26 then it would work but it would also include any /25 subnets because of ge 25 if you were to be using them instead of 4 x /26 subnets
Because the /24subnet can be split like so:
10.17.36.0
10.17.36.0/25 10.17.36.128/2510.17.36.0/26 10.17.36.64/26 10.17.36.128/26 10.17.36.192/26
etc etc
So the above prefix-list would capture and deny all highlighted and it may not be something you would be wanting to do.
Hope this helps
res
Paul
11-02-2017 02:02 PM - edited 11-02-2017 02:29 PM
Hello
@mjohnson3150 wrote:. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25
Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.
It all stems from subnetting the host bits -
1 bit = 128
2 bit = 64
3 bit = 32
4 bit = 16
5 bit = 8
6 bit = 4
7 bit = 2
8 bit = 1
So a /24 would be = 255.255.255.0 = Host 0 bit
/25 = 255.255.255.128 = 1 -- 24+1 = 25 or 128
/26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
/27 = 255.255.255.224 = 3 -- 24+3 = 27 or 128+64+32 =224
/28 = 255.255.255.240 = 4 -- 24+4 = 28 or 128+64+32+16 =240
/29 = 255.255.255.248 = 5 -- 24+5 = 29 or 128+64 +224+16+8 = 248
/30 = 255.255.255.252 = 6 -- 24+6 = 30 or 128+64 +224+16+8+4 = 252
/31 = 255.255.255.254 = 7 -- 24+7 = 31 or 128+64 +224+16+8+4+2 = 254
Now if you applied the above logic to prefix-lists it would produce the results you have below:
.
10.17.36.0 /26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
255-192 =63 - so ip range would be 10.17.36.0 -10.17.36 63
10.17.36.64 /26 = 255.255.255.192 = 2 -- 24+2 = 26 or 128+64 =192
255-192 =63 - so ip range would be 10.17.36.64 -10.17.36 127
etc....
ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26
This statement is saying allows any subnets in 10.17.36.0 greater than 26 and less /equal than 26 meaning ONLY /26
So this will include-
10.17.36.0 /26
10.17.36.64 /26
10.17.36.128 /26
10.17.36.192 /26
Lastly ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25 - would not work as it trying to match less/equal to a /25 and the above subnets dont fall into that range however if the le stated /26 then it would work but it would also include any /25 subnets because of ge 25 if you were to be using them instead of 4 x /26 subnets
Because the /24subnet can be split like so:
10.17.36.0
10.17.36.0/25 10.17.36.128/2510.17.36.0/26 10.17.36.64/26 10.17.36.128/26 10.17.36.192/26
etc etc
So the above prefix-list would capture and deny all highlighted and it may not be something you would be wanting to do.
Hope this helps
res
Paul
11-02-2017 02:36 PM
Thanks for all of that detail. I think the book was in error then for not including the 10.17.36.128/26 and the 10.17.36.192/26 networks. I guess the only thing I am still confused about is why does the first line of the prefix-list work for 10.17.35 using the "ge 25 le 25" but NOT work for 10.17.36 using "ge 25 le 25"?
11-03-2017 02:37 AM
Hello
"The explanation given is that the first line (sequence number 5) matches 10.17.35.0 /25 and 10.17.35.128 /25. I understand this because it would include the IP range of 10.17.35.0-10.17.35.255."
It would capture the whole subnet 10.17.35.0-10.17.35.255. ONLY because the below subnets match that prefix-list, if it was just 10.17.35.0/24 it wouldn't match
10.17.35.0/25
10.17.35.128/25
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide