Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3742
Views
5
Helpful
3
Replies

Understanding prefix-lists

Go to solution
mjohnson3150
Level 1
Level 1

‎11-02-2017 10:51 AM - edited ‎03-05-2019 09:25 AM

Hello,

 

I am new to prefix-lists and I'm trying to understand them better. I have been using the CCNP Routing and Switching ROUTE 300-101 Cisco Press book to aid in my understanding and I'm having trouble following one of the examples about prefix-lists and wanted to see if anyone could shed some light on it for me.

 

One of the goals in the example is to filter routes that begin with 10.17.35 and 10.17.36 from a larger range of 10.17.32.0-10.17.63.255. Per the example this is accomplished with the following two lines:

 

ip prefix-list fred seq 5 deny 10.17.35.0/24 ge 25 le 25

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26

 

The explanation given is that the first line (sequence number 5) matches 10.17.35.0 /25 and 10.17.35.128 /25. I understand this because it would include the IP range of 10.17.35.0-10.17.35.255. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:

 

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25

 

Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎11-02-2017 02:02 PM - edited ‎11-02-2017 02:29 PM

Hello

 

@mjohnson3150 wrote:. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:

 

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25

 

Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.

 

It all stems from subnetting the host bits -

 

1 bit = 128
2 bit = 64
3 bit = 32
4 bit = 16
5 bit = 8
6 bit = 4
7 bit = 2
8 bit = 1

So a /24 would be = 255.255.255.0  = Host 0 bit
/25 = 255.255.255.128 = 1    -- 24+1 = 25  or 128
/26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
/27 = 255.255.255.224 = 3    -- 24+3 = 27 or   128+64+32 =224
/28 = 255.255.255.240 = 4    -- 24+4 = 28  or  128+64+32+16 =240
/29 = 255.255.255.248 = 5    -- 24+5 = 29 or   128+64 +224+16+8 = 248
/30 = 255.255.255.252 = 6    -- 24+6 = 30 or   128+64 +224+16+8+4 = 252
/31 = 255.255.255.254 = 7    -- 24+7 = 31 or   128+64 +224+16+8+4+2 = 254


Now if you applied the above logic to prefix-lists it would produce the results you have below:
.
10.17.36.0 /26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
255-192 =63 -  so ip range would be 10.17.36.0 -10.17.36 63

10.17.36.64 /26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
255-192 =63 -  so ip range would be 10.17.36.64 -10.17.36 127

etc....

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26
This statement is saying allows any subnets in 10.17.36.0 greater than 26 and less /equal than 26 meaning ONLY /26

So this will include-
10.17.36.0 /26
10.17.36.64 /26
10.17.36.128 /26
10.17.36.192 /26

Lastly ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25 -  would not work as it trying to match less/equal to a /25 and the above subnets dont fall into that range however if the le stated /26 then it would work but it would also  include any /25 subnets because of ge 25 if you were to be using them instead of 4 x /26 subnets

Because the /24subnet can be split like so:
                                               10.17.36.0
                  10.17.36.0/25                        10.17.36.128/25
10.17.36.0/26  10.17.36.64/26         10.17.36.128/26  10.17.36.192/26  

                etc                                               etc

 

So the above prefix-list would capture and deny all highlighted and it may not be something you would be wanting to do.

Hope this helps

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

3 Replies 3

Go to solution
paul driver
VIP
VIP

‎11-02-2017 02:02 PM - edited ‎11-02-2017 02:29 PM

Hello

 

@mjohnson3150 wrote:. However, the explanation for the 2nd line (sequence number 10) is confusing to me: "Similarly, the second statement matches routes 10.17.36.0 /26 and 10.17.36.64 /26." So wouldn't this only cover the IP range of 10.17.36.0-10.17.36.127? What about the range 10.17.36.128-10.17.36.255? And why would this 2nd line use 26 as the prefix length and not use the following which is similar to the first line?:

 

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25

 

Perhaps I am missing something fundamental either with prefix-lists or with IP subnetting in general. I would appreciate any feedback or suggestions for better understanding this. Thank you.

 

It all stems from subnetting the host bits -

 

1 bit = 128
2 bit = 64
3 bit = 32
4 bit = 16
5 bit = 8
6 bit = 4
7 bit = 2
8 bit = 1

So a /24 would be = 255.255.255.0  = Host 0 bit
/25 = 255.255.255.128 = 1    -- 24+1 = 25  or 128
/26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
/27 = 255.255.255.224 = 3    -- 24+3 = 27 or   128+64+32 =224
/28 = 255.255.255.240 = 4    -- 24+4 = 28  or  128+64+32+16 =240
/29 = 255.255.255.248 = 5    -- 24+5 = 29 or   128+64 +224+16+8 = 248
/30 = 255.255.255.252 = 6    -- 24+6 = 30 or   128+64 +224+16+8+4 = 252
/31 = 255.255.255.254 = 7    -- 24+7 = 31 or   128+64 +224+16+8+4+2 = 254


Now if you applied the above logic to prefix-lists it would produce the results you have below:
.
10.17.36.0 /26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
255-192 =63 -  so ip range would be 10.17.36.0 -10.17.36 63

10.17.36.64 /26 = 255.255.255.192 = 2    -- 24+2 = 26 or   128+64 =192
255-192 =63 -  so ip range would be 10.17.36.64 -10.17.36 127

etc....

ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 26 le 26
This statement is saying allows any subnets in 10.17.36.0 greater than 26 and less /equal than 26 meaning ONLY /26

So this will include-
10.17.36.0 /26
10.17.36.64 /26
10.17.36.128 /26
10.17.36.192 /26

Lastly ip prefix-list fred seq 10 deny 10.17.36.0/24 ge 25 le 25 -  would not work as it trying to match less/equal to a /25 and the above subnets dont fall into that range however if the le stated /26 then it would work but it would also  include any /25 subnets because of ge 25 if you were to be using them instead of 4 x /26 subnets

Because the /24subnet can be split like so:
                                               10.17.36.0
                  10.17.36.0/25                        10.17.36.128/25
10.17.36.0/26  10.17.36.64/26         10.17.36.128/26  10.17.36.192/26  

                etc                                               etc

 

So the above prefix-list would capture and deny all highlighted and it may not be something you would be wanting to do.

Hope this helps

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
mjohnson3150
Level 1
Level 1
In response to paul driver

‎11-02-2017 02:36 PM

Thanks for all of that detail. I think the book was in error then for not including the 10.17.36.128/26 and the 10.17.36.192/26 networks. I guess the only thing I am still confused about is why does the first line of the prefix-list work for 10.17.35 using the "ge 25 le 25" but NOT work for 10.17.36 using "ge 25 le 25"?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to mjohnson3150

‎11-03-2017 02:37 AM

Hello

"The explanation given is that the first line (sequence number 5) matches 10.17.35.0 /25 and 10.17.35.128 /25. I understand this because it would include the IP range of 10.17.35.0-10.17.35.255."

It would capture the whole subnet 10.17.35.0-10.17.35.255. ONLY because the below subnets match that prefix-list, if it was just 10.17.35.0/24 it wouldn't match
10.17.35.0/25
10.17.35.128/25

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card