Hi every body
i have few questions;
please consider the following:
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
Here is my understanding which I want to confirm.
the prefix 20.0.0.0 prefix match because of the part ( permit 20.0.0.0/16) in above prefix list.
the prefix 20.0.128.0 does not match the prefix list because of the part( 20.0.0.0/16 le 17) in above prefix list which says first 17 bits must match.
The following prefixes match the above prefix list.
20.0.1.0
20.0.2.0
continue
20.0.127.255.
Is my understanding correct ?
thanks and have a great weekend.
Solved! Go to Solution.
Hi Sarah,
Nice to meet you again. How are you, how are things going?
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:
Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.
In general, a prefix list of the form
ip prefix-list NAME permit|deny A.B.C.D/N ge L le U
matches all prefixes of the form P/M that meet the two following criteria:
If the ge L argument is not used then the conditions are:
If the le U argument is not used then the condition are:
If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.
This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you
Best regards,
Peter
Hello Reza,
I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:
Best regards,
Peter
Hello Peter,
Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
if it is, then you are correct and I apologize to Sarah for misinforming her.
This line says:
In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:
Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24
Ok, this is clear it is mask,8,9,10 all the way to 24.
Thanks,
Reza
Hi Reza,
Reading the description from the command reference guide (above). it states "mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.
By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.
Best regards,
Peter
Hi Sarah,
Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.
Best regards,
Peter
Hi Sarah,
Nice to meet you again. How are you, how are things going?
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:
Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.
In general, a prefix list of the form
ip prefix-list NAME permit|deny A.B.C.D/N ge L le U
matches all prefixes of the form P/M that meet the two following criteria:
If the ge L argument is not used then the conditions are:
If the le U argument is not used then the condition are:
If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.
This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you
Best regards,
Peter
Hi Peter
Please consider the following example
ip prefix-list zee seq 5 permit 20.0.0.0/16 ge 20.
Let say we have a prefix 20.0.8.0/24
20.0.8.0/16= 20.0.0.0 ( first condition met)
Mask = 24, ge 20 which means =>20,
Second condition met as well.
Thus, prefix 20.0.8.0/24 will be matched by above prefix list
Is my understanding correct?
second example;
we have a prefix 20.0.240.0/20
20.0.240.0/16= 20.0.0.0 9 First condition is met)
mask=20, ge which means >= 20,
second condition is also met
Thus prefix 20.0.240.0/20 will be matched by above prefix list.
Is my understanding correct ?
thanks for your help Peter.
Hey @Peter Paluch - just wanted to let you know this helped clear up an issue I was solving this week. And also - it was nice meeting you at Live last week!
Hi Sara,
You are right. This prefix does not include /16 mask. It is /17 or lees, so in this case it is /17.
here is the command reference guide explanation
In the following example, a prefix list configured to deny the default route 0.0.0.0/0:
Router(config)# ip prefix-list RED deny 0.0.0.0/0
In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:
Router(config)# ip prefix-list BLUE permit 172.16.1.0/24
In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:
Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1112138
HTH
Hello Reza,
I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:
Best regards,
Peter
Hello Peter,
Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
if it is, then you are correct and I apologize to Sarah for misinforming her.
This line says:
In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:
Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24
Ok, this is clear it is mask,8,9,10 all the way to 24.
Thanks,
Reza
Hi Reza,
Reading the description from the command reference guide (above). it states "mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.
By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.
Best regards,
Peter
Thanks Peter and Reza.
I am going to spend hours to digest your responses. I will come back wiith questions when i finish.
I am back. Since I am very slow learner( Most of you already knew it by now :-) , therefore I will be posting one problem at a time.
Let start with :
ip prefix-list welcome seq 5 deny 20.0.0.0/16 le 20
Can I find the possible range of prefixes matched by the above list as:
20.0.0.0/16= 20.0.x.x ( which is the first prefix in our range)
The last prefix that can be matched by the above list :
20.0.240.x
where x is any number between 1 to 255 ?
Correct,
Ok, so this prefix would cover 16, 17, 18, 19 and 20 with the last one being 255.255.240.0 which is=/20
Please consider the following example.
ip prefix-list zee seq 5 permit 20.0.0.0/16 le 17
So the last prefix will be 20.0.128.0/17
let say we have prefix 20.0.128.0/24
So , If i use the conditions mentioned by Peter:
First condition is met, ( 20.0.128.0/16= 20.0.0.0)
second condition is not met as length of mask is 24 while the maximu length as defined by le17 is 17
Is my concept correct ?
Thanks
Hi Sarah,
Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.
Best regards,
Peter
Thanks Peter ; I am doing great; How have you been ?