Solved: ip prefix list with le/ge options

sarahr202 · ‎11-06-2011

Hi every body

i have few questions;

please consider the following:

ip prefix-list just seq permit 20.0.0.0/16 le 17

1) Will 20.0.128.0 prefix match the list?

Here is my understanding which I want to confirm.

the prefix 20.0.0.0 prefix match because of the part ( permit 20.0.0.0/16) in above prefix list.

the prefix 20.0.128.0 does not match the prefix list because of the part( 20.0.0.0/16 le 17) in above prefix list which says first 17 bits must match.

The following prefixes match the above prefix list.

20.0.1.0

20.0.2.0

continue

20.0.127.255.

Is my understanding correct ?

thanks and have a great weekend.

Peter Paluch · ‎11-06-2011

Hi Sarah,

Nice to meet you again. How are you, how are things going?

ip prefix-list just seq permit 20.0.0.0/16 le 17

1) Will 20.0.128.0 prefix match the list?

This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:

P & /16 == 20.0.0.0
/16 <= M <= /17

Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.

In general, a prefix list of the form

ip prefix-list NAME permit|deny A.B.C.D/N ge L le U

matches all prefixes of the form P/M that meet the two following criteria:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
L <= M <= U (the mask of the prefix must be between L and U)

If the ge L argument is not used then the conditions are:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
N <= M <= U (the mask of the prefix must be between N and U)

If the le U argument is not used then the condition are:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
L <= M <= /32 (the mask of the prefix must be at least L)

If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.

This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-06-2011

Hello Reza,

I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:

20.0.0.0/16
20.0.0.0/17
20.0.128.0/17

Best regards,

Peter

View solution in original post

Reza Sharifi · ‎11-06-2011

Hello Peter,

Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?

if it is, then you are correct and I apologize to Sarah for misinforming her.

This line says:

In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

Ok, this is clear it is mask,8,9,10 all the way to 24.

Thanks,

Reza

View solution in original post

Peter Paluch · ‎11-06-2011

Hi Reza,

Reading the description from the command reference guide (above). it states "mask length that is less than or  equal to 24 bits" so does this mean that /16 is included?

Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.

By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-10-2011

Hi Sarah,

Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-06-2011

Hi Sarah,

Nice to meet you again. How are you, how are things going?

ip prefix-list just seq permit 20.0.0.0/16 le 17

1) Will 20.0.128.0 prefix match the list?

This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:

P & /16 == 20.0.0.0
/16 <= M <= /17

Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.

In general, a prefix list of the form

ip prefix-list NAME permit|deny A.B.C.D/N ge L le U

matches all prefixes of the form P/M that meet the two following criteria:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
L <= M <= U (the mask of the prefix must be between L and U)

If the ge L argument is not used then the conditions are:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
N <= M <= U (the mask of the prefix must be between N and U)

If the le U argument is not used then the condition are:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
L <= M <= /32 (the mask of the prefix must be at least L)

If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.

This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you

Best regards,

Peter

sarahr202 · ‎11-06-2011

Hi Peter

Please consider the following example

ip prefix-list zee seq 5 permit 20.0.0.0/16 ge 20.

Let say we have a prefix 20.0.8.0/24

20.0.8.0/16= 20.0.0.0 ( first condition met)

Mask = 24, ge 20 which means =>20,

Second condition met as well.

Thus, prefix 20.0.8.0/24 will be matched by above prefix list

Is my understanding correct?

second example;

we have a prefix 20.0.240.0/20

20.0.240.0/16= 20.0.0.0 9 First condition is met)

mask=20, ge which means >= 20,

second condition is also met

Thus prefix 20.0.240.0/20 will be matched by above prefix list.

Is my understanding correct ?

thanks for your help Peter.

Minnesotakid · ‎06-22-2022

Hey @Peter Paluch - just wanted to let you know this helped clear up an issue I was solving this week. And also - it was nice meeting you at Live last week! haha

Reza Sharifi · ‎11-06-2011

Hi Sara,

You are right. This prefix does not include /16 mask. It is /17 or lees, so in this case it is /17.

here is the command reference guide explanation

Examples

In the following example, a prefix list configured to deny the default route 0.0.0.0/0:

Router(config)# ip prefix-list RED deny 0.0.0.0/0

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:

Router(config)# ip prefix-list BLUE permit 172.16.1.0/24

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:

Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24

http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1112138

HTH

Peter Paluch · ‎11-06-2011

Hello Reza,

I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:

20.0.0.0/16
20.0.0.0/17
20.0.128.0/17

Best regards,

Peter

Reza Sharifi · ‎11-06-2011

Hello Peter,

Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?

if it is, then you are correct and I apologize to Sarah for misinforming her.

This line says:

In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

Ok, this is clear it is mask,8,9,10 all the way to 24.

Thanks,

Reza

Peter Paluch · ‎11-06-2011

Hi Reza,

Reading the description from the command reference guide (above). it states "mask length that is less than or  equal to 24 bits" so does this mean that /16 is included?

Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.

By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.

Best regards,

Peter

sarahr202 · ‎11-06-2011

Thanks Peter and Reza.

I am going to spend hours to digest your responses. I will come back wiith questions when i finish.

sarahr202 · ‎11-06-2011

I am back. Since I am very slow learner( Most of you already knew it by now :-) , therefore I will be posting one problem at a time.

Let start with :

ip prefix-list welcome seq 5 deny 20.0.0.0/16 le 20

Can I find the possible range of prefixes matched by the above list as:

20.0.0.0/16= 20.0.x.x ( which is the first prefix in our range)

The last prefix that can be matched by the above list :

20.0.240.x

where x is any number between 1 to 255 ?

Reza Sharifi · ‎11-06-2011

Correct,

Ok, so this prefix would cover 16, 17, 18, 19 and 20 with the last one being 255.255.240.0 which is=/20

sarahr202 · ‎11-06-2011

Please consider the following example.

ip prefix-list zee seq 5 permit 20.0.0.0/16 le 17

So the last prefix will be 20.0.128.0/17

let say we have prefix 20.0.128.0/24

So , If i use the conditions mentioned by Peter:

P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
L <= M <= U (the mask of the prefix must be between L and U)

First condition is met, ( 20.0.128.0/16= 20.0.0.0)

second condition is not met as length of mask is 24 while the maximu length as defined by le17 is 17

Is my concept correct ?

Thanks

Peter Paluch · ‎11-10-2011

Hi Sarah,

Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.

Best regards,

Peter

sarahr202 · ‎11-11-2011

Thanks Peter ; I am doing great; How have you been ?