02-05-2016 04:30 AM - edited 03-08-2019 04:29 AM
Hi
I would like to create prefix list on my router running BGP with the ISP to only allow routs coming in from private networks. I will attach these to a route map and then reference in my BGP config. Are these the correct prefix list or do I need any le or ge in there.
ip prefix-list FROM-VIRGIN seq 10 permit 10.0.0.0/8
ip prefix-list FROM-VIRGIN seq 10 permit 172.16.0.0/12
ip prefix-list FROM-VIRGIN seq 10 permit 192.168.0.0/16
Thanks
02-05-2016 10:26 PM
Hello Mokhalil82,
Agreed with Jon..
ip prefix-list FROM-VIRGIN seq 10 permit 10.0.0.0/8
ip prefix-list FROM-VIRGIN seq 10 permit 172.16.0.0/12
ip prefix-list FROM-VIRGIN seq 10 permit 192.168.0.0/16
The above will only do exact match for the prefix 10.0.0.0 with a subnet mask of 255.0.0.0. This does not match 10.1.0.0/8, nor does it match 10.10.1.4/32, nor anything in between.
When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit.
ip prefix-list LIST permit 10.20.3.0/24 le 32
This means:
Check the first 24 bits of the prefix 10.20.3.0,The subnet mask must be less than or equal to 32.
Hope it Helps..
-GI
02-05-2016 11:53 PM
Dear friends,
Please allow me to join - just a small remark.
Ganesh wrote:
Check the first 24 bits of the prefix 10.20.3.0,The subnet mask must be less than or equal to 32.
In other words, this means: "Check whether the network being examined is a subnet of 10.20.3.0/24 and its netmask is less or equal to /32 (obviously, not less than /24, as it would no longer be a subnet)." Indeed, when using ge and/or le criteria, the network/netmask combination in the prefix-list entry specifies the basic network whose subnets are being matched, and the ge and le specify criteria on the netmasks of these subnets.
Best regards,
Peter
02-06-2016 03:07 AM
Your prefix list will only match routes with that specific prefix length, probably not what you want.
Add "le 32" to the end of each line which will cover all possible subnets.
You should probably use different sequence numbers as well.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide