Re: prefix list !! help plz - Page 2

shaila_rox · ‎06-12-2007

hi every1, plz some 1 solve this problem

suppose i have 10 contigiuous networks connected on my routers loopback interfaces

10.1.0.1/16

10.2.0.1/16

10.3.0.1/16

10.4.0.1/16

10.5.0.1/16

10.6.0.1/16

10.7.0.1/16

10.8.0.1/16

10.9.0.1/16

10.10.0.1/16

now i want to advertise only network 10.1.0.0 - 10.4.0.0/16 using prefix list, can some 1 tell me is it possible like i know how to do it in access-list but not getting it in prefix, plz tell me wat will be the prefix list for this???

smothuku · ‎06-12-2007

Examples

In the following example, a prefix list configured to deny the default route 0.0.0.0/0:

Router(config)# ip prefix-list RED deny 0.0.0.0/0

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:

Router(config)# ip prefix-list BLUE permit 172.16.1.0/24

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:

Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24

In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:

Router(config)# ip prefix-list PINK deny 10.0.0.0/8 ge 25

In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

In the following example, a prefix list configured to deny any route with any mask length from the 10.0.0.0/8 network:

Router(config)# ip prefix-list ORANGE deny 10.0.0.0/8 le 32

Thanks,

Satish

s.arunkumar · ‎06-12-2007

helloo..

i think this will also work.........

ip prefix-list test 5 10.0.0.0/14 ge 15 le 16

ip prefix-list 10 test 10 10.4.0.0/16

arun :)

Harold Ritter · ‎06-12-2007

Arun,

This would work but would allow additional prefixes such as 10.0.0.0/15, 10.0.0.0/16, 10.1.0.0/15, 10.2.0.0/15, 10.3.0.0/15.

On the other hand you could change the first statement for ge 16 le 16, at which point only prefix 10.0.0.0/16 would be allowed on top of the specified prefixes (10.1.0.0/16 - 10.4.0.0/16).

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

shaila_rox · ‎06-12-2007

hi sir, i should admit that i m not able to understand ge or le at all !!! either u explain to me in simple words plz or refer me a doc that can explain me prefix list in an easy manner, i checked the univercd bgp guide and prefix list doc but didnt understand, can u plz refer me some doc or explain

thanks again in advance

Harold Ritter · ‎06-12-2007

Please refer to the attached document and let me know if it helps.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

shaila_rox · ‎06-12-2007

sorry sir, but it didnt helped :( i m getting really confuse in ge and le parameters, see i have these 4 networks

10.24.0.0/16

10.25.0.0/16

10.26.0.0/16

10.27.0.0/16

now the summary will be 10.24.0.0/14 right ?

how can i specify this in the prefix list,

plz sir dont take me wrong but just dont give the answer i mean plz explain ur answer, like if u include ge or le then plz tell me how and why u have written them

thanks in advance

Harold Ritter · ‎06-12-2007

That is correct. You can use one statement to match the 4 prefixes as they share a common boundary.

Now if you want these prefixes to be allowed but strictly with a prefix length of 16, you would have the following prefix-list:

ip prefix-list test seq 10 permit 10.24.0.0/14 ge 16 le 16

If you didn't configure le 16 ge 16 then the default prefix length (/14) would be applied and would therefore not allow the /16 prefixes.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎06-12-2007

Slight oversight.

10.1.0.0/15 and 10.3.0.0/15 are illegal prefix/prefix length combination.

Sorry for the confusion,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

shaila_rox · ‎06-14-2007

hi sir, i started reading wendell odom exam certification for ccie and i think i m understanding it now, just a lil more practice i guess, there is one final question so plz tell me

i have these networks

10.1.0.0/16 till 10.20.0.0/16

i want to filter

1) all the odd networks

2) all the even networks

wat will be the prefix list ??

plz give separate prefix list for 1 and 2.

thanks again in advance

Harold Ritter · ‎06-14-2007

This kind of requirement (odd/even) cannot be achieved with a prefix-list as prefix-lists do not allow to configure non contiguous masks.

This would easily be done with an extended ACL as they do allow for non contiguous masks:

1) Allow all odd networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.1.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.17.0.0 0.2.255.255 host 255.255.0.0

2) Allow all even networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎06-14-2007

Small rectification on the second access-list. The requirement stated 10.1.0.0/16 to 10.20.0.0/16 and the proposed ACL allows 10.0.0.0/16. It can be modified as follow to fulfill the requirement:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

s.arunkumar · ‎06-15-2007

Really interesting ....

sir,

can u just tell then how will be my access-list if i want to permit only networks

10.1.0.0/16 to 10.10.0.0/16 ??

Harold Ritter · ‎06-17-2007

Again, 10.1.0.0/16 to 10.10.0/16 don't all fall under a common mask boundary, so you will need more than one line.

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 as it is part of the following block but shouldn't allowed according to your specifications */

access-list 101 permit ip 10.0.0.0 0.0.15.255 host 255.255.0.0 /* allows 10.0.0.0/16 tp 10.15.0.0/16 */

access-list 101 permit ip 10.16.0.0 0.0.255.255 host 255.255.0.0 /* allows 10.16.0.0/16 */

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎06-17-2007

Sorry I misread the specifications. Here's the new ACL:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 from the following block */

access-list 101 permit ip 10.0.0.0 0.7.255.255 host 255.255.0.0 /* permits 10.0.0.0/16 to 10.7.0.0/16 */

access-list 101 permit ip 10.8.0.0 0.1.255.255 host 255.255.0.0 /* permits 10.8.0.0/16 to 10.9.0.0/16 */

access-list 101 permit ip 10.0.10.0 0.0.255.255 host 255.255.0.0 /* permits 10.10.0.0/16 */

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

s.arunkumar · ‎06-17-2007

thanks u sir,,

so the logic is divide into block size of nearest 2^n , and the find the network portion by logical AND of first and last ip,and for mask portion logical XOR of first and last ip....

after it if any ip are coming out of our requirement,make specific access-list for it...

am i right???

... :)