Prefix-lists are used to match on prefix and prefix-length pairs. Normal prefix-list syntax is as follows:
ip prefix-list LIST permit w.x.y.z/len
Where w.x.y.z is your exact prefix
And where len is your exact prefix-length
“ip prefix-list LIST permit 1.2.3.0/24″ would be an exact match for the prefix 1.2.3.0 with a subnet mask of 255.255.255.0. This does not match 1.2.0.0/24, nor does it match 1.2.3.4/32, nor anything in between.
When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit.
ip prefix-list LIST permit 1.2.3.0/24 le 32
This means:
Check the first 24 bits of the prefix 1.2.3.0
The subnet mask must be less than or equal to 32
This equates to the access-list syntax:
access-list 1 permit 1.2.3.0 0.0.0.255
ip prefix-list LIST permit 0.0.0.0/0 le 32
This means:
Check the first 0 bits of the prefix 0.0.0.0
The subnet mask must be less than or equal to 32
This equates to anything
ip prefix-list LIST permit 0.0.0.0/0
This means:
The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29
This means:
Check the first 8 bits of the prefix 10.0.0.0
The subnet mask must be greater than or equal to 21, and less than or
equal to 29.
ip prefix-list CLASS_A permit 0.0.0.0/1 ge 8 le 8
This matches all class A addresses with classful masks. It means:
Check the first bit of the prefix, it must be a 0.
The subnet mask must be greater than or equal to 8, and less than or equal to 8. ( It is exactly 8 )
When using the GE and LE values, you must satisfy the condition:
Len < GE <= LE
Therefore “ip prefix-list LIST permit 1.2.3.0/24 ge 8″ is not a valid list.
What you can not do with the prefix-list is match on arbitrary bits like you can in an access-list. Prefix-lists cannot be used to check if a number is even or odd, nor check if a number is divisible by 15, etc… Bit checking in a prefix-list is sequential, starting with the most significant (leftmost) bit.
About Brian McGahan, CCIE #8593:
Brian McGahan was one of the youngest engineers in the world to obtain the CCIE, having achieved his first CCIE in Routing & Switching at the age of 20 in 2002. Brian has been teaching and developing CCIE training courses for over 8 years, and has assisted thousands of engineers in obtaining their CCIE certification. When not teaching or developing new products Brian consults with large ISPs and enterprise customers in the midwest region of the United States.
You can leave a response, or trackback from your own site.
5 Responses to “How do prefix-lists work?”
Leave a Reply
Loading ...
I don’t understand why you say
“This does not match 1.2.0.0/24″
Yes it will, won’t it?
No, it has to match all 32 bits of the address and the subnet mask must be 24. It is exactly the route 1.2.3.0/24. The route 1.2.0.0/24 is a different network.
[...] http://blog.internetworkexpert.com/2007/12/26/how-do-prefix-lists-work/ [...]
[...] > CC: ccielab@groupstudy.com > > Hello Mike/Arnold, > > This should help: > http://blog.internetworkexpert.com/2007/12/26/how-do-prefix-lists-work/ > > 2009/5/18 mike arnold > > > Hi, > > > > Am not perfect in prefix-lists can anybody send me a [...]
Quite good and helpful information.