The truth about prefix-lists.
How it works? what is a prefix -list? prefix-list examples
How it works? what is a prefix -list? prefix-list examples
Hey guys, remember prefix-lists are used to match on prefix and prefix-length pairs. Normal prefix-list syntax is as follows:
ip prefix-list LIST permit w.x.y.z/len
Where w.x.y.z is your exact prefix
And where len is your exact prefix-length
“ip prefix-list LIST permit 1.2.3.0/24! would be an exact match for the prefix 1.2.3.0
with a subnet mask of 255.255.255.0. This does not match 1.2.0.0/24, nor does it match
1.2.3.4/32, nor anything in between.
When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its
meaning. When using GE and LE, the len value specifies how many bits of the prefix you
are checking, starting with the most significant bit.
ip prefix-list LIST permit 1.2.3.0/24 le 32
This means:
Check the first 24 bits of the prefix 1.2.3.0
The subnet mask must be less than or equal to 32
This equates to the access-list syntax:
access-list 1 permit 1.2.3.0 0.0.0.255
ip prefix-list LIST permit 0.0.0.0/0 le 32
This means:
Check the first 0 bits of the prefix 0.0.0.0
The subnet mask must be less than or equal to 32
This equates to anything
ip prefix-list LIST permit 0.0.0.0/0
This means:
The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29
This means:
Check the first 8 bits of the prefix 10.0.0.0
1
The subnet mask must be greater than or equal to 21, and less than or
equal to 29.
When using the GE and LE values, you must satisfy the condition:
Len < GE <= LE
Therefore “ip prefix-list LIST permit 1.2.3.0/24 ge 8! is not a valid list.
The way prefix lists work are you can specify a network and mask or a
network and a range of masks. Specifying a network and mask is fairly
simple:
ip prefix-list mylist seq 10 permit 172.16.25.0/24
This will allow (match) the exact network 172.16.25.0/24 to pass the list.
However prefix lists can also specify a network with a range of masks. For
example:
ip prefix-list mylist seq 10 permit 172.16.0.0/16 ge 24 le 26
This will take the entire class B network 172.16.0.0 (172.16.0.0/16) and
pass only subnets with a /24, /25 or /26 mask (ge 24 le 26). So the exact
network 172.16.0.0/16 would actually fail the list because it does not have
a mask of /24, /25 or /26.
By default if you only specify "ge" then any subnet with a mask greater than
or equal to the ge value will pass. That is, ge all the way up to /32. For
example:
ip prefix-list mylist seq 10 permit 10.10.10.0/24 ge 28
2
This list specifies any subnet within the 10.10.10.0/24 range that has a
mask of /28 or greater (255.255.255.240 to 255.255.255.255). Again, the
exact subnet 10.10.10.0/24 would fail because it does not have a mask of /28
or greater.
By default if you only specify "le" then any subnet with a mask less than or
equal to the le value but greater than or equal to the mask specified will
pass. That is, le all the way down to the mask listed. For example:
ip prefix-list mylist seq 10 permit 10.64.0.0/16 le 23
This list specifies any subnet within the 10.64.0.0/16 range that has a
mask between /16 and /23, inclusive (255.255.0.0 to 255.255.254.0). In this
case the exact subnet 10.64.0.0/16 would pass because it has a mask in the
range /16 to /23.
The "permit any any" in a prefix list is:
ip prefix-list mylist seq 200 permit 0.0.0.0/0 le 32
I recommend getting quite familiar with them because they are very powerful
and actually not too bad to use once you get used to them!
Hope this helps
