Welcome to the Network Engineering Domain
Pape O. Fall's Blog
Prefix lists are typically used in route-maps or packet filtering as they represent an alternative to access-lists. However, prefix-lists in comparison with access-lists allow us to match prefixes at a much more granular level. A prefix is a portion of an IP address, starting from the far left bit of the far left octet. So, here is how they came about – In the early days of Network Engineering, we realized that it is actually a good idea to limit traffic for certain high tier applications and Cisco responded with “Standard Access-List” where filtering is done based on source addresses. Later on down the road, we realized that we needed to be a bit more specific in terms of matching on ACL entries; Cisco then came up with “Extended Access-List” which match on source and destination IP addresses, port numbers and protocols. This was huge as now we have a bit more control in relation with matching exactly on a specific traffic flow.
Now imagine that you own a Service Provider and you needed to peer with another Service Provider. You wouldn’t want to redistribute all of your routes to your peer I would assume, right ? So, some form of route filtering mechanism needs to take place at some level. But, in this day of age where we are navigating in classless networks, how many entries do you think you’d have if you have to transfer thousands of routes to your peer using access-lists ? That’s where prefix-list comes in handy !
For the sake of this topic, we will be using the following topology…
Here we have 2 routing domains (OSPF & EIGRP). Notice how we have 4 Loopback addresses that are redistributed from EIGRP to OSPF. We will be using Prefix-Lists to match on prefixes with different prefix length.
Let’s first talk about how prefix list works – Primo, a prefix name is required with a sequence number (Optional); A permit or deny keyword is followed to either allow or block prefixes; The prefix is followed with the prefix length. We then have the ability to specify prefix length intervals with the “Equal”, “Greater or Equal” or “Less or Equal” keywords.
Syntax Description
name – IP prefix list name. The name can be any alphanumeric string up to 63 characters.
seq number – (Optional) Specifies the number to order entries in the prefix list. The range is from 1 to 4294967294.
permit – Allows routes or IP packets that match the prefix list.
deny – Rejects routes or IP packets that match the prefix list.
prefix – IP prefix in A.B.C.D/length format.
eq length – (Optional) Specifies the prefix length to match. The range is from 1 to 32.
ge length – (Optional) Specifies the prefix length to match. The range is from 1 to 32.
le length – (Optional) Specifies the prefix length to match. The range is from 1 to 32.
Let me show you a few examples:
*ip prefix-list ROUTELEAK_LIST permit 10.1.1.0/24 – Match prefix 10.1.1.0 with a subnet mask of /24
*ip prefix-list ROUTELEAK_LIST permit 10.0.0.0/8 le 26 – The first 8 bit of the prefix 10.0.0.0 are checked and the subnet mask must be Less or Equal to 26
*ip prefix-list ROUTELEAK_LIST permit 10.0.0.0/8 ge 23 le 26 – The first 8 bit of the prefix 10.0.0.0 are checked and the subnet mask must be Greater or Equal than 23 and Less or Equal to 26
*ip prefix-list ROUTELEAK_LIST permit 10.0.0.0/8 ge 8 le 8 – The first 8 bit of the prefix 10.0.0.0 are checked and the subnet mask must be exactly 8
*ip prefix-list ROUTELEAK_LIST permit 0.0.0.0/0 – This matches a Default route
*ip prefix-list ROUTELEAK_LIST permit 0.0.0.0/0 le 32 – This matches on all networks
Let’s now hop onto the consoles and see the above in action ! At this point, all prefixes from R3 have been redistributed to the OSPF domain. Let’s check R1 and make sure the prefixes are received and installed in the routing table…
Very good ! All of our prefixes are received and installed in the routing table at this point. Let’s play with a couple of scenarios here – Let’s say we just want to redistribute the 10.1.4.0/27 prefix…
Here, we are checking the first 16 bits of the prefix 10.1.0.0 and since all of our loopback addresses are within that range, then that’s what we will use throughout this example. Also, we specified that the subnet mask must be /27 since it is the subnet mask of Loopback 4 on R3. Let’s not check R1 to see if among the loopback prefixes, we only see Loopback 4 in the routing table…
Nice ! All other prefixes are gone except Loopback 4’s.
Let’s now delete the config and let’s say we just want to advertise Loopback 1, Loopback 2 and Loopback 3…
Here we matching on the 10.1.0.0/16 prefixes with a subnet mask Greater or Equal to 24 and Less or Equal to 26 .That should do it for us. Let’s check R1 routing table and make sure we do not see Loopback 4 prefix…
Fantastic ! Loopback 4 prefix has been denied !
Let’s now say that we would like to deny any prefixes that fall under 10.1.0.0/16 with a subnet mask of 25 but we need to allow any other prefixes…
Here, we are denying the appropriate prefix in the first sequence and permitting everything else. Let’s check R1 routing table to make sure Loopback 2 prefix is not installed…
Fantastic ! Loopback 2 prefix is not present !
At this point, the use of Prefix-List should be packed in your troubleshooting toolset. If you have any questions, please don’t hesitate.
Hello I'm Pape. My friends call me Pop. I'm CCIE #48357. I enjoy my field and love to share it with others. I love to write so I'm sharing my blog with you.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Excellent way of describing, and good post to obtain data regarding my presentation focus, which i am going to present in institution of higher education.
Spot on with this write-up, I actually believe that this site needs a lot more attention. I’ll probably be returning to read more, thanks for the advice!|
Thank you ! means a lot !
Awesome ! Glad it is beneficial !
I have learn a few just right stuff here. Certainly value bookmarking
for revisiting. I wonder how so much effort
you place to create this kind of magnificent informative web site.
Superb, what a weblog it is! This web site provides valuable facts to us, keep it up.
Thank you for the kind words ! I’ll be writing more blogs pretty soon…
It does take time to publish a post but it is almost effortless because I enjoy it a lot 🙂
Hello to all, as I am genuinely keen of reading this website’s post to be updated daily.
It consists of good data.
Great post and clear explanation….! I never thought about tying the prefix-list to a distribute- list…..
I went awol for a while due to workload. I’m just now reading your comment. I’m about to start writing again now.
Thanks for the comment !