AUTHOR SHIVLU JAIN BLOG HTTPWWWMPLSVPNINFO IP PREFIX LIST NORMALLY

 HUMAN TISSUE AUTHORITY WRITTEN EVIDENCE TO THE HOUSE
  AUTHORIZATION AND CONSENT FOR DISCLOSURE OF CRIMINAL
ON BUSINESS PARTNERS LETTERHEAD DATE DUBAI CREATIVE CLUSTERS AUTHORITY

{DATE} ELECTIVE SURGERY RESPONSE {PHYSICIANS OR AUTHORIZED NURSE PRACTITIONERS
0 EN EU LOCAL AND REGIONAL AUTHORITIES
0 EU LOCAL AND REGIONAL AUTHORITIES CONTRIBUTING

Author: Shivlu Jain

Blog: http://www.mplsvpn.info

IP Prefix List



Normally Access Control List aka ACL is used to filter ip packets. But when we want to filter the routing updates with specific policies to deny and permit the updates, prefix list is used. The advantage of using prefix list over acl is that it requires less CPU cycles consequence high performance and provides more granularities in terms of controlling the route updates.

Prefix list is easy to understand and implement. But before deep dive one should know about its syntax and working.



ip prefix-list name [seq seq] {deny | permit} prefix/length



Seq is sequence number used by prefix list and automatically generated in increments of 5. All the entries are processed sequentially according to the number and helps administrator to make changes according to their sequence numbers. This can be disabled by adding the command “no ip prefix-list sequence-number”. This command impacts the existing configuration and all the sequence numbers will remove.

Deny/Permit is used to allow or deny the ip prefixes.

Prefix/Length is used to add the prefix with its subnet mask. Length is depicting the subnet mask.



Prefix list entries are automatically converted to match the length value entered. Let’s assume if we enter 10.1.1.0/8 then it will be converted to 10.0.0.0/8. If we add 10.1.1.0/24 then it will only match the same length and prefix value. By default everything is deny at the end. What will happen if we want to filter the prefixes 10.1.1.0/25, 10.1.1.0/26, 10.1.1.0/27 and so on. The all prefixes are falling in range and to filter it, optional keywords ge (greater than or equal) and le(less than or equal) is required. Understanding ge and le was whirlwind to me but it will not for you after this explanation.



First start with the ge optional keyword. GE is greater than or equal which means it will match the entries more than the ge value specified. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 ge 25. In this example 25 is given with ge which means it will ignore from 1 to 24 bits and start with 25 bit and till go until it reaches to 32. We have not specified 32 anywhere but 32 is the last bit in the length. The same is depicting in the given figure:-



AUTHOR SHIVLU JAIN BLOG HTTPWWWMPLSVPNINFO IP PREFIX LIST NORMALLY

Figure 1



It will match 10.1.1.0/25, 10.1.1.0/26, 10.1.1.0/27, 10.1.1.0/28, 10.1.1.0/29, 10.1.1.0/30, 10.1.1.0/31 and 10.1.1.0/32 but not less than /24 prefix length. It means if we are specifying only ge keyword it will go up to 32. If we want to match the prefix length more than 28 then the syntax will be given below:-

ip prefix-list SHIVLU permit 10.1.1.0/24 ge 28



This will start from 28 and go up to 32.



The next one is the le optional keyword which goes from the length value specified by prefix/length inclusive. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 le 25



AUTHOR SHIVLU JAIN BLOG HTTPWWWMPLSVPNINFO IP PREFIX LIST NORMALLY

Figure 2



This will permit 10.1.1.0/24, 10.1.1.0/25 and 10.1.1.128/25





In the hybrid mode, we can use the both ge and le optional keywords simultaneously. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 ge 25 le 28. It will only match from 25 and go up to 28.

AUTHOR SHIVLU JAIN BLOG HTTPWWWMPLSVPNINFO IP PREFIX LIST NORMALLY


2 CERTIFICATE OF CORPORATE AUTHORITY [NAME
2 MEETING OF NATIONAL AUTHORITIES OEASER KXXXIX
6 ARTICLE 6B INTERIM CASINO AUTHORIZATION 5129512


Tags: shivlu, httpwwwmplsvpninfo, normally, prefix, author