Normally Access Control List aka ACL is used to filter ip packets. But when we want to filter the routing updates with specific policies to deny and permit the updates, prefix list is used. The advantage of using prefix list over acl is that it requires less CPU cycles consequence high performance and provides more granularities in terms of controlling the route updates. Prefix list is easy to understand and implement. But before deep dive one should know about its syntax and working. ip prefix-list name [seq seq] {deny | permit} prefix/length Seq is sequence number used by prefix list and automatically generated in increments of 5. All the entries are processed sequentially according to the number and helps administrator to make changes according to their sequence numbers. This can be disabled by adding the command “no ip prefix-list sequence-number”. This command impacts the existing configuration and all the sequence numbers will remove. Deny/Permit is used to allow or deny the ip prefixes. Prefix/Length is used to add the prefix with its subnet mask. Length is depicting the subnet mask. Prefix list entries are automatically converted to match the length value entered. Let’s assume if we enter 10.1.1.0/8 then it will be converted to 10.0.0.0/8. If we add 10.1.1.0/24 then it will only match the same length and prefix value. By default everything is deny at the end. What will happen if we want to filter the prefixes 10.1.1.0/25, 10.1.1.0/26, 10.1.1.0/27 and so on. The all prefixes are falling in range and to filter it, optional keywords ge (greater than or equal) and le(less than or equal) is required. Understanding ge and le was whirlwind to me but it will not for you after this explanation.
First start with the ge optional keyword. GE is greater than or equal which means it will match the entries more than the ge value specified. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 ge 25. In this example 25 is given with ge which means it will ignore from 1 to 24 bits and start with 25 bit and till go until it reaches to 32. We have not specified 32 anywhere but 32 is the last bit in the length. The same is depicting in the given figure:-  Figure 1 It will match 10.1.1.0/25, 10.1.1.0/26, 10.1.1.0/27, 10.1.1.0/28, 10.1.1.0/29, 10.1.1.0/30, 10.1.1.0/31 and 10.1.1.0/32 but not less than /24 prefix length. It means if we are specifying only ge keyword it will go up to 32. If we want to match the prefix length more than 28 then the syntax will be given below:- ip prefix-list SHIVLU permit 10.1.1.0/24 ge 28 This will start from 28 and go up to 32. The next one is the le optional keyword which goes from the length value specified by prefix/length inclusive. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 le 25  Figure 2 This will permit 10.1.1.0/24, 10.1.1.0/25 and 10.1.1.128/25 In the hybrid mode, we can use the both ge and le optional keywords simultaneously. e.g. ip prefix-list SHIVLU permit 10.1.1.0/24 ge 25 le 28. It will only match from 25 and go up to 28.  Figure 3 Author Shivlu Jain shivlu@mplsvpn.info http://www.mplsvpn.info |
BGP >