Dec 30 2008
Prefix Lists
IP Prefix lists can be used with BGP to permit or deny specific prefixes from being advertised or learnt to or from a neighbor.
Consider the topology below.
We will carry out three exercises.
- configure a prefix list to match 192.168.1.0/24
- configure a prefix list to match 192.168.1.0/24, 192.168.1.0/25, 192.168.1.0/26.
- configure a prefix list to match 192.168.1.0/25 and 192.168.1.0/26
Exercise 1
We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.
ip prefix-list slash-24-only seq 5 permit 192.168.1.0/24
router bgp 1
!
neighbor 10.0.0.2 prefix-list slash-24-only in
Exercise 2
We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.
ip prefix-list UP-TO-SLASH-26 seq 5 permit 192.168.1.0/24 le 26
router bgp 1
!
neighbor 10.0.0.2 prefix-list UP-TO-SLASH-26 in
Exercise 3
We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.
ip prefix-list GE-LE seq 5 permit 192.168.1.0/24 ge 25 le 26
router bgp 1
!
neighbor 10.0.0.2 prefix-list GE-LE in
Now let me try and explain what these 3 prefix lists are actually doing.
Prefix list 1 – slash-24-only
ip prefix-list slash-24-only seq 5 permit 192.168.1.0/24
This is pretty straight forward. This prefix list will match on the exact prefix as configured in the prefix list ie 192.168.1.0/24.
Prefix list 2 – UP-TO-SLASH-26
ip prefix-list UP-TO-SLASH-26 seq 5 permit 192.168.1.0/24 le 26
For a prefix to be permitted by this prefix-list the first 24 bits must match the first 24 bits of 192.168.1.0.
The le 26 then adds a subnet clause which states that the subnet mask being advertised must be less than or equal to 26 bits in length.
Lets consider a bunch of prefixes and see if they would be permited by the above prefix list.
- 192.168.1.0/24
- 192.168.1.4/30
- 192.168.1.128/25
- 192.168.1.0/23
- 192.168.1.0/27
Prefix 1 matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is less than 26 bits.
Prefix 2 matches the first criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list, however the subnet mask is greater than 26 bits.
Prefix 3 also matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is less than 26 bits.
Prefix 4 is an invalid prefix, I’ll let you work out why.
Prefix 5 matches the first criteria but fails on the subnet mask length criteria and as such the prefix is denied.
Prefix list 3 – GE-Le
ip prefix-list GE-LE seq 5 permit 192.168.1.0/24 ge 25 le 26
Now this is an interesting beast. This prefix-list had 2 match clauses.
- The prefix must match the first 24 bits on the prefix in the prefix list
- The subnet mask must be between 25 and 26 bits in length
Lets consider a bunch of prefixes and see if they would be permited by the above prefix list.
- 192.168.1.0/24
- 192.168.1.4/30
- 192.168.1.128/25
Prefix 1 matches the first criteria ie the first 24 bits match, however the subnet mask is the wrong length.
Prefix 2 matches the first criteria ie the first 24 bits match, however the subnet mask is the wrong length.
Prefix 3 matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is greather than 25 bits buts still less than 26 bits.
I hope that makes sense. Anyhow, here is a video showing how to put it all together or alternativley click here to download and watch it on your iPod.
