prefix list !! help plz

shaila_rox · ‎06-12-2007

hi every1, plz some 1 solve this problem

suppose i have 10 contigiuous networks connected on my routers loopback interfaces

10.1.0.1/16

10.2.0.1/16

10.3.0.1/16

10.4.0.1/16

10.5.0.1/16

10.6.0.1/16

10.7.0.1/16

10.8.0.1/16

10.9.0.1/16

10.10.0.1/16

now i want to advertise only network 10.1.0.0 - 10.4.0.0/16 using prefix list, can some 1 tell me is it possible like i know how to do it in access-list but not getting it in prefix, plz tell me wat will be the prefix list for this???

Harold Ritter · ‎06-12-2007

You can certainly do this with prefix-lists. The prefix-list to cover 10.1.0.0/16 - 10.4.0.0/16 would be as follow:

ip prefix-list test seq 5 permit 10.1.0.0/16

ip prefix-list test seq 10 permit 10.2.0.0/15

ip prefix-list test seq 15 permit 10.4.0.0/16

It would have been easier to aggregate 10.0.0.0/16 - 10.3.0.0, which is aggregatable with the following statement.

ip prefix-list test seq 5 permit 10.0.0.0/14

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎06-12-2007

Oops,

I forgot. It should look like this:

ip prefix-list test seq 5 permit 10.1.0.0/16

ip prefix-list test seq 10 permit 10.2.0.0/15 le 16

ip prefix-list test seq 15 permit 10.4.0.0/16

And also for the second example:

ip prefix-list test seq 5 permit 10.0.0.0/14 le 16

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

prabhueee35 · ‎06-01-2017

Hi ,

I have a router which is learning route 10.227.0.0/24 via BGP

sh ip route | i 10.227
B        10.227.0.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.2.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.3.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.4.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.5.0/24 [20/0] via 192.168.155.241, 19:20:57
B        10.227.6.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.7.0/24 [20/0] via 192.168.155.241, 2d02h
B        10.227.8.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.9.0/24 [20/0] via 192.168.155.241, 1w2d

But when I am trying to redistribute 10.227.0.0/16 from BGP to ospf it doesn't work

ip prefix list WAN-ROUTES seq 450 permit 10.227.0.0/16

sh ip ospf database | I 10.227

whereas when I check other prefixes it gets redistributed

Please help me out with this issue

Thanks,

Prabhu

cofee · ‎06-01-2017

The issue is with your prefix list. Since you specified /16 so it will only match a prefix with the length of /16 but there is no bgp route/prefix with a subnet mask of /16 but /24, therefore it's not working. Also make sure there is no prefix list above seq 450 that would deny it.

This is what you need:

ip prefix-list WAN-ROUTES seq 450 permit 10.227.0.0/16 le 24

I labbed it in gns3 and it worked fine.

B        10.227.0.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.2.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.3.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.4.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.5.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.6.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.7.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.8.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.9.0/24 [20/0] via 10.10.10.1, 00:11:12
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R3#sh ip ospf database

OSPF Router with ID (4.4.4.4) (Process ID 1)

Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
4.4.4.4         4.4.4.4         96          0x80000003 0x005A55 2
100.100.100.100 100.100.100.100 1630        0x80000002 0x00D062 2

Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.227.0.0      4.4.4.4         95          0x80000002 0x008CC3 100
10.227.2.0      4.4.4.4         95          0x80000002 0x0076D7 100
10.227.3.0      4.4.4.4         95          0x80000002 0x006BE1 100
10.227.4.0      4.4.4.4         95          0x80000002 0x0060EB 100
10.227.5.0      4.4.4.4         95          0x80000002 0x0055F5 100
10.227.6.0      4.4.4.4         95          0x80000002 0x004AFF 100
10.227.7.0      4.4.4.4         95          0x80000002 0x003F0A 100
10.227.8.0      4.4.4.4         95          0x80000002 0x003414 100
10.227.9.0      4.4.4.4         95          0x80000002 0x00291E 100

prabhueee35 · ‎06-01-2017

Hi ,

Thanks for your reply, but if you add the statement

ip prefix-list WAN-ROUTES seq 450 permit 10.227.0.0/16 le 24

can you please tell me what is the sh ip route output

since I need 10.227.0.0/16 to be present when I run sh ip route cmd

but I feel it will be 10.227.0.0/24 if the above prefix list is added

Regards,

Prabhu

prabhueee35 · ‎06-01-2017

Hi ,

I have tried the prefix list stated by you

ip prefix-list WAN-ROUTES seq 450 permit 10.227.0.0/16 le 24

but still show ip route is showing route for 10.227.0.0/24 and not for 10.227.0.0/16

sh ip route | i 10.227.0.0
B 10.227.0.0/24 [20/0] via 192.168.155.241, 1w2d

sh ip route 10.227.0.0
Routing entry for 10.227.0.0/24
Known via "bgp 64610", distance 20, metric 0
Tag 2856, type external
Redistributing via ospf 100
Advertised by ospf 100 metric-type 1 subnets route-map BGP-TO-OSPF
Last update from 192.168.155.241 1w2d ago
Routing Descriptor Blocks:
* 192.168.155.241, from 192.168.155.241, 1w2d ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 2856
      MPLS label: none

sh ip ospf database | i 10.227
10.227.0.0      172.30.248.250 57          0x80000001 0x004F05 2856
10.227.2.0      172.30.248.250 57          0x80000001 0x003919 2856
10.227.3.0      172.30.248.250 57          0x80000001 0x002E23 2856
10.227.4.0      172.30.248.250 57          0x80000001 0x00232D 2856
10.227.5.0      172.30.248.250 57          0x80000001 0x001837 2856
10.227.6.0      172.30.248.250 57          0x80000001 0x000D41 2856
10.227.7.0      172.30.248.250 57          0x80000001 0x00024B 2856
10.227.8.0      172.30.248.250 57          0x80000001 0x00F655 2856
10.227.9.0      172.30.248.250 57          0x80000001 0x00EB5F 2856
10.227.10.0     172.30.248.250 57          0x80000001 0x00E069 2856
10.227.11.0     172.30.248.250 57          0x80000001 0x00D573 2856
10.227.12.0     172.30.248.250 57          0x80000001 0x00CA7D 2856
10.227.13.0     172.30.248.250 57          0x80000001 0x00BF87 2856
10.227.14.0     172.30.248.250 57          0x80000001 0x00B491 2856
10.227.15.0     172.30.248.250 57          0x80000001 0x00A99B 2856
10.227.16.0     172.30.248.250 57          0x80000001 0x009EA5 2856
10.227.17.0     172.30.248.250 57          0x80000001 0x0093AF 2856
10.227.18.0     172.30.248.250 57          0x80000001 0x0088B9 2856
10.227.19.0     172.30.248.250 57          0x80000001 0x007DC3 2856
10.227.20.0     172.30.248.250 57          0x80000001 0x0072CD 2856
10.227.21.0     172.30.248.250 57          0x80000001 0x0067D7 2856
10.227.22.0     172.30.248.250 57          0x80000001 0x005CE1 2856
10.227.23.0     172.30.248.250 57          0x80000001 0x0051EB 2856
10.227.24.0     172.30.248.250 57          0x80000001 0x0046F5 2856
10.227.29.0     172.30.248.250 59          0x80000001 0x000F28 2856
10.227.30.0     172.30.248.250 59          0x80000001 0x000432 2856
10.227.31.0     172.30.248.250 59          0x80000001 0x00F83C 2856
10.227.32.0     172.30.248.250 59          0x80000001 0x00ED46 2856
10.227.33.0     172.30.248.250 59          0x80000001 0x00E250 2856
10.227.34.0     172.30.248.250 59          0x80000001 0x00D75A 2856
10.227.35.0     172.30.248.250 59          0x80000001 0x00CC64 2856
10.227.36.0     172.30.248.250 59          0x80000001 0x00C16E 2856
10.227.37.0     172.30.248.250 59          0x80000001 0x00B678 2856
10.227.38.0     172.30.248.250 59          0x80000001 0x00AB82 2856
10.227.39.0     172.30.248.250 59          0x80000001 0x00A08C 2856
10.227.40.0     172.30.248.250 59          0x80000001 0x009596 2856
10.227.41.0     172.30.248.250 59          0x80000001 0x008AA0 2856
10.227.44.0     172.30.248.250 59          0x80000001 0x0069BE 2856
10.227.47.0     172.30.248.250 59          0x80000001 0x0048DC 2856
10.227.48.0     172.30.248.250 59          0x80000001 0x003DE6 2856
10.227.49.0     172.30.248.250 59          0x80000001 0x0032F0 2856
10.227.50.0     172.30.248.250 59          0x80000001 0x0027FA 2856
10.227.51.0     172.30.248.250 59          0x80000001 0x001C05 2856
10.227.52.0     172.30.248.250 59          0x80000001 0x00110F 2856
10.227.54.0     172.30.248.250 59          0x80000001 0x00FA23 2856
10.227.56.0     172.30.248.250 59          0x80000001 0x00E437 2856
10.227.60.0     172.30.248.250 59          0x80000001 0x00B85F 2856
10.227.62.0     172.30.248.250 59          0x80000001 0x00A273 2856
10.227.63.0     172.30.248.250 59          0x80000001 0x00977D 2856
10.227.64.0     172.30.248.250 59          0x80000001 0x008C87 2856
10.227.65.0     172.30.248.250 59          0x80000001 0x008191 2856
10.227.66.0     172.30.248.250 59          0x80000001 0x00769B 2856
10.227.67.0     172.30.248.250 59          0x80000001 0x006BA5 2856
10.227.69.0     172.30.248.250 59          0x80000001 0x0055B9 2856
10.227.70.0     172.30.248.250 59          0x80000001 0x004AC3 2856
10.227.71.0     172.30.248.250 59          0x80000001 0x003FCD 2856
10.227.72.0     172.30.248.250 59          0x80000001 0x0034D7 2856
10.227.74.0     172.30.248.250 59          0x80000001 0x001EEB 2856
10.227.76.0     172.30.248.250 59          0x80000001 0x0008FF 2856
10.227.78.0     172.30.248.250 59          0x80000001 0x00F114 2856
10.227.79.0     172.30.248.250 59          0x80000001 0x00E61E 2856
10.227.80.0     172.30.248.250 59          0x80000001 0x00DB28 2856
10.227.81.0     172.30.248.250 59          0x80000001 0x00D032 2856
10.227.82.0     172.30.248.250 59          0x80000001 0x00C53C 2856
10.227.84.0     172.30.248.250 59          0x80000001 0x00AF50 2856
10.227.86.0     172.30.248.250 59          0x80000001 0x009964 2856
10.227.87.0     172.30.248.250 59          0x80000001 0x008E6E 2856
10.227.88.0     172.30.248.250 59          0x80000001 0x008378 2856
10.227.89.0     172.30.248.250 59          0x80000001 0x007882 2856
10.227.91.0     172.30.248.250 59          0x80000001 0x006296 2856
10.227.92.0     172.30.248.250 59          0x80000001 0x0057A0 2856
10.227.93.0     172.30.248.250 59          0x80000001 0x004CAA 2856
10.227.94.0     172.30.248.250 59          0x80000001 0x0041B4 2856
10.227.95.0     172.30.248.250 59          0x80000001 0x0036BE 2856
10.227.96.0     172.30.248.250 59          0x80000001 0x001CDA 2856
10.227.96.255   172.30.248.250 59          0x80000001 0x002BC8 2856
10.227.102.0    172.30.248.250 59          0x80000001 0x00E805 2856
10.227.103.0    172.30.248.250 59          0x80000001 0x00DD0F 2856
10.227.104.0    172.30.248.250 59          0x80000001 0x00D219 2856
10.227.105.0    172.30.248.250 59          0x80000001 0x00C723 2856
10.227.106.0    172.30.248.250 59          0x80000001 0x00BC2D 2856
10.227.115.0    172.30.248.250 59          0x80000001 0x005987 2856
10.227.116.0    172.30.248.250 59          0x80000001 0x004E91 2856
10.227.117.0    172.30.248.250 59          0x80000001 0x00439B 2856
10.227.118.0    172.30.248.250 59          0x80000001 0x0038A5 2856
10.227.119.0    172.30.248.250 59          0x80000001 0x002DAF 2856
10.227.120.0    172.30.248.250 59          0x80000001 0x0022B9 2856
10.227.121.0    172.30.248.250 59          0x80000001 0x0017C3 2856
10.227.123.0    172.30.248.250 59          0x80000001 0x0001D7 2856
10.227.136.0    172.30.248.250 59          0x80000001 0x00715A 2856
10.227.140.0    172.30.248.250 59          0x80000001 0x004582 2856
10.227.143.0    172.30.248.250 59          0x80000001 0x0024A0 2856
10.227.145.0    172.30.248.250 59          0x80000001 0x000EB4 2856
10.227.146.0    172.30.248.250 60          0x80000001 0x0003BE 2856
10.227.148.0    172.30.248.250 60          0x80000001 0x00ECD2 2856

Regards,

Prabhu

cofee · ‎06-01-2017

Prefix list is matching the bgp routes in the local rib and route-map used by OSPF for redistribution is calling the prefix-list. You can use a standard access-list and result will be the same.

ip access-list standard test

permit 10.227.0.0 0.0.255.255

* I am not sure how you can aggregate bgp routes in current scenario using a prefix list or access-list unless you advertise an aggregate address from the upstream bgp router or create a static route for 10.227.0.0/16 and redistribute it into ospf.

cofee · ‎06-01-2017

I advertised an aggregate address from the upstream bgp router and then redistributed that into ospf. But I am not sure if that's the solution you are looking for because I am not clear what the end goal is.

R3#sh ip bgp
BGP table version is 20, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.227.0.0/16 10.10.10.1 0 0 100 i
R3#
R3#
R3#
R3#sh ip osp
R3#sh ip ospf dat
R3#sh ip ospf database

OSPF Router with ID (4.4.4.4) (Process ID 1)

Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
4.4.4.4         4.4.4.4         1206        0x80000007 0x005259 2
100.100.100.100 100.100.100.100 1391        0x80000004 0x00CC64 2

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
10.227.0.0 4.4.4.4 48 0x80000003 0x008AC4 100

prabhueee35 · ‎06-01-2017

Hi ,

I thinkg you are right

in this case the upstream router advertises 10.227.0.0/24

sh ip bgp | i 10.227.0
*> 10.227.0.0/24 192.168.155.241

whereas prefix list created as below

ip prefix-list WAN-routes seq 450 permit 10.227.0.0/16 le 24

so /16 is not there in BGP table whereas /24 is present in bgp table hence even after applying above prefix list still we are getting route for /24 and not /16

sh ip route 10.227.0.0

Routing entry for 10.227.0.0/24
Known via "bgp 64610", distance 20, metric 0
Tag 2856, type external
Redistributing via ospf 100
Advertised by ospf 100 metric-type 1 subnets route-map BGP-TO-OSPF
Last update from 192.168.155.241 1w2d ago
Routing Descriptor Blocks:
* 192.168.155.241, from 192.168.155.241, 1w2d ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 2856
      MPLS label: none

Hence I should make upstream router to advertise /16 instead of /24 - am I right ?

Regards,

Prabhu

cofee · ‎06-02-2017

Correct. That's what I can think of.

upstream bgp router:

aggregate-address 10.227.0.0 255.255.0.0 summary-only

* with this command only /16 would be advertised, if you remove summariy-only then aggregate address would be advertised in addition to more specified routes.

cofee · ‎06-01-2017

Forgot to add the command for redistribution under the ospf process:

redistribute bgp AS subnets route-map WAN-ROUTES

* You may already have it configured the right way, but I just wanted to add it to make sure that all pieces are covered.

shaila_rox · ‎06-12-2007

thanks for the reply but i didnt understand any of u, plz i m not an expert just started prefix list, i understand the ge and le and seq and all but i didnt understand how to specify the range of ip addres that i need to block ( or allow ), can u explain that by keeping my example, can i specify my range ( i.e. from 10.1.0.0 - 10.4.0.0 ) in a single prefix statement ?? i m really confused here plz explain to me how can i do it?

still thanks for ur feedback but i didnt get it really

Harold Ritter · ‎06-12-2007

Shaila,

You couldn't permit 10.1.0.0/16 - 10.4.0.0/16 in a single statement without also including other prefixes since these prefixes do not fall on a common boundary.

The first portion of the prefix-list is key in this exercise.

for instance

10.0.0.0/14 le 16 ge 16

would include 10.0.0.0/16 - 10.3.0.0/16

10.0.0.0/13 le 16 ge 16

would include 10.0.0.0/16 - 10.7.0.0/16

10.0.0.0/12 le 16 ge 16

would include 10.0.0.0/16 - 10.15.0.0/16

Let me know if this makes sense to you,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

smothuku · ‎06-12-2007

Hi ,

You can use the following command for advertising 10.1.0.0 anc 10.4.0.0 /16 netwrks.

ip prefix-list XXX ser 5 permit 10.1.0.0/16

ip prefix-list YYY seq 10 permit 10.4.0.0/16.

Details - Prefix-list:

To create a prefix list or add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.

ip prefix-list {list-name | list-number} [seq number] {deny network/length | permit network/length} [ge ge-length] [le le-length]

The ip prefix-list command is used to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The IP address can be a classful network, a subnet, or a single host route. The bit mask is entered as a number from 1 to 32. An implicit deny is applied to traffic that does not match any prefix-list entry.

Prefix lists are configured to match an exact prefix length or a prefix range. The ge and le keywords are used to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. The prefix list is processed using an exact match when neither the ge nor le keyword is entered. If only the ge value is entered, the range is the value entered for the ge ge-length argument to a full 32-bit length. If only the le value is entered, the range is from value entered for the network/length argument to the le le-length argument. If both the ge ge-length and le le-length keywords and arguments are entered, the range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:

network/length < ge ge-length < le le-length <= 32

A prefix list is configured with a name and/or sequence number. One or the other must be entered when configuring this command. If a sequence number is not entered, a default sequence number of 5 is applied to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If a sequence number is entered for the first prefix list entry but not subsequent entries, then the subsequent entries will also be incremented by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.

Prefix lists are evaluated starting with the lowest sequence number. The longest most specific prefix is matched. The first successful match is processed for a given prefix. Once a match occurs, the permit or deny statement is processed, and the rest of the list is not evaluated.

--------------------------------------------------------------------------------

Tip For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.

--------------------------------------------------------------------------------

The prefix list is applied to inbound or outbound updates for specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.