HI, just to confirm:
Just examining the ISP provider BGP configuration below which I will peer with.
What's the benefit of configuring this prefix list indicatd in red which permits 0.0.0.0/0?
Basically this ISP-TO-ENGR-OUT route-map and respective prefix ISP-TO-ENGR-OUT-PFX will allow all networks to flow, correct?
Can you tell me whether there is benefit of having such route-map and prefix then? I don't get it.
router bgp 200
neighbor 10.1.47.204 remote-as 100
neighbor 10.1.47.204 route-map ISP-TO-ENGR-IN in
neighbor 10.1.47.204 route-map ISP-TO-ENGR-OUT out
ip prefix-list ISP-TO-ENGR-OUT-PFX permit 0.0.0.0/0
route-map ISP-TO-ENGR-OUT permit 10
match ip address-prefix-list ISP-TO-ENGR-OUT-PFX
ip prefix-list ENGR-100-PFX seq 5 permit 10.1.0.0/16
route-map ISP-TO-ENGR-IN permit 10
match as-path 1
match ip address prefix-list ENGR-200-PFX
set community 200:21098 200:21900
I had suggested to perform different attempts with different formulations in order to understand ip prefix-lists.
In that thread you were using a prefix-list to redistribute OSPF routes into another routing protocol.
For example let's suppose the following prefixes are present in OSPF database:
depending on the prefix-list formulation you will see different results:
this one given the list of prefixes above doesn't match any prefix because it looks for exact match.
ip prefix-list test1 seq 10 permit 188.8.131.52/24 le 30
result: all prefixes within 184.108.40.206.0/24 block are redistributed with only exception of prefix 2) 220.127.116.11/32 because it does not satisfy the condition that its prefix len should be less then 30 (it is 32)
ip prefix-list test2 seq 10 permit 18.104.22.168/24 ge 26 le 30
result: only prefixes 1) and 3) are permitted by the prefix-list , prefix 1) is not permitted because 32 > 30 and prefix 4 is not permitted because its prefix lenght 25 is less then 26.
as you see the operators le and ge plays an important role and allows to match prefixes within the address block with specific prefix-length.
This is not easy to emulate with an extended IP ACL.
Hope to help