Very quick question on prefix-list 0.0.0.0/0

Answered Question
Mar 5th, 2010
User Badges:

HI, just to confirm:


Just examining the ISP provider BGP configuration below which I will peer with.


What's the benefit of configuring this prefix list indicatd in red which permits 0.0.0.0/0?

Basically this ISP-TO-ENGR-OUT route-map and respective prefix ISP-TO-ENGR-OUT-PFX will allow all networks to flow, correct?
Can you tell me whether there is benefit of having such route-map and prefix then? I don't get it.


router bgp 200
neighbor 10.1.47.204 remote-as 100
neighbor 10.1.47.204 route-map ISP-TO-ENGR-IN in
neighbor 10.1.47.204 route-map ISP-TO-ENGR-OUT out
!
ip prefix-list ISP-TO-ENGR-OUT-PFX permit 0.0.0.0/0
!
route-map ISP-TO-ENGR-OUT permit 10
match ip address-prefix-list ISP-TO-ENGR-OUT-PFX

!
ip prefix-list ENGR-100-PFX seq 5 permit 10.1.0.0/16
!
!
route-map ISP-TO-ENGR-IN permit 10
match as-path 1
match ip address prefix-list ENGR-200-PFX
set community 200:21098 200:21900
!

Correct Answer by Giuseppe Larosa about 7 years 3 months ago

Hello Marlon,

I had suggested to perform different attempts with different formulations in order to understand ip prefix-lists.


In that thread you were using a prefix-list to redistribute OSPF routes into another routing protocol.


For example let's suppose the following prefixes are present in OSPF database:


1)1.177.206.0/28

2)1.177.206.17/32

3)1.177.206.32/27

4)1.177.206.128/25


depending on the prefix-list formulation you will see different results:


a)

ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24

this one given the list of prefixes above doesn't match any prefix because it looks for exact match.


b)

ip prefix-list test1 seq 10 permit 1.177.206.0/24 le 30

result: all prefixes within 1.177.20.6.0/24 block are redistributed with only exception of prefix 2) 1.177.206.17/32 because it does not satisfy the condition that its prefix len should be less then 30 (it is 32)


c)

ip prefix-list test2 seq 10 permit 1.177.206.0/24 ge 26 le 30

result: only prefixes 1) and 3) are permitted by the prefix-list , prefix 1) is not permitted because 32 > 30 and prefix 4 is not permitted because its prefix lenght 25 is less then 26.


as you see the operators le and ge plays an important role and allows to match prefixes within the address block with specific prefix-length.


This is not easy to emulate with an extended IP ACL.


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Jon Marshall Fri, 03/05/2010 - 15:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN



Marlon


ip prefix-list 0.0.0.0/0 just matches the default-route not all routes. So that prefix-list filters out all routes except the default-route.


ip prefix-list 0.0.0.0/0 le 32 would match all routes.


Jon

shiras k a Thu, 04/27/2017 - 08:39
User Badges:

From here what i understand is 


1.Default route is all other route that we dont have specific route in routing table


2.All routes include our default routes and other specific routes 


ip prefix-list 0.0.0.0/0  -for default route

ip prefix-list 0.0.0.0/0 le 32 - for all routes

Please clarify on default route and all route

Giuseppe Larosa Sat, 03/06/2010 - 00:48
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Marlon,

as Jon has noted all the difference is the missing of additional operators like ge or le in the prefix list configuration.


the prefix-list requires an exact match with prefix 0.0.0.0/0 and only the default route passes this test.


if it was 0.0.0.0/0 le 32 it would have matched whatever prefix present in the ISP router BGP table.


I use this kind of prefix-list when I want to match only a default route.


A line like 0.0.0.0/0 le 32 is useful to create an equivalent of an ACL permit any in a reverse logic prefix-list where you want to deny some specific prefixes and you want to end with a line that permits all other prefixes.


Hope to help

Giuseppe

news2010a Sat, 03/06/2010 - 19:36
User Badges:

Then can you please clarify how this one would like if written in ACL so that I can understand:
Imagine my intention is to allow 1.177.206.0/24 network.
 


ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24 le 30

I can understand the 1.177.206.0/24, but why you recommended 'le 30' I still don't get it.

Correct Answer
Giuseppe Larosa Sun, 03/07/2010 - 01:48
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Marlon,

I had suggested to perform different attempts with different formulations in order to understand ip prefix-lists.


In that thread you were using a prefix-list to redistribute OSPF routes into another routing protocol.


For example let's suppose the following prefixes are present in OSPF database:


1)1.177.206.0/28

2)1.177.206.17/32

3)1.177.206.32/27

4)1.177.206.128/25


depending on the prefix-list formulation you will see different results:


a)

ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24

this one given the list of prefixes above doesn't match any prefix because it looks for exact match.


b)

ip prefix-list test1 seq 10 permit 1.177.206.0/24 le 30

result: all prefixes within 1.177.20.6.0/24 block are redistributed with only exception of prefix 2) 1.177.206.17/32 because it does not satisfy the condition that its prefix len should be less then 30 (it is 32)


c)

ip prefix-list test2 seq 10 permit 1.177.206.0/24 ge 26 le 30

result: only prefixes 1) and 3) are permitted by the prefix-list , prefix 1) is not permitted because 32 > 30 and prefix 4 is not permitted because its prefix lenght 25 is less then 26.


as you see the operators le and ge plays an important role and allows to match prefixes within the address block with specific prefix-length.


This is not easy to emulate with an extended IP ACL.


Hope to help

Giuseppe

news2010a Sun, 03/07/2010 - 20:51
User Badges:

Giuslar, I finally understand this now. Thanks much. You guys are amazing.

Actions

This Discussion