Very quick question on prefix-list 0.0.0.0/0

Answered Question
Mar 5th, 2010

HI, just to confirm:

Just examining the ISP provider BGP configuration below which I will peer with.

What's the benefit of configuring this prefix list indicatd in red which permits 0.0.0.0/0?

Basically this ISP-TO-ENGR-OUT route-map and respective prefix ISP-TO-ENGR-OUT-PFX will allow all networks to flow, correct?
Can you tell me whether there is benefit of having such route-map and prefix then? I don't get it.

router bgp 200
neighbor 10.1.47.204 remote-as 100
neighbor 10.1.47.204 route-map ISP-TO-ENGR-IN in
neighbor 10.1.47.204 route-map ISP-TO-ENGR-OUT out
!
ip prefix-list ISP-TO-ENGR-OUT-PFX permit 0.0.0.0/0
!
route-map ISP-TO-ENGR-OUT permit 10
match ip address-prefix-list ISP-TO-ENGR-OUT-PFX

!
ip prefix-list ENGR-100-PFX seq 5 permit 10.1.0.0/16
!
!
route-map ISP-TO-ENGR-IN permit 10
match as-path 1
match ip address prefix-list ENGR-200-PFX
set community 200:21098 200:21900
!

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 10 months ago

Hello Marlon,

I had suggested to perform different attempts with different formulations in order to understand ip prefix-lists.

In that thread you were using a prefix-list to redistribute OSPF routes into another routing protocol.

For example let's suppose the following prefixes are present in OSPF database:

1)1.177.206.0/28

2)1.177.206.17/32

3)1.177.206.32/27

4)1.177.206.128/25

depending on the prefix-list formulation you will see different results:

a)

ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24

this one given the list of prefixes above doesn't match any prefix because it looks for exact match.

b)

ip prefix-list test1 seq 10 permit 1.177.206.0/24 le 30

result: all prefixes within 1.177.20.6.0/24 block are redistributed with only exception of prefix 2) 1.177.206.17/32 because it does not satisfy the condition that its prefix len should be less then 30 (it is 32)

c)

ip prefix-list test2 seq 10 permit 1.177.206.0/24 ge 26 le 30

result: only prefixes 1) and 3) are permitted by the prefix-list , prefix 1) is not permitted because 32 > 30 and prefix 4 is not permitted because its prefix lenght 25 is less then 26.

as you see the operators le and ge plays an important role and allows to match prefixes within the address block with specific prefix-length.

This is not easy to emulate with an extended IP ACL.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Jon Marshall Fri, 03/05/2010 - 15:46

Marlon

ip prefix-list 0.0.0.0/0 just matches the default-route not all routes. So that prefix-list filters out all routes except the default-route.

ip prefix-list 0.0.0.0/0 le 32 would match all routes.

Jon

Giuseppe Larosa Sat, 03/06/2010 - 00:48

Hello Marlon,

as Jon has noted all the difference is the missing of additional operators like ge or le in the prefix list configuration.

the prefix-list requires an exact match with prefix 0.0.0.0/0 and only the default route passes this test.

if it was 0.0.0.0/0 le 32 it would have matched whatever prefix present in the ISP router BGP table.

I use this kind of prefix-list when I want to match only a default route.

A line like 0.0.0.0/0 le 32 is useful to create an equivalent of an ACL permit any in a reverse logic prefix-list where you want to deny some specific prefixes and you want to end with a line that permits all other prefixes.

Hope to help

Giuseppe

news2010a Sat, 03/06/2010 - 19:36

Then can you please clarify how this one would like if written in ACL so that I can understand:
Imagine my intention is to allow 1.177.206.0/24 network.
 


ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24 le 30

I can understand the 1.177.206.0/24, but why you recommended 'le 30' I still don't get it.

Correct Answer
Giuseppe Larosa Sun, 03/07/2010 - 01:48

Hello Marlon,

I had suggested to perform different attempts with different formulations in order to understand ip prefix-lists.

In that thread you were using a prefix-list to redistribute OSPF routes into another routing protocol.

For example let's suppose the following prefixes are present in OSPF database:

1)1.177.206.0/28

2)1.177.206.17/32

3)1.177.206.32/27

4)1.177.206.128/25

depending on the prefix-list formulation you will see different results:

a)

ip prefix-list  LIST_ENG seq 10 permit 1.177.206.0/24

this one given the list of prefixes above doesn't match any prefix because it looks for exact match.

b)

ip prefix-list test1 seq 10 permit 1.177.206.0/24 le 30

result: all prefixes within 1.177.20.6.0/24 block are redistributed with only exception of prefix 2) 1.177.206.17/32 because it does not satisfy the condition that its prefix len should be less then 30 (it is 32)

c)

ip prefix-list test2 seq 10 permit 1.177.206.0/24 ge 26 le 30

result: only prefixes 1) and 3) are permitted by the prefix-list , prefix 1) is not permitted because 32 > 30 and prefix 4 is not permitted because its prefix lenght 25 is less then 26.

as you see the operators le and ge plays an important role and allows to match prefixes within the address block with specific prefix-length.

This is not easy to emulate with an extended IP ACL.

Hope to help

Giuseppe

news2010a Sun, 03/07/2010 - 20:51

Giuslar, I finally understand this now. Thanks much. You guys are amazing.

Actions

This Discussion