Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25144
Views
52
Helpful
7
Replies

Prefix lists vs Distribute lists

ajay kondapalli
Level 1
Level 1

‎01-05-2011 04:29 AM - edited ‎03-04-2019 10:57 AM

Hi,

Can any one explain the exact difference between Prefix lists and Distribute lists.

What Prefix lists offer that is not supported by distribute lists?

What are the main advantages in using prefix lists over distributed lists.?

please explain......

Thanks,

Ajay

Labels:
0 Helpful
7 Replies 7

lgijssel
Level 9
Level 9

‎01-05-2011 04:44 AM

At least in BGP there are some things which must be done via prefix lists and using distribute lists is not supported. See sample doc below:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsbgporf.html

Also prefix lists have certain advantages in memory consuption and cpu usage.

When you have the choice, you should prefer using prefix lists.

regards,

Leo

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee

‎01-05-2011 04:45 AM

Ajay,

Actually, the prefix list and the distribute list are often confused. A distribute list is not a list at all. It is only a command that allows to filter the contents of incoming or outgoing routing updates. The filtering itself is performed either by an ACL or a prefix-list. So, the distribute-list only refers to an ACL or a prefix-list to perform the filtering but in itself, the distribute-list is not a list.

Thus, the correct question should be what is the difference between ACLs and prefix lists when used in distribute list. The most notable and important difference is that a prefix-list allows you to filter networks also based on their subnet mask. ACLs used in distribute list filter networks only by network addresses but they do not perform matching on subnet mask (in other words, for an ACL used in distribute list, the networks 192.0.2.0/24 and 192.0.2.0/26 are indistinguishable). The prefix-list also allows you to specify networks in much more natural format that ACLs, and I was once told that the prefix lists are evaluated in a more effective way than ACLs. Also, the prefix-lists constitute a basis for so-called BGP Outbound Route Filtering (ORF) which is not possible to perform with general ACLs.

Whenever possible, it is recommended to use prefix lists in distribute list constructs.

I hope this helps a bit.

Best regards,

Peter

ajay kondapalli
Level 1
Level 1
In response to Peter Paluch

‎01-05-2011 05:06 AM

Thanks Peter for good explanation , this is the reason I love forums and get clarify my doubts by experts.

So we need to use ACLs when we use Dist list command. We don't need to use ACL when we use prefix lists.

Am I missing something?  Can you explain about BGP Outbound Route Filtering (ORF) in a few words plz......

Thanks ,

Ajay

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to ajay kondapalli

‎01-05-2011 06:37 AM

Ajay,

So we need to use ACLs when we use Dist list command. We don't need to use ACL when we use prefix lists

Not exactly. You can use distribute lists with either ACLs or prefix lists.

These two examples show roughly the same configuration - one of them uses distribute list with ACLs, the other uses prefix lists.

Using distribute lists with ACLs:

access-list 1 deny 10.0.0.0 0.255.255.255
access-list 1 deny 172.16.0.0 0.0.15.255
access-list 1 deny 192.168.0.0 0.0.255.255
access-list 1 permit any
router ...
 distribute-list 1 out

Using distribute lists with prefix lists:

ip prefix-list NoPrivateNets deny 10.0.0.0/8 le 32
ip prefix-list NoPrivateNets deny 172.16.0.0/12 le 32
ip prefix-list NoPrivateNets deny 192.168.0.0/16 le 32
ip prefix-list NoPrivateNets permit 0.0.0.0/0 le 32
router ...
 distribute-list prefix NoPrivateNets out

Both examples have the same effect: all private networks will not be advertised, all other networks will. Does this make it more clear?

Best regards,

Peter

milan.kulik
Level 10
Level 10
In response to Peter Paluch

‎01-05-2011 06:34 AM

Hi Peter,

with ACLs used in distribute list you can also perform matching on subnet mask.

An extended ACL has to be used then, see http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1019302

But the syntax is very confusing, so I agree with your "Whenever possible, it is recommended to use prefix lists in distribute list constructs."

BR,

Milan

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to milan.kulik

‎01-05-2011 06:49 AM

Milan,

with ACLs used in distribute list you can also perform matching on subnet mask.

This is not entirely true. I know what you are suggesting: that the "source" part of an ACL entry matches the network address, and the "destination" part matches the subnet mask.

However, this way of evaluating ACLs is used only for distribute-lists in BGP or if the ACL is used in a route-map (redistribution, neighbor policies). If an extended ACL is used for an IGP protocol (OSPF, EIGRP, RIP) in a distribute list, then it behaves differently: the "source" part matches the neighbor's IP address that advertises a network, the "destination" part matches the advertised network. Again, no netmask is being matched (the source address for outgoing updates fed into the ACL is 0.0.0.0).

It is easy to prove this by having a simple ACL containing a single entry of "permit ip any any log", using it in a distribute list and closely observing the logging messages.

But - yes, we agree that the ACLs used in distribute lists or route-maps are very cumbersome The prefix lists have been created specifically for route filtering purposes, and using them in these applications is much clearer.

Best regards,

Peter

mtsb
Level 1
Level 1
In response to Peter Paluch

‎01-05-2011 10:49 PM

@ Ajay,

If you want a good understanding of BGP ORF feature here is the link.

http://blog.ine.com/2008/05/05/understanding-bgp-outbound-route-filtering-bgp-orf/?s=prefix-list

For prefix-lsit...

http://ccienotes.blogspot.com/2007/08/ip-prefix-list.html

When I was  new to ORF and PL I used read these blogs and got a good understanding of them.

@Peter,

Thanks a lot for all your replies to this forum. It has been of immense help when we are left with doubts in our mind! and you have to solution to most ofthem.

Thanks,

Madhu

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card