11-06-2011 11:09 AM - edited 03-07-2019 03:15 AM
Hi every body
i have few questions;
please consider the following:
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
Here is my understanding which I want to confirm.
the prefix 20.0.0.0 prefix match because of the part ( permit 20.0.0.0/16) in above prefix list.
the prefix 20.0.128.0 does not match the prefix list because of the part( 20.0.0.0/16 le 17) in above prefix list which says first 17 bits must match.
The following prefixes match the above prefix list.
20.0.1.0
20.0.2.0
continue
20.0.127.255.
Is my understanding correct ?
thanks and have a great weekend.
Solved! Go to Solution.
11-06-2011 11:25 AM
Hi Sarah,
Nice to meet you again. How are you, how are things going?
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:
Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.
In general, a prefix list of the form
ip prefix-list NAME permit|deny A.B.C.D/N ge L le U
matches all prefixes of the form P/M that meet the two following criteria:
If the ge L argument is not used then the conditions are:
If the le U argument is not used then the condition are:
If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.
This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you
Best regards,
Peter
11-06-2011 11:48 AM
Hello Reza,
I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:
Best regards,
Peter
11-06-2011 12:03 PM
Hello Peter,
Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
if it is, then you are correct and I apologize to Sarah for misinforming her.
This line says:
In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:
Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24
Ok, this is clear it is mask,8,9,10 all the way to 24.
Thanks,
Reza
11-06-2011 12:31 PM
Hi Reza,
Reading the description from the command reference guide (above). it states "mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.
By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.
Best regards,
Peter
11-10-2011 10:40 PM
Hi Sarah,
Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.
Best regards,
Peter
11-06-2011 11:25 AM
Hi Sarah,
Nice to meet you again. How are you, how are things going?
ip prefix-list just seq permit 20.0.0.0/16 le 17
1) Will 20.0.128.0 prefix match the list?
This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:
Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.
In general, a prefix list of the form
ip prefix-list NAME permit|deny A.B.C.D/N ge L le U
matches all prefixes of the form P/M that meet the two following criteria:
If the ge L argument is not used then the conditions are:
If the le U argument is not used then the condition are:
If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.
This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you
Best regards,
Peter
11-06-2011 05:46 PM
Hi Peter
Please consider the following example
ip prefix-list zee seq 5 permit 20.0.0.0/16 ge 20.
Let say we have a prefix 20.0.8.0/24
20.0.8.0/16= 20.0.0.0 ( first condition met)
Mask = 24, ge 20 which means =>20,
Second condition met as well.
Thus, prefix 20.0.8.0/24 will be matched by above prefix list
Is my understanding correct?
second example;
we have a prefix 20.0.240.0/20
20.0.240.0/16= 20.0.0.0 9 First condition is met)
mask=20, ge which means >= 20,
second condition is also met
Thus prefix 20.0.240.0/20 will be matched by above prefix list.
Is my understanding correct ?
thanks for your help Peter.
06-22-2022 09:29 AM
Hey @Peter Paluch - just wanted to let you know this helped clear up an issue I was solving this week. And also - it was nice meeting you at Live last week!
11-06-2011 11:29 AM
Hi Sara,
You are right. This prefix does not include /16 mask. It is /17 or lees, so in this case it is /17.
here is the command reference guide explanation
In the following example, a prefix list configured to deny the default route 0.0.0.0/0:
Router(config)# ip prefix-list RED deny 0.0.0.0/0
In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:
Router(config)# ip prefix-list BLUE permit 172.16.1.0/24
In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:
Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1112138
HTH
11-06-2011 11:48 AM
Hello Reza,
I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:
Best regards,
Peter
11-06-2011 12:03 PM
Hello Peter,
Reading the description from the command reference guide (above). it states " mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
if it is, then you are correct and I apologize to Sarah for misinforming her.
This line says:
In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:
Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24
Ok, this is clear it is mask,8,9,10 all the way to 24.
Thanks,
Reza
11-06-2011 12:31 PM
Hi Reza,
Reading the description from the command reference guide (above). it states "mask length that is less than or equal to 24 bits" so does this mean that /16 is included?
Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.
By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.
Best regards,
Peter
11-06-2011 12:51 PM
Thanks Peter and Reza.
I am going to spend hours to digest your responses. I will come back wiith questions when i finish.
11-06-2011 01:43 PM
I am back. Since I am very slow learner( Most of you already knew it by now :-) , therefore I will be posting one problem at a time.
Let start with :
ip prefix-list welcome seq 5 deny 20.0.0.0/16 le 20
Can I find the possible range of prefixes matched by the above list as:
20.0.0.0/16= 20.0.x.x ( which is the first prefix in our range)
The last prefix that can be matched by the above list :
20.0.240.x
where x is any number between 1 to 255 ?
11-06-2011 02:17 PM
Correct,
Ok, so this prefix would cover 16, 17, 18, 19 and 20 with the last one being 255.255.240.0 which is=/20
11-06-2011 03:39 PM
Please consider the following example.
ip prefix-list zee seq 5 permit 20.0.0.0/16 le 17
So the last prefix will be 20.0.128.0/17
let say we have prefix 20.0.128.0/24
So , If i use the conditions mentioned by Peter:
First condition is met, ( 20.0.128.0/16= 20.0.0.0)
second condition is not met as length of mask is 24 while the maximu length as defined by le17 is 17
Is my concept correct ?
Thanks
11-10-2011 10:40 PM
Hi Sarah,
Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.
Best regards,
Peter
11-11-2011 12:10 PM
Thanks Peter ; I am doing great; How have you been ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide