cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
56422
Views
42
Helpful
13
Replies

ip prefix list with le/ge options

sarahr202
Level 5
Level 5

Hi every body

i have few questions;

please consider the following:

ip prefix-list just seq permit 20.0.0.0/16 le 17

1)  Will 20.0.128.0  prefix match the list?

Here is my understanding which I want to confirm.

the prefix  20.0.0.0 prefix match  because  of the part (  permit 20.0.0.0/16) in above prefix list.

the prefix  20.0.128.0 does not match the prefix list because of the part(  20.0.0.0/16 le 17) in above prefix list which says  first 17 bits must match.

The following prefixes  match the above prefix list.

20.0.1.0

20.0.2.0

continue

20.0.127.255.

Is my understanding correct ?

thanks and have a great weekend.

5 Accepted Solutions

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hi Sarah,

Nice to meet you again. How are you, how are things going?

ip prefix-list just seq permit 20.0.0.0/16 le 17

1)  Will 20.0.128.0  prefix match the list?

This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:

  1. P & /16 == 20.0.0.0
  2. /16 <= M <= /17

Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.

In general, a prefix list of the form

ip prefix-list NAME permit|deny A.B.C.D/N ge L le U

matches all prefixes of the form P/M that meet the two following criteria:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. L <= M <= U (the mask of the prefix must be between L and U)

If the ge L argument is not used then the conditions are:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. N <= M <= U (the mask of the prefix must be between N and U)

If the le U argument is not used then the condition are:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. L <= M <= /32 (the mask of the prefix must be at least L)

If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.

This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you

Best regards,

Peter

View solution in original post

Hello Reza,

I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:

  • 20.0.0.0/16
  • 20.0.0.0/17
  • 20.0.128.0/17

Best regards,

Peter

View solution in original post

Hello Peter,

Reading the description from the command reference guide (above). it states " mask length that is less than or  equal to 24 bits" so does this mean that /16 is included? 

if it is, then you are correct and I apologize to Sarah for misinforming her.

This line says:

In the following example, a prefix list is configured to routes to  permit routes from any network that have a mask length from 8 to 24  bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24 

Ok, this is clear it is mask,8,9,10 all the way to 24.

Thanks,

Reza

View solution in original post

Hi Reza,

Reading the description from the command reference guide (above). it states "mask length that is less than or  equal to 24 bits" so does this mean that /16 is included?  

Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.

By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.

Best regards,

Peter

View solution in original post

Hi Sarah,

Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.

Best regards,

Peter

View solution in original post

13 Replies 13

Peter Paluch
Cisco Employee
Cisco Employee

Hi Sarah,

Nice to meet you again. How are you, how are things going?

ip prefix-list just seq permit 20.0.0.0/16 le 17

1)  Will 20.0.128.0  prefix match the list?

This particular prefix list matches prefixes of the form P/M (Prefix/Mask) that meet the following two conditions:

  1. P & /16 == 20.0.0.0
  2. /16 <= M <= /17

Now, 20.0.128.0 & /16 = 20.0.0.0, so the first condition is met. However, you have not indicated the mask of the prefix 20.0.128.0 and that is crucial to say what subnets would match. If their mask was either /16 or /17 and they were allocated from the 20.0.0.0/16 space, the prefix list would match. If the mask was different from these two values, the prefix list would not match.

In general, a prefix list of the form

ip prefix-list NAME permit|deny A.B.C.D/N ge L le U

matches all prefixes of the form P/M that meet the two following criteria:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. L <= M <= U (the mask of the prefix must be between L and U)

If the ge L argument is not used then the conditions are:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. N <= M <= U (the mask of the prefix must be between N and U)

If the le U argument is not used then the condition are:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. L <= M <= /32 (the mask of the prefix must be at least L)

If neither ge L nor le U are used then the prefix list evaluation is very simple: P must be exactly A.B.C.D and M must be exactly N.

This all is slightly confusing - I've had my share of misunderstandings about it. Please feel welcome to ask further, and please include LOTS of examples (or assignments) to be solved for you

Best regards,

Peter

Hi Peter

Please consider the following example

ip prefix-list zee seq 5 permit 20.0.0.0/16 ge 20.

Let say we have a prefix 20.0.8.0/24

20.0.8.0/16= 20.0.0.0  ( first condition met)

Mask = 24, ge 20 which means =>20,

Second condition met as well.

Thus, prefix 20.0.8.0/24 will be matched by above prefix list

Is my understanding correct?

second example;

we have a prefix 20.0.240.0/20

20.0.240.0/16=  20.0.0.0 9 First condition is met)

mask=20, ge which means  >= 20,

second condition is also met

Thus prefix 20.0.240.0/20 will be matched by above prefix list.

Is my understanding correct ?

thanks for your help  Peter.

Hey @Peter Paluch - just wanted to let you know this helped clear up an issue I was solving this week. And also - it was nice meeting you at Live last week! haha

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Sara,

You are right.  This prefix does not include /16 mask. It is /17 or lees, so in this case it is /17.

here is the command reference guide explanation

Examples

In the following example, a prefix list configured to deny the default route 0.0.0.0/0:

Router(config)# ip prefix-list RED deny 0.0.0.0/0 

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:

Router(config)# ip prefix-list BLUE permit 172.16.1.0/24 

In the following example, a prefix list is configured to permit routes  from the 10.0.0.0/8 network that have a mask length that is less than or  equal to 24 bits:

Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24 

http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1112138

HTH

Hello Reza,

I respectfully disagree. A prefix list of the form permit 20.0.0.0/16 le 17 will match all prefixes that are allocated from within the space 20.0.0.0/16, so even 20.0.128.0 and possibly higher. In addition, the netmask of these prefixes is required to be either /16 or /17 which limits us to only three valid prefix/mask combinations:

  • 20.0.0.0/16
  • 20.0.0.0/17
  • 20.0.128.0/17

Best regards,

Peter

Hello Peter,

Reading the description from the command reference guide (above). it states " mask length that is less than or  equal to 24 bits" so does this mean that /16 is included? 

if it is, then you are correct and I apologize to Sarah for misinforming her.

This line says:

In the following example, a prefix list is configured to routes to  permit routes from any network that have a mask length from 8 to 24  bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24 

Ok, this is clear it is mask,8,9,10 all the way to 24.

Thanks,

Reza

Hi Reza,

Reading the description from the command reference guide (above). it states "mask length that is less than or  equal to 24 bits" so does this mean that /16 is included?  

Exactly. If the ge keyword is not used then the lowest permissible prefix length is the one taken from the prefix specification itself, i.e. permit 20.0.0.0/16 le 17 allows both /16 and /17 netmasks.

By the way, note that the ge argument always must be by at least 1 higher than the netmask in the prefix specification itself, e.g. this is not allowed: permit 20.0.0.0/16 ge 16 le 17. What is allowed is permit 20.0.0.0/16 ge 17 le ... From this it logically follows that if you both want the prefixes to be from the space of 20.0.0.0/16 and the lowest prefix length to be /16, you simply don't use the ge keyword.

Best regards,

Peter

Thanks Peter and Reza. 

I am going to spend hours to digest your responses.  I will come back wiith questions when i finish.

I am back. Since  I am very slow learner( Most of you already knew it by now :-) ,  therefore I will be posting one problem at a time.

Let start with  :

ip prefix-list welcome seq 5 deny 20.0.0.0/16 le 20

Can I find the possible range of prefixes matched by the above list as:

20.0.0.0/16=  20.0.x.x (  which is the first prefix in our range)

The last  prefix that can be matched by  the above list  :

20.0.240.x

where   x  is any number between 1 to 255 ?

Correct,

Ok, so this prefix would cover 16, 17, 18, 19 and 20 with the last one being 255.255.240.0 which is=/20

Please consider the following example.

ip prefix-list zee seq 5 permit 20.0.0.0/16 le 17

So the last prefix will be  20.0.128.0/17

let say we have prefix 20.0.128.0/24

So , If i use the conditions mentioned by Peter:

  1. P & N == A.B.C.D (the prefix must be a subnet of the A.B.C.D/N)
  2. L <= M <= U (the mask of the prefix must be between L and U)

First condition is met,  ( 20.0.128.0/16= 20.0.0.0)

second condition is not met as length of mask is 24 while the maximu length as defined by le17 is 17

Is my concept correct ?

Thanks

Hi Sarah,

Yes, you are correct. The prefix 20.0.128.0/17 would be accepted. The prefix 20.0.128.0/24 would not be accepted because the prefix length /24 is greated than the le argument, namely, /17.

Best regards,

Peter

Thanks Peter ; I am doing great; How have you been ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco