Solved: Access list or prefix-list

dan_track · ‎04-20-2006

Hi

I'm using the access list on router 1 while using the prefix-list on router 2. What advantage is there by using either?

Config:

I have two routers in two datacentres.

Router1 has the following config:

router bgp 10???

no synchronization

bgp log-neighbor-changes

network mmm.mmm.11.164 mask 255.255.255.252

network xxx.xxx.17.0 mask 255.255.255.224

network yyy.yyy.21.96 mask 255.255.255.224

neighbor mmm.mmm.11.165 remote-as 3???

neighbor mmm.mmm.11.165 soft-reconfiguration inbound

neighbor mmm.mmm.11.165 route-map isp-to-se in

neighbor mmm.mmm.11.165 route-map se-to-sip out

neighbor xxx.xxx.17.1 remote-as 1???

neighbor xxx.xxx.17.1 soft-reconfiguration inbound

!

access-list 1 remark ***** BGP Distribution List *****

access-list 1 permit xxx.xxx.17.0 0.0.0.31

!

route-map se-to-isp permit 10

match ip address 1

set metric 8000

set local-preference 50

!

route-map se-to-isp permit 10

set metric 50

!

And router 2:

router bgp 10???

no synchronization

bgp log-neighbor-changes

network kkk.kkk.10.0 mask 255.255.255.252

network xxx.xxx.17.0 mask 255.255.255.224

network yyy.yyy.21.96 mask 255.255.255.224

neighbor kkk.kkk.10.1 remote-as 3???

neighbor kkk.kkk.10.1 soft-reconfiguration inbound

neighbor kkk.kkk.10.1 route-map isp-to-se in

neighbor kkk.kkk.10.1 route-map se-to-isp out

neighbor xxx.xxx.17.2 remote-as 10???

neighbor xxx.xxx.17.2 soft-reconfiguration inbound

!

ip prefix-list mx-src seq 10 permit xxx.xxx.17.0/27

ip prefix-list mx-src seq 11 permit yyy.yyy.21.96/27

ip prefix-list mx-src seq 12 permit zzz.zzz.210.64/26

!

access-list 1 remark ***** BGP Distribution List *****

access-list 1 permit xxx.xxx.17.0 0.0.0.31

access-list 1 permit zzz.zzz.210.64 0.0.0.63

!

route-map se-to-isp permit 10

match ip address prefix-list mx-src

set metric 300

!

route-map isp-to-se permit 10

set metric 20

!

Thanks in advance

Dan

mheusinger · ‎04-20-2006

Hello,

both configurations obviously work. Prefix-list are better from a performance aspect - they are organized in a tree structure, whereas ACLs are processed line by line.

Having only a couple of lines in your example there is not too much difference though.

Generally, in the context of a route-map the access-list is not used to describe packets but routing updates. A routing update consists of the network part and the mask. The use of an extended access-list in this context has been redefined in such a way, that the first part (for packets: source) describes the network and the second part (for packets: destination) describes the mask.

An example:

ip prefix-list 1 seq 10 permit 1.1.0.0/16 ge 22

equals

access-list 100 permit ip 1.1.0.0 0.0.255.255 255.255.252.0 0.0.3.255

The use of prefix-lists is favourable, because of the better readability (and performance).

Hope this helps! Please rate all posts.

Regards, Martin

View solution in original post

mheusinger · ‎04-20-2006

Hello,

both configurations obviously work. Prefix-list are better from a performance aspect - they are organized in a tree structure, whereas ACLs are processed line by line.

Having only a couple of lines in your example there is not too much difference though.

Generally, in the context of a route-map the access-list is not used to describe packets but routing updates. A routing update consists of the network part and the mask. The use of an extended access-list in this context has been redefined in such a way, that the first part (for packets: source) describes the network and the second part (for packets: destination) describes the mask.

An example:

ip prefix-list 1 seq 10 permit 1.1.0.0/16 ge 22

equals

access-list 100 permit ip 1.1.0.0 0.0.255.255 255.255.252.0 0.0.3.255

The use of prefix-lists is favourable, because of the better readability (and performance).

Hope this helps! Please rate all posts.

Regards, Martin