Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ip prefix-list modification help

i need to modify my internet edge bgp advertisements to exclude a small slice of the end of our ip space and i can't wrap my brain around what i need to do to modify the prefix list. my company uses the 192.168.0.0 thru 192.168.11.255 ip space and shown below in our existing bgp configuration (slightly modified to protect the innocent). I want to cut out the very last /29 net out of the 192.168.11.0 network.

router bgp 65001

bgp always-compare-med

bgp log-neighbor-changes

bgp bestpath as-path multipath-relax

neighbor 1.1.1.1 remote-as 65002

neighbor 1.1.1.1 ebgp-multihop 255

maximum-paths 2

!

address-family ipv4

  neighbor 1.1.1.1 activate

  neighbor 1.1.1.1 prefix-list mycompany-list out

  network 192.168.0.0 mask 255.255.248.0

  network 192.168.8.0 mask 255.255.252.0

ip prefix-list mycompany-list seq 70 permit 192.168.0.0/21 le 24

ip prefix-list mycompany-list seq 71 permit 192.168.8.0/22 le 24

now, i know i could just remove the prefix-list and change the advertised networks with the following but i'd really like to know how to do it via a prefix-list.

network 192.168.0.0       255.255.248.0

network 192.168.8.0       255.255.254.0

network 192.168.10.0     255.255.255.0

network 192.168.11.0     255.255.255.128

network 192.168.11.128  255.255.255.192

network 192.168.11.192  255.255.255.224

network 192.168.11.224  255.255.255.240

network 192.168.11.240  255.255.255.248

Any help that anyone can provide is much appreciated!

4 REPLIES
Hall of Fame Super Silver

Re: ip prefix-list modification help

Hello Ben,

you need to explicitly deny the subnet that you don't want to advertise with a statement with the lowest sequence number in order to be processed first.

let's suppose you want to deny 192.168.5.0/24:

conf t

ip prefix-list mycompany-list seq 10 deny 192.168.5.0/24

end

you shoul see:

>>ip prefix-list mycompany-list seq 10 deny 192.168.5.0/24

ip prefix-list mycompany-list seq 70 permit 192.168.0.0/21 le 24

ip prefix-list mycompany-list seq 71 permit 192.168.8.0/22 le 24

Hope to help

Giuseppe

Community Member

Re: ip prefix-list modification help

i tried applying your suggestion and we still saw the larger 192.168.8.0/22 supernet being advertised... still missing something.

i tried writing the prefix-list explictitly stating only the networks i wanted advertised but something went wrong and we lost some internet connectivity from the outside so i had to pull things back to the way they were. this is what i tried:

first i added lines 75 thur 105 so the list looked like this:

ip prefix-list stateofnh-list seq 65 deny 192.168.11.248/29       <- your suggestion applied

ip prefix-list stateofnh-list seq 70 permit 192.168.0.0/21 le 24  <- original line

ip prefix-list stateofnh-list seq 71 permit 192.168.8.0/22 le 24  <- oiriginal line

ip prefix-list stateofnh-list seq 75 permit 192.168.8.0/23          <- new stuff starts here

ip prefix-list stateofnh-list seq 80 permit 192.168.10.0/24

ip prefix-list stateofnh-list seq 85 permit 192.168.11.0/25

ip prefix-list stateofnh-list seq 90 permit 192.168.11.128/26

ip prefix-list stateofnh-list seq 95 permit 192.168.11.192/27

ip prefix-list stateofnh-list seq 100 permit 192.168.11.224/28

ip prefix-list stateofnh-list seq 105 permit 192.168.11.240/29

then i removed lines 65 and 71 leaving just this:

ip prefix-list stateofnh-list seq 70 permit 192.168.0.0/21 le 24  <- original line

ip prefix-list stateofnh-list seq 75 permit 192.168.8.0/23          <- new stuff

ip prefix-list stateofnh-list seq 80 permit 192.168.10.0/24

ip prefix-list stateofnh-list seq 85 permit 192.168.11.0/25

ip prefix-list stateofnh-list seq 90 permit 192.168.11.128/26

ip prefix-list stateofnh-list seq 95 permit 192.168.11.192/27

ip prefix-list stateofnh-list seq 100 permit 192.168.11.224/28

ip prefix-list stateofnh-list seq 105 permit 192.168.11.240/29

but like i said, suddenly several sites we host became unavailable from and i quickly peeled everything back. suggestions?

Community Member

Re: ip prefix-list modification help

well, turns out this was all for naught! our isp won't even advertise any network smaller than a /25... had to pull it all back the way it was.

Hall of Fame Super Silver

Re: ip prefix-list modification help

Hello Ben,

yes in the public internet the limit can be /24

so you were worrying about advertising a subnet filtered by your provider

this also explains the connectivity problems that you had during the attempt.

Sorry if I've given you misleading information.

Hope to help

Giuseppe

3369
Views
0
Helpful
4
Replies
CreatePlease to create content