Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

bgp prefix list question

I have a prefix list that looks something like this:

ip prefix-list my_pref_name seq 5  permit 10.1.1.0/24

ip prefix-list my_pref_name seq 10 deny   0.0.0.0/0 le 32

 

What does the second statement do?  It was my understanding that it would block a the default route from being advertised.  Is that true?

Isn't there an implicit deny at the end of a prefix list and wouldn't that implicit deny block the defalut route?

 

as always, thanks for your help.

5 REPLIES
Green

Hi,ip prefix-list my_pref

Hi,


ip prefix-list my_pref_name seq 5  permit 10.1.1.0/24
ip prefix-list my_pref_name seq 10 deny  0.0.0.0/0 le 32

This means:-
Check the first 0 bits of the prefix 0.0.0.0
The subnet mask must be less than or equal to 32
This equates to anything
Therfore you statements means deny evething else except the 1st line
of the prefix list.

 

If you use a default route in a prefix list you use the following::-

ip prefix-list LIST permit 0.0.0.0/0

The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.

 

This link may help

http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfbgp.html#wp1001470

 

Hope this helps

Regards

Alex
  

Regards, Alex. Please rate useful posts.

Alex, Prefix-lists also have

Alex,

 

Prefix-lists also have an implicit deny.

How the System Filters Traffic by Prefix List

Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list. When there is a match, the route is used. More specifically, whether a prefix is permitted or denied is based upon the following rules:

An empty prefix list permits all prefixes.

An implicit deny is assumed if a given prefix does not match any entries of a prefix list.

When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.

 

-Vishesh

Green

Vishesh,+5 Thanks for

Vishesh,

+5 

Thanks for correcting my mistake, I have removed the BAD statement ftom my post

Regards, Alex. Please rate useful posts.
New Member

thanks everyone for a lively

thanks everyone for a lively discussion.

Hi,IMHO, the sentence "When

Hi,

IMHO, the sentence "When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen." is not correct.

 

It should be "The action (permit/deny) specified in the first matching entry is chosen."

The behaviour is similar to the access-list matching.

 

Here is an example from my lab:

Originally, my router was receiving:

c2811-R1#sh ip bgp
BGP table version is 49, local router ID is 200.1.1.1
...

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          192.168.11.5             0         32768 i
*> 10.200.238.0/24  0.0.0.0                  0         32768 i
*> 192.168.22.0     192.168.11.7             0             0 65098 i

 

I used

ip prefix-list test seq 15 deny 192.168.0.0/16 le 32
ip prefix-list test seq 20 permit 192.168.22.0/24 le 32
 

and applied it to filter the prefixes received from the 192.168.11.7  neighbor.

After that:

c2811-R1#sh ip bgp
...

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          192.168.11.5             0         32768 i
*> 10.200.238.0/24  0.0.0.0                  0         32768 i
c2811-R1#

 

I.e., the 192.168.22.0/24 prefix was denied by the first (matching) entry within the prefix list, not permitted by the second entry. Even while the second entry was the most specific match!

 

Best regards,

Milan

 

 

 

404
Views
10
Helpful
5
Replies