Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prefix List for BGP -- To block the Class B range

Hi,

Can prefix-list ISP-IN deny 128.0.0.0/2 ge 17 actually block the entire Class B addresses when applied on a BGP neighbor..

6 REPLIES

Re: Prefix List for BGP -- To block the Class B range

No. If you want to filter the 128.0.0.0/16 net, then the following prefix list is what you need.

ip prefix-list ISP-IN deny 128.0.0.0/16 le 17

This prefix list precisely matches the class B net and subnets of same class B aren't matched.

HTH,

Sundar

New Member

Re: Prefix List for BGP -- To block the Class B range

Hi,

I shall be more specific in my query now.

Lets say I want to deny the entire class B network i.e. 128.0.0.0 -191.255.255.255 will the ip prefix-list ISP-IN deny 128.0.0.0/2 ge 17 work ??

Tx/Rgs

K Gupta

Cisco Employee

Re: Prefix List for BGP -- To block the Class B range

The answer is yes, assuming you want to accept the /16 and reject any more specific prefixes.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Prefix List for BGP -- To block the Class B range

Hi,

I tried to figure the prefix-list out but somehow not able to understand how 128.0.0.0/2 can cover till the 191.0.0.0 network ..Gr8 help if u help me uncover the trick

regs

Kas

Cisco Employee

Re: Prefix List for BGP -- To block the Class B range

128.0.0.0/2 means that the first and second bits have to be 1 and 0 respectively. Anything in the range of 128.0.0.0 (0x10000000) to 191.255.255.255 ( 0xbfffffff) will match.

let me know if it helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Re: Prefix List for BGP -- To block the Class B range

Let's take a look.

128.0.0.0/2 transalates to binary value of 10000000 and the subnet mask of 2 bits transalates to 11000000.

The first 2 bits have to be always 10 (or 128 only)and cannot change and the 6 later bits (don't care bits) can be 1 or 0. If all 6 later bits are on, i.e 10111111 - IP is 191. Hence, all IP addresses in the range of 128-191 falls within this range.

486
Views
0
Helpful
6
Replies