|
Figure
presents the
commands used to create a simple prefix list and apply it during BGP
configuration. The commands define a prefix list called ELMO, which is applied
to outgoing External BGP (EBGP) updates to 192.168.1.1 using a neighbor
statement.
The
real power of the ip prefix-list
command is in its optional parameters. The keywords ge
and le
can be used to specify the range of the prefix length to be matched for prefixes
that are more specific than the network/len value. The prefix-length
range is assumed to be from ge-value to 32 if only the ge
attribute is specified, and from len to le-value if only the le
attribute is specified.
Note
that a specified ge-value and/or le-value must satisfy the
following condition: len < ge-value <= le-value <= 32.
For
example, to accept a mask length of up to 24 bits in routes with the prefix
192.0.0.0/8, and to deny more specific routes, use these commands:
RTA(config)#ip
prefix-list GROVER permit 192.0.0.0/8 le 24
RTA(config)#ip prefix-list GROVER deny 192.0.0.0/8 ge 25
The
above commands test to see if a given prefix begins with 192 in the first octet,
and after that, are concerned with only how specific the route is by checking
the length of the mask. Thus, both 192.168.32.0/19 and 192.168.1.0/24 match the
permit statement, but 192.168.1.32/27 does not because its mask length is
greater than the ge value, 25. Any routes with a mask equal to the ge value will
also be denied.
The
le
and ge
keywords can be used together in the same statement, as shown:
RTA(config)#ip
prefix-list OSCAR permit 10.0.0.0/8 ge 16 le 24
This
command permits all prefixes in the 10.0.0.0/8 address space that have a mask
length from 16 to 24 bits.
Each prefix list entry is assigned a sequence number, either by default or
manually by an administrator. By numbering the prefix list statements, new
entries can be inserted at any point in the list, which is important because
routers test for prefix list matches from lowest sequence number to highest.
When a match occurs, the router does not continue through the rest of the prefix
list. For efficiency, you may want to put the most common matches near the top
of the list. The show ip prefix-list
command always includes the sequence numbers in its output, as shown in Figure .
Sequence
numbers are automatically generated in increments of 5. The first sequence value
generated in a prefix list would be 5, then 10, then 15, and so on. If you
manually specify a value for an entry and then do not specify values for
subsequent entries, the assigned sequence values are incremented in units of
five. For example, if you specify that the first entry in the prefix list has a
sequence value of 3, and then you do not specify sequence values for the other
entries, the automatically generated numbers will be 8, 13, 18, and so on. You
can manually specify prefix list sequence numbers as shown:
RTA(config)#ip
prefix-list ELMO seq 12 deny 192.168.1.0/24
You
can manually specify sequence values for prefix list entries in any increments
that you want. However, if you unwisely specify the sequence values in increments of
1, you cannot insert additional entries into the prefix list.
To
display information about prefix tables, prefix table entries, the policy
associated with a node, or specific information about an entry, use the show
ip prefix-list command, which has syntax
shown in Figure .
Finally,
when using prefix lists, keep the following rules in mind:
-
An
empty prefix list permits all prefixes.
-
An
implicit deny is assumed if a given prefix does not match any entries of a
prefix list.
-
When
multiple entries of a prefix list match a given prefix, the sequence number
of a prefix list entry identifies the entry with the lowest sequence number.
In this case, the entry with the smallest sequence number is considered to
be the "real" match.
|