From: jonatale@xxxxxxxxxxxxx
Date: Thu Aug 09 2001 - 02:42:13 GMT-3
wouldn't it be???:
> 1|0100000
> 1|1000000
> |
> 0|1111111 =>255.255.128.0 or /17
anyway, here is another example:
access-list 101 {permit|deny} 192.168.160.0 0.0.31.255 0.0.0.0 255.255.255.0
00011111
== ip prefix-list NAMEONE {permit|deny} 192.168.160.0/19 le 24
will match:
192.168.160.0 255.255.255.0 (/24)
192.168.160.0 255.255.254.0 (/23)
192.168.160.0 255.255.252.0 (/22)
192.168.160.0 255.255.248.0 (/21)
192.168.160.0 255.255.240.0 (/20)
192.168.160.0 255.255.224.0 (/19)
192.168.161.0 255.255.255.0
192.168.162.0 255.255.255.0
192.168.162.0 255.255.254.0
192.168.163.0 255.255.255.0
192.168.164.0 255.255.255.0
192.168.164.0 255.255.254.0
192.168.164.0 255.255.252.0
...
192.168.188.0 255.255.255.0
192.168.188.0 255.255.254.0
192.168.188.0 255.255.252.0
192.168.189.0 255.255.255.0
192.168.190.0 255.255.255.0
192.168.190.0 255.255.254.0
192.168.191.0 255.255.255.0
comments welcome (kinda late, mighta botch'd it...)
Jason Gardiner wrote:
> This is just off the top of my head; I haven't run through it, yet. But
> you show:
>
> > ip prefix-list NAMEONE {permit|deny} 192.168.160.0/16 le 19
>
> Isn't 192.168.160.0/16 a part of 192.168.0.0?
>
> It should be ip prefix-list NAMEONE {permit|deny} 192.168.160.0/19 le 19
>
> The number after the le only indicates the length of the subnets allowed
> to be announced out of the aggregate block. It would only allow the /19
> to get through, not, say 192.168.161.0/24. This is how many of the
> larger providers work to reduce the size of the global routing table.
>
> Jon Carmichael wrote:
> >
> > It sounds as if you are asking for a filter of a range of NLRI when you say
> > "range of routes." In all cases, when I'm thinking of a "range" I must go
> > back to the binary, --frequently I draw two numbers in binary on a scratch
> > paper and a line where I think the mask would go, and then I can see the
> > range. -And why? Because I'm going to write a access-list and I need to
> > figure out the proper wildcard mask. --So I would take your example, --of
> > say 100 to 500, --but 500 does not fit in anybody's eight bit octet. How
> > about 160 to 192, because it's easy to see... So draw both numbers on a
> > piece of paper like this....
> >
> > 1010000 --binary 160
> > 1100000 --binary 192
> >
> > and then I draw a vertical line with my simulated pencil here, this line is
> > where the mask would go, --say..
> >
> > |
> > 101|00000
> > 110|00000
> > |
> > 000|11111
> >
> > And then I invert that as 00011111, which is decimal 31, and for a range of
> > NLRI of say 192.168.160.0 thru 192.168.192.0 I can write my access list for
> > a route filter as ..
> >
> > access-list 1 {permit|deny} 192.168.160.0 0.0.31.255
> >
> > I think I do this almost once every day.
> >
> > Prefix lists are still a little elusive to me tho, --so I play with those a
> > little more lately, --where if I wanted to do exactly the same
> > thing, --perhaps someone will jump in and help us out here....
> >
> > ip prefix-list NAMEONE {permit|deny} 192.168.160.0/16 le 19
> >
> > That does not work, --when you go back and do a "show ip prefix-list" it
> > looks like 192.168.0.0/16 le 19. Can anybody tell us how to do the same
> > thing with a prefix-list?
> >
> > JONC
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Sal Nathoo
> > Sent: Tuesday, August 07, 2001 2:56 PM
> > To: ccielab@groupstudy.com
> > Subject: BGP filtering
> >
> > Hi Guys,
> >
> > Can someone tell me commands are used to filter a
> > range of routes (ex. between 100 to 500) from EBGP
> > neighbors?
> >
> > Thanks in advance
> >
> > Saleem
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3