RE: Prefix-lists

From: Brian McGahan (brian@cyscoexpert.com)
Date: Mon Apr 28 2003 - 00:48:57 GMT-3

• Next message: rjonathan@hotpop.com: "RE: Strategy for ios and ip features"
• Previous message: Jonathan V Hays: "RE: What IOS can run NBAR?"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: OhioHondo: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mike,

        Using an extended access-list to filter routes no longer serves
a purpose. It was used before support for the prefix-list was
introduced.

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Mike Williams
> Sent: Sunday, April 27, 2003 9:54 PM
> To: 'Jerry Haverkos'; ccielab@groupstudy.com
> Subject: RE: Prefix-lists
>
> Actually this brings up a good question.........
>
> I've seen some people mention using extended access-lists for
> distribute-lists for BGP, but other than that, could you even use an
> extended access-list for route filtering with other routing protocols?
> I mean, what would be the point? What good would an extended list do
> over a standard list when it comes to specifying networks to
> permit/deny?
>
> Mike W.
>
> -----Original Message-----
> From: Jerry Haverkos [mailto:jhaverkos@columbus.rr.com]
> Sent: Sunday, April 27, 2003 8:17 PM
> To: Mike Williams; ccielab@groupstudy.com
> Subject: RE: Prefix-lists
>
>
> Mike - et al
>
> Are you all saying a standard access-list can be used as a prefix
> list???
>
> access-list 1 permit host 1.2.3.0 is the same as
>
> access-list 1 permit 1.2.3.0 0.0.0.0
>
> How does this relate to an equivalent written as an
> extended access-list??
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Mike Williams
> Sent: Sunday, April 27, 2003 7:08 PM
> To: ccielab@groupstudy.com
> Subject: RE: Prefix-lists
>
>
> Brian,
>
> Yes, your comments are helpful, and thanks for replying. Just one
more
> point to clear up.
>
> You mention that 'access-list 1 permit host 1.2.3.0' will match
> 1.2.3.0/23, /24, /25, etc..... But is that because 1.2.3.0 is a
> "network" address as opposed to a "host" address. For instance, if I
> say 'access-list 1 permit host 10.2.3.4' that is the same as
> 'access-list 1 permit 10.2.3.4 0.0.0.0' so only that single address
> would be allowed. But what you're saying is that 'access-list 1
permit
> host 1.2.3.0' is the equivalent of saying 'access-list 1 permit
1.2.3.0
> 0.0.0.0' and since access-lists don't match on mask, this exact entry
> 1.2.3.0, while satisfying the access-list, could be a a network with
any
> mask from /23 to /32....
>
> BTW, why /23? Wouldn't this only allow for masks of /24 thru /32?
>
> One final comment. You mention below that the 'ip prefix-list x
permit
> 1.2.3.0/24 le 32' has the same effect (allowing /24 through /32), but
as
> I learned in the lab (after reading your info from the original post),
> this prefix-list really only allows networks /25 through /32 and
> excludes the /24. =)
>
> Thanks again. Your insight is valuable to me.
>
> Mike W.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Brian McGahan
> Sent: Sunday, April 27, 2003 4:45 PM
> To: 'Mike Williams'; ccielab@groupstudy.com
> Subject: RE: Prefix-lists
>
>
> Mike,
>
> Wouldn't the above prefix-list statement allow the following
networks?
>
> Yes
>
> If so, then it's not equivalent to the access-list 1 permit host
> 1.2.3.0
>
> Yes and no. access-list 1 permit host 1.2.3.0 will match:
>
> 1.2.3.0/23
> 1.2.3.0/24
> 1.2.3.0/..
> 1.2.3.0/32
>
> As will the prefix-list ip prefix-list x permit 1.2.3.0/24 le 32.
> However, the prefix-list in this case will match more than the
> access-list. It will match 1.2.3.x, where x is any number. The
> access-list will match only where x is zero. Access-lists do not
match
> on prefix-length (subnet mask), they only match on network.
>
> This list: ip prefix-list LIST permit 1.2.3.0/32 would match the
exact
> host route 1.2.3.0/32.
>
>
> Is it possible for a route to have a /0? Is that why this only
matches
> the default route because the default route is 0.0.0.0/0 ?
>
> Yes. The default route is the only route that has a mask of zero,
> therefore you are matching only the default route.
>
>
>
> HTH
>
> Brian McGahan, CCIE #8593
> Director of Design and Implementation
> brian@cyscoexpert.com
>
> CyscoExpert Corporation
> Internetwork Consulting & Training
> Toll Free: 866-CyscoXP
> Outside US: 847.674.3392
> Fax: 847.674.2625
>
> -----Original Message-----
> From: Mike Williams [mailto:ccie2be@swbell.net]
> Sent: Sunday, April 27, 2003 2:39 PM
> To: brian@cyscoexpert.com
> Subject: Prefix-lists
>
> Brian,
>
> I was digging through the GroupStudy CCIE list archives looking for
info
> on prefix-lists. I found a post of yours that was, I must say, very
> complete and informative. I learned the essence of how they work from
> your post within like 5 minutes.
>
> I did have a question tho. In your post you say:
>
> <--------- begin quote --------->
>
> ip prefix-list LIST permit 1.2.3.0/24 le 32
>
> This means:
> Check the first 24 bits of the prefix 1.2.3.0
> The subnet mask must be less than or equal to 32
>
> This equates to the access-list syntax:
> Access-list 1 permit host 1.2.3.0
>
> <--------- end quote --------->
>
> My question is, is this analogy accurate? Wouldn't the above
> prefix-list statement allow the following networks?
>
> 1.2.3.0/25
> 1.2.3.0/26
> 1.2.3.0/27
> 1.2.3.0/28
> 1.2.3.0/29
> 1.2.3.0/30
> 1.2.3.0/31
> 1.2.3.0/32
>
> If so, then it's not equivalent to the access-list 1 permit host
1.2.3.0
>
> I'm just trying to make sure I understand this prefix-list using ge
and
> le properly. It seems the equivalent of access-list 1 permit host
> 1.2.3.0 would be
>
> ip prefix-list LIST permit 1.2.3.0/32
>
> Also, you mention:
>
> <--------- begin quote --------->
>
> ip prefix-list LIST permit 0.0.0.0/0
>
> This means:
> The exact prefix 0.0.0.0, with the exact prefix-length 0.
> This is matching a default route.
>
> <--------- end quote --------->
>
> I see what you're saying here, but this confuses me as it seems that
> this will match any network (the /0 implies that it won't check the
> prefix for a match), but because there is no ge or le parameter, it
will
> match any network with a /0 subnet mask. Is it possible for a route
to
> have a /0? Is that why this only matches the default route because
the
> default route is 0.0.0.0/0 ?
>
> Let me know your thoughts.
>
> Thanks!
> Mike W.

• Next message: rjonathan@hotpop.com: "RE: Strategy for ios and ip features"
• Previous message: Jonathan V Hays: "RE: What IOS can run NBAR?"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: OhioHondo: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:08 GMT-3