From: Sergio Silva (Sergio.Silva@is.co.za)
Date: Fri Nov 05 2004 - 10:30:45 GMT-3
Here it is attached
Sergio Silva
Engineer
Internet solutions
Land Line 011 575 1944
Fax Line 011 576 1944
CCNP, CCDP, NNCSS
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: 05 November 2004 15:13
To: marc van hoof
Cc: Cisco Net; Group Study
Subject: Re: Prefix lists differences ?
Marc,
There's a guy named Bill Lijewski who wrote an excellent tutorial on
this topic sometime earlier this year - I don't remember exactly when.
I susgest you do a search of the GS archieves and find that write up -
it's excellent IMHO. I learned most of what I know about prefix-lists
from that tutorial.
But, in a nutshell, you need to keep something straight in your mind
which took me a while to absorb as well.
The /24 has two very different meanings. (Of course, it doesn't have to
be 24, it can be any number from 1 to 32)
If the /24 is used by itself ie it isn't followed by either a "le" or
"ge", then the /24 applies to both the network address AND the mask.
If the /24 is followed by either a le or ge, then the /24 applies ONLY
to the network address, not the mask. The mask length when the /24 is
followed by either le or ge or both is determined by the values
specified after the le or ge or both.
One other very important point which I only found out yesterday ( or
maybe had known but forgotten) is that prefix-lists share a common
attribute with acl's. There's an implicit deny at the end of the
prefix-list.
Yesterday, while I was doing a lab, I had to block an aggregate from
being advertised to bgp peers. The Solution Guide used route-maps to do
this, but I thought it should be easier todo with prefix-lists. So, I
configured a prefix-list to deny the aggregate. It looked like this:
ip prefix-list AGG deny 239.3.0.0/24
Then, I configured the neighbor statement like this
nei x.x.x.x prefix-list AGG out
After I clear the bgp peering sessions, my bgp tables were all screwed
up and I couldn't understand why. I tried a whole slew of things but
couldn't figure it out. Finally, I posted the problem on GS and a few
people told me about the implicit deny. After I added another entry to
the prefix-list that allowed all the other routes, everything was fine.
But, for a few hours I was going absolutely nuts. I checked a number of
books I had but nothing mentioned that critical point about the implicit
deny and what I did find kind of confimed I had constructed the
prefix-list correctly. It was very frustrating. But, at least that's
one thing I forget before my next lab attempt.
HTH, Tim
----- Original Message -----
From: "marc van hoof" <mvh@marcvanhoof.com>
To: "ccie2be" <ccie2be@nyc.rr.com>
Cc: "Cisco Net" <network.cisco@gmail.com>; "Group Study"
<ccielab@groupstudy.com>
Sent: Thursday, November 04, 2004 11:37 PM
Subject: Re: Prefix lists differences ?
> ah - ok - i thought that when you said "the /24 applies to both the
> network address and the net mask" that you meant the netmask (as well
as
> the network) had 24 fixed bits and 8 variable bits...
>
> as mentioned later in the post, it wasn't long ago that you had masks
for
> masks...
>
> misunderstanding - apologies...
>
> cheers,
> -marc.
>
> On Thu, 4 Nov 2004, ccie2be wrote:
>
> > No, those 2 prefix aren't the same.
> >
> > The 1st prefix list means that the 1st 24 bits must equal to
192.168.0
and
> > the net mask is 24 bits long.
> >
> > The 2nd perfix list means that the 1st 24 bits must equal 192.168.0
(same as
> > before) but the le 32 that follows means the net mask can be from 24
bits
> > long to 32 bits long.
> >
> > Don't overlook that le means LESS THAN OR EQUAL.
> >
> > So, the 1st perfix list means 192.168.0.0 255.255.255.0 ONLY/
> >
> > The 2nd prefix list means the following matches:
> >
> > 192.168.0.0/24
> > 192.168.0.0/25
> > 192.168.0.0/26
> > 192.168.0.0/27
> > 192.168.0.0/28
> > 192.168.0.0/29
> > 192.168.0.0/30
> > 192.168.0.0/31
> > 192.168.0.0/32
> >
> > So, you see there's a big difference.
> >
> > HTH, Tim
> > ----- Original Message -----
> > From: "marc van hoof" <mvh@marcvanhoof.com>
> > To: "ccie2be" <ccie2be@nyc.rr.com>
> > Cc: "Cisco Net" <network.cisco@gmail.com>; "Group Study"
> > <ccielab@groupstudy.com>
> > Sent: Thursday, November 04, 2004 10:54 PM
> > Subject: Re: Prefix lists differences ?
> >
> >
> >> so what you're saying is that if you don't specify the ge xx le xx,
it
> >> means that you are specifying a minimum mask length ?
> >>
> >> seems odd, but i'll believe it...
> >>
> >> basically that would mean that
> >>
> >> ip prefix-list 10 permit 192.168.0.0/24
> >>
> >> is the same as
> >>
> >> ip prefix-list 10 permit 192.168.0.0/24 le 32
> >>
> >> ??
> >>
> >> on this topic, do people remember the days before prefix-lists,
where
you
> >> HAD to use extended ip access lists for route filtering, and the
> >> "destination address/mask" of the extended acl referred to the mask
of
the
> >> route ?
> >>
> >> it was never any fun to see:
> >>
> >> access-list 100 permit 192.160.0.0 0.0.0.255 255.255.255.0
0.0.0.255
> >>
> >> cheers,
> >> -marc.
> >>
> >> On Thu, 4 Nov 2004, ccie2be wrote:
> >>
> >>> They're the same.
> >>>
> >>> The slash 24 in the 1st prefix list means the 1st 24 bits of the
network
> >>> address must match and the ge 24 le 24 means the net mask must be
> > exactly 24
> >>> bits.
> >>>
> >>> In the 2nd prefix list, when you don't have either ge or le, then
the
> > /24
> >>> refers to both the network address and the net mask.
> >>>
> >>> HTH, Tim
> >>>
> >>> ----- Original Message -----
> >>> From: "Cisco Net" <network.cisco@gmail.com>
> >>> To: "Group Study" <ccielab@groupstudy.com>
> >>> Sent: Thursday, November 04, 2004 10:20 PM
> >>> Subject: Prefix lists differences ?
> >>>
> >>>
> >>>> Hi
> >>>> Is the meaning of the following 2 Prefix lists are same ?
> >>>> -ip prefix-list ONE permit 100.100.100.0/24 ge 24 le 24
> >>>> -ip prefix-list TEO permit 100.100.100.0/24
> >>>>
> >>>> I thought both are same.. What do you think ?
> >>>> Regds
> >>>> Cert
> >>>>
> >>>>
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3