RE: IP Prefix-list Question

From: Lee Donald (Lee.Donald@t-systems.co.uk)
Date: Fri Apr 01 2005 - 11:33:58 GMT-3

I've already tested it.

-----Original Message-----
From: Hogo, Trust [mailto:trust.hogo@sarcom.com]
Sent: 01 April 2005 15:24
To: Lee Donald; mani poopal; Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: RE: IP Prefix-list Question

I think that statement would actually permit 16,17,18,19,20,21,22,23 not
1,2,4,5 as required by the question.

I would think the correct statement would be:

 ip prefix-list cisco permit 192.54.0.0/21 le 24 ge 24

This statement will covers networks 0,1,2,3,4,5,6,7 and thus meet the
requirements of the question.

HTH
Trust

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lee Donald
Sent: Friday, April 01, 2005 3:19 AM
To: mani poopal; Lee Donald; Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: RE: IP Prefix-list Question

The Deny would have worked, but I think it is always better to permit
exact
networks rather than deny and then let in everything else.

 

192.54.16.0/21 le 24 ge 24 is the correct statement.

 

Lee.

 

 

 

  _____

From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 31 March 2005 17:12
To: Lee Donald; Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: RE: IP Prefix-list Question

 

Hi Lee,

 

I did not include .20 and .21, assue I include those too, so the
solution
should be

deny 192.54.20.0/21 le 24 ge 24 not deny 192.54.0.0/21 ge 24 le 24,
correct
me if I am wrong.

 

thanks

Mani

Lee Donald <Lee.Donald@t-systems.co.uk> wrote:

The solution I used Mani was

192.54.0.0/21 le 24 ge 24

Which excluded 192.54.21.0/24 and 192.54.22.0/24 and for filled the
requirements of the question.

-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 31 March 2005 16:57
To: Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: Re: IP Prefix-list Question

Hi Guys,

I was watching this thread very good one with good examples. I have a
small
question. Assume now you have 5 routes(192.54.1.0/24, 192.54.2.0/24,
192.54.3.0/24, 192.54.4.0/24 and 192.54.5.0/24), now if the question
asks to
use minimum number fo commands to allow these 5 prefixes what will be
the
solution be:
====================================
ip prefix-list cisco permit 192.54.0.0/22 ge 24 le 24==>A[will this line
conver 0,1,2, and 3]
ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
=====================================
or
=====================================
ip prefix-list cisco permit 192.54.1.0/24 ==========>B
ip prefix-list cisco permit 192.54.2.0/23 ge 24 le 24--covers 2 and 3
ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24--covers 4 and 5
====================================

thanks

Mani

Sundar Palaniappan wrote:
You are right on target!

--Sundar Palaniappan

On Thu, 31 Mar 2005 09:53:25 -0500, Curtis Gregg wrote:
>
>
>
> Very cool explanation.
>
>
>
> Please verify I understand it correctly.
>
>
>
> How I understand it:
>
> We have 23 bits in the 3rd octet that we care about and the 24 bit of
that
> octet we don't care about which that can be either on or off (0 or 1).

>
>
>
> Question:
>
> So the 23 bits that we care about have to stay the same as the network
> number? For example: 192.168.4.0 has to stay the same_0000010. None of
the
> other bits can change except the last bit. Which off equals 4 and on
equals
> 5.
>
>
>
> Basically we can not change the bits we care about. For example; ip
> prefix-list cisco permit 192.54.4.0/23 says that the 23 bits are our
network
> do not change.
>
>
>
> And the ge 24 le 24 basically says any advertised network must have a
24
bit
> mask.
>
>
>
> Thanks a lot for all your time!
>
>
>
> Curtis R. Gregg
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Sundar Palaniappan
> Sent: Tuesday, March 29, 2005 11:29 AM
> To: ccielab@groupstudy.com
> Subject: Fwd: IP Prefix-list Question
>
>
>
> Lee,
>
>
>
> Shall attempt to make it a little simple from what the other guys have

>
> stated above.
>
>
>
> 192.54.4.0/23
>
>
>
> 3rd octet in binary:
>
>
>
> 4 - 00000100
>
> 5 - 00000101
>
>
>
> When the SM is 23 bits, you don't care about the last bit in the 3rd
>
> octet - i.e it can be on or off. When the last bit is a 0 that matches

>
> network 4 and the last bit is 1 it matches network 5.
>
>
>
> HTH,
>
> Sundar Palaniappan
>
>
>
>
>
> On Tue, 29 Mar 2005 17:16:39 +0100, simon hart
>
> wrote:
>
> > Lee,
>
> >
>
> > I will see if I can explain
>
> >
>
> > A prefix list with just a subnet mask i.e. 192.54.4.0/24 means that
the
> only
>
> > allowable route is 192.54.4.0 255.255.255.0 no other routes are
allowed
> at
>
> > all.
>
> >
>
> > When ge or le is added the syntax and function of the prefix list
changes
>
> > slightly, for example
>
> >
>
> > 192.54.4.0/23 ge 24 le 24 means
>
> >
>
> > The first 23 bits of 192.54.4.0 must match (in pretty much the same
way
as
>
> > an access list)
>
> >
>
> > The subnet mask of the advertised route can only be 24, nothing more
> nothing
>
> > less. Thus the only bit we are testing for is the last bit of the
third
>
> > octet which can be either 0 or 1.
>
> > Therefore such an access list will allow either 192.54.4.0/24 or
>
> > 192.54.5.0/24
>
> >
>
> > When ge or le (or both together) are added to the prefix list, then
the
>
> > initial function of the prefix list changes.
>
> >
>
> > HTH
>
> >
>
> > Simon
>
> >
>
> > -----Original Message-----
>
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
Of
>
> > Lee Donald
>
> > Sent: 29 March 2005 17:03
>
> > To: Philippe Couture; Lee Donald
>
> > Cc: Dillon Yang; Sundar Palaniappan; Group Study
>
> > Subject: RE: IP Prefix-list Question
>
> >
>
> > I understand the le and ge, but the 192.54.4.0/23 bit I don't get.
>
> >
>
> > I have tried it and it works but I just need to get my head round
it.
>
> >
>
> > How does the /23 incorporate the 5 subnet aswell?
>
> >
>
> > -----Original Message-----
>
> > From: Philippe Couture [mailto:philippecouture@gmail.com]
>
> > Sent: 29 March 2005 16:55
>
> > To: Lee Donald
>
> > Cc: Dillon Yang; Sundar Palaniappan; Group Study
>
> > Subject: Re: IP Prefix-list Question
>
> >
>
> > Hi Lee,
>
> >
>
> > Did you try those three lines together ?
>
> >
>
> > ip prefix-list cisco permit 192.54.1.0/24
>
> > ip prefix-list cisco permit 192.54.2.0/24
>
> > ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
>
> >
>
> > In terms of methodology, the /xx means the mask length, just as if
you
>
> > were using an access-list. So, you apply a mask of 23 bits to filter

>
> > the bits in the network, and whatever is included in this mask can
go
>
> > through, on the condition that its prefix length respects the ge /
le
>
> > options that may be added. These ge / le options apply to the prefix

>
> > length in the advertisement. Using both le 24 and ge 24 is a way to
>
> > say "equal", since the only way to be "less or equal" and "greater
or
>
> > equal" at the same time is to be precisely equal.
>
> >
>
> > Philippe
>
> >
>
> > On Tue, 29 Mar 2005 16:48:04 +0100, Lee Donald
>
> > wrote:
>
> > > Guys,
>
> > >
>
> > > I have tried this and it only lets subnets 4 & 5 in ?
>
> > >
>
> > > Also I was after the methlogy behind it so I can work it out for
myself,
>
> > you
>
> > > just telling me the answer is only part of it.
>
> > >
>
> > > I don't quite understand the /23 and the le 24 ge 24 bits ?
>
> > >
>
> > >
>
> > > -----Original Message-----
>
> > > From: Dillon Yang [mailto:gzdillon@hotmail.com]
>
> > > Sent: 29 March 2005 16:41
>
> > > To: Sundar Palaniappan
>
> > > Cc: Group Study
>
> > > Subject: Re: IP Prefix-list Question
>
> > >
>
> > > Yes, Sundar:
>
> > >
>
> > > The task is just the SIX routes!
>
> > > so feel free.
>
> > > I think you'd not overthink the unknown subnet as 3, 6, 7.
>
> > > Any expert advice?
>
> > >
>
> > > HTH
>
> > > dillon
>
> > >
>
> > > ----- Original Message -----
>
> > > From: "Sundar Palaniappan"
>
> > > To: "Philippe Couture"

>
> > > Cc: ;
>
> > > Sent: Tuesday, March 29, 2005 11:28 PM
>
> > > Subject: Re: IP Prefix-list Question
>
> > >
>
> > > > Dillon,
>
> > > >
>
> > > > You are allowing subnets 3, 6, 7 that aren't part of the
requirment.

>
> > > >
>
> > > > Lee's requirement is minimum number of lines to be used. Your
solution
>
> > > > would be correct if only one line is to be used to accomplish
that.
>
> > > >
>
> > > > Not sure if Cisco would consider your solution correct.
>
> > > >
>
> > > > --Sundar Palaniappan
>
> > > >
>
> > > >
>
> > > > On Tue, 29 Mar 2005 10:23:04 -0500, Sundar Palaniappan
>
> > > > wrote:
>
> > > > > My bad.
>
> > > > >
>
> > > > > Last statement should be,
>
> > > > >
>
> > > > > ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
>
> > > > >
>
> > > > > What you are doing is, you are permiting everything after
>
> > > > > 192.54.4.0/23 but the subnet mask has to be 24 bits always.
>
> > > > >
>
> > > > > If you don't use le 24 then you are allowing prefixes with
shorter

>
> > > > > mask i.e .25, .26 etc to be advertised.
>
> > > > >
>
> > > > > In the lab, I wouldn't take a chance and just nail it down.
>
> > > > >
>
> > > > > HTH,
>
> > > > > Sundar Palaniappan
>
> > > > >
>
> > > > >
>
> > > > > On Tue, 29 Mar 2005 10:03:43 -0500, Philippe Couture
>
> > > > >
wrote:
>
> > > > > > Sundar,
>
> > > > > >
>
> > > > > > Wouldn't the third line need to be "ip prefix-list cisco
permit
>
> > > > > > 192.54.4.0/23 ge 24" ?
>
> > > > > >
>
> > > > > > I could be wrong but I think that since you don't care about
the

>
> > 24th
>
> > > > > > bit (i.e. you want to match .4 and .5), you would use a mask
> length
>
> > of
>
> > > > > > 23, and the "ge 24" says to use prefix lengths of 24 or
more. If
> you
>
> > > > > > want to really only allow 24 and nothing longer, you would
also
> need
>
> > > > > > to add "le 24".
>
> > > > > >
>
> > > > > > Phil
>
> > > > > >
>
> > > > > >
>
> > > > > > On Tue, 29 Mar 2005 09:54:59 -0500, Sundar Palaniappan
>
> > > > > > wrote:
>
> > > > > > > Lee,
>
> > > > > > >
>
> > > > > > > Or you could you configure
>
> > > > > > >
>
> > > > > > > ip prefix-list cisco permit 192.54.1.0/24
>
> > > > > > > ip prefix-list cisco permit 192.54.2.0/24
>
> > > > > > > ip prefix-list cisco permit 192.54.4.0/24 ge 23
>
> > > > > > >
>
> > > > > > > Either way you need 3 statements atleast.
>
> > > > > > >
>
> > > > > > > HTH,
>
> > > > > > > Sundar Palaniappan
>
> > > > > > >
>
>
> > > > > > > On Tue, 29 Mar 2005 15:19:12 +0100, Lee Donald
>
> > > > > > > wrote:
>
> > > > > > > > I'm having trouble understanding IP Prefix-lists can
anybody

>
> > > clarify this
>
> > > > > > > > for me?
>
> > > > > > > >
>
> > > > > > > > I have this question; use a prefix list with the minimum
> amount
>
> > of
>
> > > lines to
>
> > > > > > > > allow 1,2,4,5 networks in.
>
> > > > > > > >
>
> > > > > > > > 192.54.1.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.2.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.4.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.5.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.21.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.22.0/24
>
> > > > > > > >
>
> > > > > > > > I have 3 lines, 2 denying 21, and 22, the other allowing

>
> > > everything.
>
> > > > > > > >
>
> > > > > > > > Is this the minimum?, if not why not?
>
> > > > > > > >
>
> > > > > > > > Thanks in advance for your help.
>
> > > > > > > >
>
> > > > > > > > Regards
>
> > > > > > > >
>
> > > > > > > > Lee Donald.
>
> > > > > > > >
>
> > > > > > > >
>
> > >

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:51 GMT-3