Re: SV: Match Any behaviour in Prefix lists

From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Sat Sep 17 2005 - 13:11:08 GMT-3

:-) Although i am right with my configs, i am having hard time memorziing
it, because, honestly, i am still not getting the basics behind it..

The problem i have here is understanding it when comparing prefix lists with
access-lists. In access-lists we use inv-masks and at other places we use
standard mask. And in some situations, prefix list operation seem to match
with standard mask and in some case with inv-mask.

I think, it is better i leave this at this stage and come back to it a
little latter. May be I will can look at it with a different perspective
then..

Anyways, Thanks to all

-Venkat

On 9/17/05, Jens Petter Eikeland <jenseike@start.no> wrote:
>
> Hi ..
> You are right.. sorry about that. I dont know why i wrote it down
> incorrect.
>
> This is as it should be :
> To deny the default route 0.0.0.0/0 <http://0.0.0.0/0>:
>
> ip prefix-list abc deny 0.0.0.0/0 <http://0.0.0.0/0>
>
>
> To permit all routes with a prefix of 0/0:
>
> ip prefix-list abc permit 0.0.0.0/0 <http://0.0.0.0/0> le 32
>
> You can check it out in the documentation..
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/iprr
> p_r/ip2_i1g.htm#wp1039727
>
> Jens P
>
> -----Opprinnelig melding-----
> Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
> Venkataramanaiah.R
> Sendt: 17. september 2005 15:41
> Til: Leigh Harrison
> Kopi: ccielab@groupstudy.com
> Emne: Re: SV: Match Any behaviour in Prefix lists
>
> Guys, Although i agree with your way of interpreting the default route
> sounds logical to me, it is not working that way practically. Even, i
> applied the same logic, however it is not working when i lab it up..
> Default
> route gets in only when i permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> and not with
> 0.0.0.0/32 <http://0.0.0.0/32> <http://0.0.0.0/32>.
>
> Well, if you look at permit all, it works fine with our logic. ie., permit
> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> le 32 works for Permit
> all.
>
> Again, for deny all, the same logic does not work... To deny all, only
> deny
> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> works.
>
> Could you guys lab it and confirm.
>
> Thanks for your attempt to clarify
>
> -Venkat
>
>
> On 9/17/05, Leigh Harrison <ccileigh@gmail.com> wrote:
> >
> > Venkat,
> >
> > The way I think of it is:-
> >
> > ip prefix-list test permit 192.168.0.0/16 <http://192.168.0.0/16> <
> http://192.168.0.0/16> le 32
> >
> > The way I read it is the prefix that I'm looking for has to start
> > 192.168.x.x and have a mask of less than or equal to 32 bits - so the
> > mask has to be between 16 and 32 bits and begin with 192.168 and it's
> in.
> >
> > The bit that got me was making the difference between a prefix-list and
> > an access-list.
> >
> > For the default route:-
> > ip prefix-list test permit 0.0.0.0/32 <http://0.0.0.0/32> <
> http://0.0.0.0/32>
> >
> > This one reads "The prefix that I'm looking for has to start
> 0.0.0.0 <http://0.0.0.0><http://0.0.0.0>and
> > have mask of 32" - think "1 in the mask = unchangable bits" - so the
> > only thing it will allow here is 0.0.0.0 <http://0.0.0.0> <
> http://0.0.0.0> - no need to put
> > any ge or le
> > on the end as 32 bits is pretty definitive !!
> >
> > For all routes:-
> > ip prefix-list test permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> le 32
> >
> > This one reads "The prefix that I'm looking for has to start
> 0.0.0.0 <http://0.0.0.0><http://0.0.0.0>and
> > have a mask of 0" - think "1 in the mask = unchangable bits" - as it's a
> > 0, there are no bits that are fixed. The less than or equal to at the
> > end reads "but has to have a mask of 32 bits or less" - which will cover
> > everything.
> >
> > To read the last example as a whole:-
> > "I am looking for a prefix that has any number is it, with a mask of 32
> > bits or less"
> >
> > To read the first example as a whole:-
> > " I am looking for a prefix that begins with 192.168 and has a mask of
> > 32 bits or less"
> >
> > Hope that helps
> >
> > LH
> >
> >
> > Jens Petter Eikeland wrote:
> >
> > >HI ,
> > >
> > >I was wondering the same thing a while ago.. Here is how it is :
> > >
> > >prefix-list to match the "default-route" is;
> > >
> > >ip prefix-list mebean permit 0.0.0.0/32 <http://0.0.0.0/32> <
> http://0.0.0.0/32>
> > >
> > >all the first 32 bits "must" be zeros.
> > >
> > >
> > >prefix-list to match "any" route is;
> > >
> > >ip prefix-list mrbean permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> le 32.
> > >
> > >All the 32 bits can be "anything" and can have any mask.
> > >
> > >Jens Petter Eikeland
> > >
> > >-----Opprinnelig melding-----
> > >Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
> > >Venkataramanaiah.R
> > >Sendt: 17. september 2005 10:39
> > >Til: ccielab@groupstudy.com
> > >Emne: Match Any behaviour in Prefix lists
> > >
> > >Any idea, which what do we configure for match any when you use the
> > prefix
> > >lists?
> > >
> > >In a case of deny only 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
> <http://0.0.0.0/0>
> > matches all the routes
> > >
> > >In a case of Permit, only 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> <http://0.0.0.0/0>
> > le 32 matches all the
> > >routes. Just 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <
> http://0.0.0.0/0> does not
> > match all traffic, rather
> > >it matches just the default route, when used with a permit command.
> > >
> > >I am sure this is something to do with the way the prefix lists
> operate,
> > >which is apparently not clear to me.
> > >
> > >Can someone clarify?
> > >
> > >TIA
> > >-Venkat
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3