SV: SV: Match Any behaviour in Prefix lists

From: Jens Petter Eikeland (jenseike@start.no)
Date: Sat Sep 17 2005 - 13:15:59 GMT-3

Hi there..

Do not try to memorize it. Rather lab it so many times that you will never
forget it.

That way you have done what you need to do to have that covered for the
lab,..

Jens Petter

  _____

Fra: Venkataramanaiah.R [mailto:vramanaiah@gmail.com]
Sendt: 17. september 2005 18:11
Til: Jens Petter Eikeland
Kopi: ccielab@groupstudy.com
Emne: Re: SV: Match Any behaviour in Prefix lists

:-) Although i am right with my configs, i am having hard time memorziing
it, because, honestly, i am still not getting the basics behind it..

The problem i have here is understanding it when comparing prefix lists with
access-lists. In access-lists we use inv-masks and at other places we use
standard mask. And in some situations, prefix list operation seem to match
with standard mask and in some case with inv-mask.

I think, it is better i leave this at this stage and come back to it a
little latter. May be I will can look at it with a different perspective
then..

Anyways, Thanks to all

-Venkat

On 9/17/05, Jens Petter Eikeland <jenseike@start.no> wrote:

Hi ..
You are right.. sorry about that. I dont know why i wrote it down incorrect.

This is as it should be :
To deny the default route 0.0.0.0/0:

ip prefix-list abc deny 0.0.0.0/0

To permit all routes with a prefix of 0/0:

ip prefix-list abc permit 0.0.0.0/0 le 32

You can check it out in the documentation..
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/iprr
p_r/ip2_i1g.htm#wp1039727

Jens P

-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
Venkataramanaiah.R
Sendt: 17. september 2005 15:41
Til: Leigh Harrison
Kopi: ccielab@groupstudy.com
Emne: Re: SV: Match Any behaviour in Prefix lists

Guys, Although i agree with your way of interpreting the default route
sounds logical to me, it is not working that way practically. Even, i
applied the same logic, however it is not working when i lab it up.. Default
route gets in only when i permit 0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0> and not with
0.0.0.0/32 <http://0.0.0.0/32>.

Well, if you look at permit all, it works fine with our logic. ie., permit
0.0.0.0/0 <http://0.0.0.0/0> le 32 works for Permit all.

Again, for deny all, the same logic does not work... To deny all, only deny
0.0.0.0/0 <http://0.0.0.0/0> works.

Could you guys lab it and confirm.

Thanks for your attempt to clarify

-Venkat

On 9/17/05, Leigh Harrison < <mailto:ccileigh@gmail.com>
ccileigh@gmail.com> wrote:
>
> Venkat,
>
> The way I think of it is:-
>
> ip prefix-list test permit 192.168.0.0/16 < http://192.168.0.0/16
<http://192.168.0.0/16> > le 32
>
> The way I read it is the prefix that I'm looking for has to start
> 192.168.x.x and have a mask of less than or equal to 32 bits - so the
> mask has to be between 16 and 32 bits and begin with 192.168 and it's in.
>
> The bit that got me was making the difference between a prefix-list and
> an access-list.
>
> For the default route:-
> ip prefix-list test permit 0.0.0.0/32 <http://0.0.0.0/32>
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0< <http://0.0.0.0> http://0.0.0.0>and
> have mask of 32" - think "1 in the mask = unchangable bits" - so the
> only thing it will allow here is 0.0.0.0 < http://0.0.0.0 <http://0.0.0.0>
> - no need to put
> any ge or le
> on the end as 32 bits is pretty definitive !!
>
> For all routes:-
> ip prefix-list test permit 0.0.0.0/0 <http://0.0.0.0/0> le 32
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0<http://0.0.0.0 >and
> have a mask of 0" - think "1 in the mask = unchangable bits" - as it's a
> 0, there are no bits that are fixed. The less than or equal to at the
> end reads "but has to have a mask of 32 bits or less" - which will cover
> everything.
>
> To read the last example as a whole:-
> "I am looking for a prefix that has any number is it, with a mask of 32
> bits or less"
>
> To read the first example as a whole:-
> " I am looking for a prefix that begins with 192.168 and has a mask of
> 32 bits or less"
>
> Hope that helps
>
> LH
>
>
> Jens Petter Eikeland wrote:
>
> >HI ,
> >
> >I was wondering the same thing a while ago.. Here is how it is :
> >
> >prefix-list to match the "default-route" is;
> >
> >ip prefix-list mebean permit 0.0.0.0/32 <http://0.0.0.0/32>
> >
> >all the first 32 bits "must" be zeros.
> >
> >
> >prefix-list to match "any" route is;
> >
> >ip prefix-list mrbean permit 0.0.0.0/0 <http://0.0.0.0/0> le 32.
> >
> >All the 32 bits can be "anything" and can have any mask.
> >
> >Jens Petter Eikeland
> >
> >-----Opprinnelig melding-----
> >Fra: nobody@groupstudy.com [mailto: nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] Pe vegne av
> >Venkataramanaiah.R
> >Sendt: 17. september 2005 10:39
> >Til: ccielab@groupstudy.com
> >Emne: Match Any behaviour in Prefix lists
> >
> >Any idea, which what do we configure for match any when you use the
> prefix
> >lists?
> >
> >In a case of deny only 0.0.0.0/0 < http://0.0.0.0/0> <http://0.0.0.0/0>
> matches all the routes
> >
> >In a case of Permit, only 0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0> <http://0.0.0.0/0>
> le 32 matches all the
> >routes. Just 0.0.0.0/0 < http://0.0.0.0/0 <http://0.0.0.0/0> >
<http://0.0.0.0/0> does not
> match all traffic, rather
> >it matches just the default route, when used with a permit command.
> >
> >I am sure this is something to do with the way the prefix lists operate,
> >which is apparently not clear to me.
> >
> >Can someone clarify?
> >
> >TIA
> >-Venkat
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3