9.8 BGP Route Filtering and Policy Routing  
  9.8.5 Example ip prefix-list configuration  
Figure presents the commands used to create a simple prefix list and apply it during BGP configuration. The commands define a prefix list called ELMO, which is applied to outgoing External BGP (EBGP) updates to 192.168.1.1 using a neighbor statement.

The real power of the ip prefix-list command is in its optional parameters. The keywords ge and le can be used to specify the range of the prefix length to be matched for prefixes that are more specific than the network/len value. The prefix length range is assumed to be from ge-value to 32 if only the ge attribute is specified. The prefix length range is assumed to be from len to le-value if only the le attribute is specified.

Notice that a specified ge-value and le-value must satisfy the following condition:

len < ge-value <= le-value <= 32

For example, to accept a mask length of up to 24 bits in routes with the prefix 192.0.0.0/8, and to deny more specific routes, use the following commands:

RTA(config)#ip prefix-list GROVER permit 192.0.0.0/8 le 24
RTA(config)#ip prefix-list GROVER deny 192.0.0.0/8 ge 25

These commands test to see if a given prefix begins with 192 in the first octet. After that, they are concerned with only how specific the route is by checking the length of the mask. Therefore, both 192.168.32.0/19 and 192.168.1.0/24 match the permit statement, but 192.168.1.32/27 does not because its mask length is greater than the ge value, 25. Any routes with a mask equal to the ge value will also be denied.

The le and ge keywords can be used together in the same statement, as the following shows:

RTA(config)#ip prefix-list OSCAR permit 10.0.0.0/8 ge 16 le 24

This command permits all prefixes in the 10.0.0.0/8 address space that have a mask length from 16 to 24 bits.

Each prefix list entry is assigned a sequence number, either by default or manually by an administrator. By numbering the prefix list statements, new entries can be inserted at any point in the list. This is important because routers test for prefix list matches from lowest sequence number to highest. When a match occurs, the router does not continue through the rest of the prefix list. For efficiency, put the most common matches near the top of the list. The show ip prefix-list command always includes the sequence numbers in its output, as shown in Figure .

Sequence numbers are automatically generated in increments of five. The first sequence value generated in a prefix list would be five (5), then ten (10), then 15, and so on. If manually specifying a value for an entry and then not specifying values for subsequent entries, the assigned sequence values are incremented in units of five. For example, the first entry in the prefix list has a sequence value specified of three. Then no more sequence values are specified for the other entries, the automatically generated numbers will be 8, 13, 18, and so on. Manually specify prefix list sequence numbers as shown in the following:

RTA(config)#ip prefix-list ELMO seq 12 deny 192.168.1.0/24

Sequence values for prefix list entries can be manually specified in any increments that are wanted. However, if unwisely specifying the sequence values in increments of one (1), additional entries cannot be inserted into the prefix list.

To display information about prefix tables, prefix table entries, the policy associated with a node, or specific information about an entry, use the show ip prefix-list command.

Finally, when using prefix lists, keep the following rules in mind:

  • An empty prefix list permits all prefixes.
  • An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
  • When multiple entries of a prefix list match a given prefix, the sequence number of a prefix list entry identifies the entry with the lowest sequence number. In this case, the entry with the smallest sequence number is considered to be the "real" match.

 

Lab Activity

e-Lab Activity: ip prefix-list Configuration

This lab uses prefix lists as an alternative to access lists. Many BGP route filtering commands will be used.