Cisco router prefix list

Source: Internet
Author: User

In the BGP Route Selection protocol, you can filter the BGP Route Selection and update. To do this, you need to use the prefix list. I. prefix list features: (1) it can be incrementally modified. We know that we cannot delete an entry in the general access control list, if you want to delete an entry in the list, you can only delete all the entries in the list. In the prefix list, you can delete or Add an entry separately. Www.2cto.com (2) and prefix list can be used in Cisco IOS 12.0 and later versions. (3) The performance of the access control list is significantly improved in terms of Loading Large lists and finding routes. (4) The prefix list is used for BGP routing.
2. Command description of prefix list (1), "ip prefix-list-name [seq-value] {deny permit} network/len [ge-value] [le-value] list name indicates the created prefix list name (note that the list name is case sensitive) seq-value indicates the 32bit serial number of the prefix list language name, which is used to determine the order in which filter statements are processed. The default number is increased by 5 (5, 10, 15, and so on ). Deny permit indicates the action to be taken when a matching entry is found. network/len indicates the prefix and prefix length to be matched. Network is a 32-bit address and the length is a decimal number. Ge-value represents a more specific prefix than "network/len" and the range of prefix lengths to be matched. If only the "ge" attribute is specified, the range is considered from "ge-value" to 32. le-vlaue represents a more specific prefix than "network/len", and the range of prefix lengths to be matched. If only the "le" attribute is specified, the range is considered from "le" to "le-value ". (2) "neighbor {ip-address peer-group-name} prefix-list prefix-listname {in out}" "ip-address indicates the ip address of the BGP neighbor for Route filtering. Peer-group-name indicates the name of the BGP peer group. Prefix-listname indicates the name of the prefix list to be used to filter routes. In indicates that the prefix list will be applied to inbound route notifications from neighbors. The out indicates that the prefix list will be applied to the outgoing route notifications sent to neighbors.
III. The use of the "ge" and "le" options in the "ip prefix-list" command may be confusing and difficult to understand. Next we will perform a test, to better understand the meaning of these options. The network topology is described as follows: vroa A belongs to AS65000, vrob B and vroc C are the neighbors of vroa A, and vroa A learns from vrob B, 172.16.10.0/24/60 .11.0, the port address of router C connecting to router A is 10.1.1.1 in this test, three routers are used: Router B, router A and router C, and router C is the EBGP neighbor of router, the interface address of router C is 10.1.1.1, as shown above. Assume that router A has learned the following route (learned from router B): 172.16.0.0 subnetted: 172.16.10.0/24 172.16.11.0/24 before configuring the prefix list on www.2cto.com: in this case, the following configurations are made for router: router bgp 65000 aggregate-address 171.16.0.0 255.255.0.0 neighbor 10.1.1.1 prefix-list tenonly out in prefix-list tenonly permit 172.16.10.0/8 le 24 when you use the "show run" command to view the vro configuration, we will see that vroa A automatically changes the last line of this configuration to the following: ip prefix-fix tenonly permit 172.0.0.0/8 le 24 then vroc C learns three vrouters, that is: 172.16.0.0/16 172.16.10.0/24 172.16.11.0/24: because we have created an Aggregation Router 172.16.0.0/16 with aggregate in vroa A, and the parameter summary-only is not added when using this command, the EBGP neighbor of vroa, that is, vroc C may learn three routes: 172.16.0.0/16, 172.16.10.0/24, and 172.16.11.0/24. in the command "in prefix-list tenonly permit 172.16.10.0/8 le 24", len equals 8, len-value, and so on ,. We have mentioned earlier that for a specific prefix than "network/len", the len-value parameter must be added. If only the "le" attribute is specified, this range is considered to be from "le" to "le-value". Here, 8 and 24 are the concepts of length, that is, they can precisely match the first 8 bits, the first 9 bits, the first 11 digits ,....... Until the first 24 digits can be precisely matched. 172.16.0.0/16 is regarded as exact match for the first 16 bits, while 172.16.10.0/24 and 172.16.11.0/24 are considered as exact match for the first 24 bits, if it is 172.0.0.0/8, it is considered that the first 8 bits are exactly matched. That is, the 8-24 bits are mask bits, that is, from the perspective of router C, the mask in the BGP Route table of vroa A is/8,/9,/10,/11,/12,/13,/14,/15,/16, /17,/18,/19,/20,/21,/22,/23,/24, so in this case, router C learns three routes: 172.16.0.0/16 172.16.10.0/24 172.16.11.0/24 in this case, configure router A as follows: robgp bgp 65000 aggregate-address 171.16.0.0 255.255.0.0 neighbor 10.1.1.1 prefix-list t Enonly out in prefix-list tenonly permit 172.16.10.0/8 le 16 here, from the perspective of vroc C, I may learn that the route is 172.16.0.0/16,172.16 .11.0/24,172.16 .10.0/24, but actually I only learned 172.16.0.0/16, because the len-value has been changed to 16, that is, I can only learn mask:/8,/9,/10, /11,/12,/13,/14,/15,/16. Among the preceding three routes, only 172.16.0.0/16 are allowed, therefore, router C Only learns the route 172.16.0.0/16. In the third case, vroa A is configured as follows: router bgp 65000 aggregate-address 171.16.0.0 255.255.0.0 neighbor 10.1.1.1 prefix-list tenonly out in prefix-list tenonly permit 172.16.10.0/8 ge 17 here from the perspective of router C, I may have learned 172.16.0.0/16,172.16 .11.0/24,172.16 .10.0/24, but router C Only learns 172.16.11.0/24,172.16 .10.0/24. Why, this is because the value of ge-value is 17, which precisely matches the first 17 bits, the first 19 BITs, and the first 20 bits. It can always match the first 32 bits accurately, from the perspective of router C, I can say that the mask in the BGP Route table in Router A is/17,/18,/19,/20,/21 ,/ 22,/23,/24,/25,/26,/27,/28,/29,/30,/31,/32, therefore, vroc C has learned two routes: 172.16.11.0/24, 24,172.16 .10.0/24. in the fourth case of www.2cto.com, configure router A as follows: router bgp 65000 aggregate-address 171.16.0.0 255.255.0.0 neighbor 10.1.1.1 prefix-list tenonly out in prefix-list tenonly permit 172.16.10.0/8 ge 16 le24 here from the perspective of router C, the possible route I learned is 172.16.0.0/16,172.16 .11.0/24,172.16 .10.0/24. vroc C can learn from the BGP Route table of vroa A that mask is/16,/17,/18, /19,/20,/21 ,/ 22,/23,/24 routes, all the above three routes meet the conditions, so they are learned by router C. In the fifth case, configure router A as follows: router bgp 65000 aggregate-address 171.16.0.0 255.255.0.0 neighbor 10.1.1.1 prefix-list tenonly out in prefix-list tenonly permit 172.16.10.0/8 ge 17 le24 here from the perspective of router C, the possible route I learned is 172.16.0.0/16,172.16 .11.0/24,172.16 .10.0/24. vroc C can learn from the BGP Route table of vroa A that mask is/17,/18,/19, /20,/21,/22,/23,/24. Among the preceding three routes, only 172.16.11.0/24,172.16 .10.0/24 meet the conditions, therefore, router C has learned the routes 172.16.11.0/24,172.16 .10.0/24. This article is from the fat shark network.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.