Wednesday, December 23, 2009

ip prefix-list

I had to look at prefix-lists again a bit more in detail and how matching is done.
There are several key words that need to be understood for mathing the right addresses.
At first the most simple match is the:
ip prefix-list PRE_20 permit 20.0.0.0/24
which does just match for the first 24 bit in the address and nothing else.
If in case you have to match more addresses, maybe a range from subnets with a specific prefix, you can match it with “ge” or “le”.
“ge” means greater or equal
“le” means less or equal
So if you want to match the following subnets:
20.0.0.0/16
20.1.0.0/16
You could create an prefix list with the following match:
ip prefix-list PRE_20 permit 20.0.0.0/15 ge 16 le 16
This means, that first the matching is done one the subnet that is the same for all subnets: 20.0.0.0/15, that can include 20.0.0.0 and 20.1.0.0.
Here we already summarized the best match for both addresses. So this part is the same for all addresses. Then, since we don’t want to match the 20.0.0.0/15 or the 20.1.0.0/15, we have to tell the prefix list, how to extend the variable match for addresse, that should be included in the match.
Se we want specially matches greater or equal /16 and maximal /16.
That means:
ip prefix-list PRE_20 permit 20.0.0.0/15 ge 16 le 16
If we want to include for example only:
20.0.0.0/24
20.0.1.0/24
20.0.2.0/24
20.0.3.0/24
ip prefix-list PRE_22 permit 20.0.0.0/22 ge 24 le 24
Another example would be to match a range of subnets with “le”
ip prefix-list 20.0.0.0/16 le 18
Would match:
20.0.0.0/16
20.0.0.0/17
20.0.0.0/18
Where the 20.0. prefix must be in all network ranges at a minimum and every address with a maximum of /18 would match if 20.0. is in the prefix.

No comments:

Post a Comment