Appendix D. IP Prefix Lists
Prefix lists became available in Cisco IOS Software Release 12.0(3)T. You can use prefix lists as a simpler alternative to standard IP access lists for routing advertisement filtering with routing protocols. Although prefix lists are most commonly put to use in Border Gateway Protocol (BGP) configurations, this appendix demonstrates other ways that you can use prefix lists to support other routing protocols such as Enhanced Interior Gateway Routing Protocol (EIGRP). Prefix lists introduce a more streamlined way to create filters for network prefix advertisements by following these rules:- Like access lists, prefix lists are processed sequentially from top to bottom. When a match is made, processing stops and the rest of the entries are not read.
- Entries can be added to the prefix lists at any time.
- An empty prefix lists permits all prefixes by default.
- Prefix lists do not use wildcard masks like access lists; they use a subnet length mask (for instance, /24).
- Unlike access lists, lines in prefix lists can be edited by the use of the sequence number.
- Prefix lists contain an implicit deny any at the end of each list.
- Sequence numbers are automatically generated; however, automatic sequence generation can be stopped.
ip prefix-list list-name | list-number [sequence sequence-value] deny | permit network-address/length [ge ge-value] [le le-value]Table D-1 shows the meaning for the prefix list syntax.
Table D-1. IP Prefix List Syntax
| Command/Argument | Description |
| list-name | list-number | Specifies the name or number of the prefix list. |
| seq sequence-value | (Optional) Sequence number. If the sequence number is not entered manually, an automatic sequence number is generated. These numbers are generated sequentially starting with 5 and incrementing by 5. |
| deny | permit | Specifies whether prefixes are permitted or denied upon a match. |
| network-address | Network address to be matched, entered in dotted-decimal format. |
| /length | Length of the subnet mask in bits. |
| ge ge-value | (Optional) Specifies the minimum range of prefixes to be matched. |
| le le-value | (Optional) Specifies the maximum range of prefixes to be matched. |
The following example shows how prefix lists can be used to filter incoming routing updates with the EIGRP routing protocol:
- Define your prefix lists; in this example, prefix list Internal is used to specify eight 192.168.0.0/24 network prefixes:
ip prefix-list Internal seq 5 deny 192.168.0.0/24 ip prefix-list Internal seq 10 deny 192.168.1.0/24 ip prefix-list Internal seq 15 deny 192.168.2.0/24 ip prefix-list Internal seq 20 deny 192.168.3.0/24 ip prefix-list Internal seq 25 deny 192.168.4.0/24 ip prefix-list Internal seq 30 deny 192.168.5.0/24 ip prefix-list Internal seq 35 deny 192.168.6.0/24 ip prefix-list Internal seq 40 deny 192.168.7.0/24
- Create a distribution list that specifies your previously configured prefix list:
router eigrp 100 distribute-list prefix Internal in
Example D-1. Routing Table Prior to Distribution List
Impasto# show ip route eigrp D 192.168.10.0/24 [90/409600] via 192.168.1.2, 00:00:03, Ethernet0/0 D 192.168.11.0/24 [90/409600] via 192.168.1.2, 00:00:03, Ethernet0/0 D 192.168.4.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0 D 192.168.5.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0 D 192.168.6.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0 D 192.168.7.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0 D 192.168.2.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0 D 192.168.3.0/24 [90/409600] via 192.168.1.2, 00:00:47, Ethernet0/0Example D-2 shows the same routing table after applying the distribution list and clearing the routing from the Impasto router.
Example D-2. Routing Table After Distribution List Application
Impasto# clear ip route * Impasto# show ip route eigrp D 192.168.10.0/24 [90/409600] via 192.168.1.2, 00:00:41, Ethernet0/0 D 192.168.11.0/24 [90/409600] via 192.168.1.2, 00:00:41, Ethernet0/0Notice that the routes mentioned by the prefix list have been removed from the routing tables. Example D-3 shows the full configuration for the Impasto router used in this example.
Example D-3. Using IP Prefix Lists
interface Loopback0 ip address 10.2.2.1 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ! interface TokenRing0/0 ip address 10.1.1.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.1.0 distribute-list prefix Internal in no auto-summary ! ip prefix-list Internal seq 5 deny 192.168.0.0/24 ip prefix-list Internal seq 10 deny 192.168.1.0/24 ip prefix-list Internal seq 15 deny 192.168.2.0/24 ip prefix-list Internal seq 20 deny 192.168.3.0/24 ip prefix-list Internal seq 25 deny 192.168.4.0/24 ip prefix-list Internal seq 30 deny 192.168.5.0/24 ip prefix-list Internal seq 35 deny 192.168.6.0/24 ip prefix-list Internal seq 40 deny 192.168.7.0/24 ip prefix-list Internal seq 45 permit 0.0.0.0/0 le 32Example D-4 demonstrates how you can use the ge and le arguments to filter routes based on minimum and maximum prefix matches. For this example, you need the same two routers with the same configurations. On the Impasto, create four loopback interfaces with the addresses 11.1.1.1/24, 11.2.1.1/16, 11.30.1.1/13, and 11.200.1.1/10. The Impasto and Scumble routers will run EIGRP in autonomous system number 100; the Impasto router will advertise networks 10.0.0.0, 192.168.1.0, and 11.0.0.0; and summarization should be disabled on both routers.
Example D-4. Preparing the Impasto Router
interface Loopback0 ip address 10.2.2.1 255.255.255.0 no ip directed-broadcast ! interface Loopback10 ip address 11.1.1.1 255.255.255.0 ! interface Loopback11 ip address 11.2.1.1 255.255.0.0 ! interface Loopback12 ip address 11.30.1.1 255.248.0.0 ! interface Loopback13 ip address 11.200.1.1 255.192.0.0 ! interface Ethernet0/0 ip address 192.168.1.2 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 192.168.1.0 0.0.0.255 no autoExample D-5 shows the addition of the new 11.0.0.0 networks, displaying the routing table on the Scumble router.
Example D-5. R2's Routing Table
Scumble# show ip route | include is|via
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Loopback10
C 192.168.11.0/24 is directly connected, Loopback20
C 192.168.4.0/24 is directly connected, Loopback2
C 192.168.5.0/24 is directly connected, Loopback3
10.0.0.0/24 is subnetted, 2 subnets
D 10.2.2.0 [90/156160] via 192.168.1.1, 00:02:02, FastEthernet0
D 10.1.1.0 [90/178688] via 192.168.1.1, 00:02:02, FastEthernet0
C 192.168.6.0/24 is directly connected, Loopback4
11.0.0.0/8 is variably subnetted, 4 subnets, 4 masks
D 11.2.0.0/16 [90/156160] via 192.168.1.1, 00:02:02, FastEthernet0
D 11.1.1.0/24 [90/156160] via 192.168.1.1, 00:02:02, FastEthernet0
D 11.24.0.0/13 [90/156160] via 192.168.1.1, 00:02:02, FastEthernet0
D 11.192.0.0/10 [90/156160] via 192.168.1.1, 00:02:02, FastEthernet0
C 192.168.7.0/24 is directly connected, Loopback5
C 192.168.1.0/24 is directly connected, FastEthernet0
C 192.168.2.0/24 is directly connected, Loopback0
C 192.168.3.0/24 is directly connected, Loopback1After creating the loopbacks and verifying EIGRP operation, create an IP prefix list that allows only the Impasto router to advertise the 11.1.0.0 networks with prefixes ranging from /16 to /32. Apply this prefix list to filter EIGRP routes leaving the Impasto router as shown in Example D-6.Example D-6. Applying the IP Prefix List
ip prefix-list Trial-2 seq 5 permit 11.1.0.0/16 le 32 ! router eigrp 100 distribute-list prefix Trial-2 outAfter you apply the prefix list on the Impasto router, the Scumble router's routing table will contain only the route to the 11.1.1.0/24 network. The other 11.0.0.0 networks with masks that range from 16 to 32 bits have been removed, and network 10.2.2.0/24 has also been removed, as shown in Example D-7.
Example D-7. Scumble Router's Routing Table After IP Prefix List
Scumble# show ip route | include is|via
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Loopback10
C 192.168.11.0/24 is directly connected, Loopback20
C 192.168.4.0/24 is directly connected, Loopback2
C 192.168.5.0/24 is directly connected, Loopback3
C 192.168.6.0/24 is directly connected, Loopback4
11.0.0.0/24 is subnetted, 1 subnets
D 11.1.1.0 [90/156160] via 192.168.1.1, 00:02:30, FastEthernet0
C 192.168.7.0/24 is directly connected, Loopback5
C 192.168.1.0/24 is directly connected, FastEthernet0
C 192.168.2.0/24 is directly connected, Loopback0
C 192.168.3.0/24 is directly connected, Loopback1Now, remove the 11.1.1.1/24 interface and add loopback interfaces 11.1.1.0/29, 11.1.1.32/29, and 11.1.1.64/29 to the configuration on the Impasto router; check the routing table on the Scumble router again. It should look like Example D-8.Example D-8. Experimenting with an IP Prefix List
Impasto(config)# interface loopback 11
Impasto(config-if)# ip address 11.1.1.1 255.255.255.248
Impasto(config-if)# interface loopback 14
Impasto(config-if)# ip address 11.1.1.33 255.255.255.248
Impasto(config-if)# interface loopback 15
Impasto(config-if)# ip address 11.1.1.65 255.255.255.248
Impasto# show ip route | include is|via
Gateway of last resort is not set
D 192.168.10.0/24 [90/409600] via 192.168.1.2, 00:06:53, Ethernet0/0
D 192.168.11.0/24 [90/409600] via 192.168.1.2, 00:06:53, Ethernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, Loopback0
C 10.1.1.0 is directly connected, TokenRing0/0
11.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
C 11.2.0.0/16 is directly connected, Loopback11
C 11.1.1.0/29 is directly connected, Loopback10
C 11.24.0.0/13 is directly connected, Loopback12
C 11.1.1.32/29 is directly connected, Loopback14
C 11.1.1.64/29 is directly connected, Loopback15
C 11.192.0.0/10 is directly connected, Loopback13
C 192.168.1.0/24 is directly connected, Ethernet0/0For the next part of this experiment, remove the outgoing Trial-2 prefix from EIGRP 100 and change the prefix list to any 11.1.0.0/16 network prefixes greater than 25 bits in length. (This will include the loopback interfaces that were just created in the preceding step but permit everything else.) After you have edited the prefix list, reapply it, as shown in Example D-9.Example D-9. Experimentation Continued
router eigrp 100 no distribute-list prefix- Trial-2 out ip prefix-list Trial-2 seq 5 deny 11.1.0.0/16 ge 25 ip prefix-list Trial-2 seq 10 permit 0.0.0.0/0 le 32 router eigrp 100 distribute-list prefix- Trial-2 outAfter you have applied the changes, the Scumble router's routing table should show the reappearance of the 10.0.0.0 networks and the 11.0.0.0 networks with masks greater than 16. The loopbacks created in the preceding step should have been removed, as shown in Example D-10.
Example D-10. Scumble Router's Routing Table After Changing Prefix List Trial-2
Scumble# clear ip route *
Scumble# show ip route | include is|via
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Loopback10
C 192.168.11.0/24 is directly connected, Loopback20
C 192.168.4.0/24 is directly connected, Loopback2
C 192.168.5.0/24 is directly connected, Loopback3
10.0.0.0/24 is subnetted, 2 subnets
D 10.2.2.0 [90/156160] via 192.168.1.1, 00:00:16, FastEthernet0
D 10.1.1.0 [90/178688] via 192.168.1.1, 00:00:16, FastEthernet0
C 192.168.6.0/24 is directly connected, Loopback4
11.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
D 11.2.0.0/16 [90/156160] via 192.168.1.1, 00:00:16, FastEthernet0
D 11.24.0.0/13 [90/156160] via 192.168.1.1, 00:00:16, FastEthernet0
D 11.192.0.0/10 [90/156160] via 192.168.1.1, 00:00:16, FastEthernet0
C 192.168.7.0/24 is directly connected, Loopback5
C 192.168.1.0/24 is directly connected, FastEthernet0
C 192.168.2.0/24 is directly connected, Loopback0
C 192.168.3.0/24 is directly connected, Loopback1Example D-11 shows the completed configuration for the Impasto router.Example D-11. Complete Configuration for the Impasto Router
interface Loopback0 ip address 10.2.2.1 255.255.255.0 ! interface Loopback10 ip address 11.1.1.1 255.255.255.248 ! interface Loopback11 ip address 11.2.1.1 255.255.0.0 ! interface Loopback12 ip address 11.30.1.1 255.248.0.0 ! interface Loopback13 ip address 11.200.1.1 255.192.0.0 ! interface Loopback14 ip address 11.1.1.33 255.255.255.248 ! interface Loopback15 ip address 11.1.1.65 255.255.255.248 ! interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ! interface TokenRing0/0 ip address 10.1.1.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 11.0.0.0 network 192.168.1.0 neighbor 192.168.1.2 distribute-list prefix Trial-2 out distribute-list prefix Internal in no auto-summary ! ip prefix-list Internal seq 5 deny 192.168.0.0/24 ip prefix-list Internal seq 10 deny 192.168.1.0/24 ip prefix-list Internal seq 15 deny 192.168.2.0/24 ip prefix-list Internal seq 20 deny 192.168.3.0/24 ip prefix-list Internal seq 25 deny 192.168.4.0/24 ip prefix-list Internal seq 30 deny 192.168.5.0/24 ip prefix-list Internal seq 35 deny 192.168.6.0/24 ip prefix-list Internal seq 40 deny 192.168.7.0/24 ip prefix-list Internal seq 45 permit 0.0.0.0/0 le 32 ! ip prefix-list Trial-2 seq 5 deny 11.1.0.0/16 ge 25 ip prefix-list Trial-2 seq 10 permit 0.0.0.0/0 le 32
With a little practice, you might use the simpler prefix lists in place of access lists for all routing protocols, not just for BGP.
){kind=link}
No comments:
Post a Comment