Once again, thanks John,
It is small conversations like this one that makes you learn something the
books for some reason doesn't mention, or explains badly.
Thanks,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 12:03 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: BGP prefix compiling [7:13828]
Exactly! ;-)
Since a prefix must start with at least 172.16.0.0/16, it doesn't make
sense to use "ge 8". The mask must be at least /16 to match
172.16.0.0/16, hence the error.
As you can see from the error, the ge value must be greater than the
mask you specify in the first portion of the statement. In this case,
any ge value must be greater than 16. Hmm...I just looked at my post
and it appears that the error message was truncated somehow.
It went on to say that len must be less than the ge-value, which must
be less than or equal to the le-value. I won't paste in the exact error
since it will probably be truncated again.
Given that prerequisite, you'd have to restate your example like this:
ip prefix-list elvira permit 172.16.0.0/8 ge 9
However, I just tried this and it was changed to:
ip prefix-list elvira permit 172.0.0.0/8 ge 9
I suppose the logic of this is becoming quite strained, since it's not
apparent what we're trying to accomplish. If the goal is to permit
172.16.0.0 and any subnet but *not* allow any other 172.0.0.0/8, then we
could do this:
ip prefix-list elvira permit 172.16.0.0/16 le 32
ip prefix-list elvira deny 172.0.0.0/8 le 32
It always helps to know what we're trying to do before we try to do it.
:-)
Regards,
John
>>> Ole Drews Jensen 7/26/01 10:29:32 AM >>>
Okay, now you're confusing me John.
If we take "ip prefix-list elvira permit 172.16.0.0/16 le 32" wouldn't
that
permit /16 thru /32, whereas "ip prefix-list elvire permit
172.16.0.0/16 ge
8" would permit /8 thru /32?
But, I guess the error message you included was for the /16 ge 8, which
kind
of ends this discussion :-)
Thanks,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 11:17 AM
To: [EMAIL PROTECTED]
Subject: RE: BGP prefix compiling [7:13828]
I don't see why that wouldn't work. As I mentioned previously, it
will
match all prefixes that begin with exactly 172.16 but have a mask of
/8
or greater. There are other ways to accomplish the same thing that
make
more sense, but at the moment this logic seems valid. Although, I
suppose it doesn't really make any sense to write it like that since
it
accomplishes the same thing as
ip prefix-list elvira permit 172.16.0.0/16 le 32
This would match the same prefixes and makes much more sense.
Okay, I just tried it and I received an error that says:
% Invalid prefix range for 172.16.0.0/16, make sure: len
John
>>> Ole Drews Jensen 7/26/01 9:44:20 AM >>>
Yes that does make sense - THANKS - and I wonder why none of the books
I
have read about this mention this small but very important fact, that
ge
stands for >= and le for = and it just didn't occur to me. From
previous
programming experience a long time ago I should have noticed this, but
I
had a brain cloud.
Anyway, this makes this much easier to remember how this works. Let's
use your last example:
Example : ip prefix-list elvira permit 172.16.0.0/16 ge 8
This will match any prefix that begins with 172.16 and has a mask
greater than or equal to 255.0.0.0. Let's modify your example a bit:
ip prefix-list elvira permit 172.16.0.0/16 le 24
This will match any prefix that begins with 172.16 and has a mask
between 255.255.0.0 and 255.255.255.0, or anything between a /16 and
/24
inclusive. Let's say you wanted to deny prefixes longer than /24:
ip prefix-list elvira deny 172.16.0.0/16 ge 25
This will match any prefix that begins with 172.16 but has a mask of
/25 or longer.
Does that make sense? I hope I have that right! ;-)
Regards,
John
>>> "Ole Drews Jensen" 7/25/01 8:33:13 PM >>>
This is to (hopefully) confirm that my understanding of the examples
in
the
BSCN book and the IRA 2nd. ed. book are correct.
If the formel looks like this:
ip prefix-list elvis permit a.b.c.d/n
It will be compiled like this:
1) if neither "ge" nor "le" are added, only the excact prefix (n)
is
allowed.
2) if only "ge x" is added, n is ignored and an invinsible le of
32
are
added so
prefix x thru 32 are permitted.
3) if only "le y" is added, prefix n thru y are permitted.
4) if both "ge x" and "le y" are added, n is ignored and prefix x
thru
y are permitted.
This is to all you BGP experts out there - please comment with true or
false
on the 4 statements above, and add any comments or corrections if
necessary.
One last question, can the ge value be lower than the /n value?
Example : ip prefix-list elvira permit 172.16.0.0/16 ge 8
and would that allow only the prefix 172.16.0.0/8 ?
I thank you in advance,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13892&t=13828
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
