Re: Question about prefix list
> Ann, > the commas not withstanding, the le/ge operands as applicable to > prefix-lists simply mean "less-than or equal-to" or greater-than or > "equal-to" wrt netmasks in CIDR speak. > > In you prefix-list below, the le operand means - > allow following ranges: > > /22,/23,/24 deny all else > for the /21 > it means allow /21 thru /24 > > Anything without an operand means an exact-match(permit/deny) > > Homework for you: > > What do the following do: > > 1) ip prefix-list foo deny 0.0.0.0/0 le32 > 2) ip prefix-list foo permit 0.0.0/0 le 32 > > Understand the above and you will understand how operands work in > prefix-lists. > ./Randy > > > --- On Wed, 2/1/12, Ann Kwok wrote: > >> From: Ann Kwok >> Subject: Question about prefix list >> To: nanog@nanog.org >> Date: Wednesday, February 1, 2012, 6:32 AM >> Hi >> >> I read this prefix list. >> >> Can I know why there is "le 24" after network block in /22 >> and /21 >> >> Why don't have "le 24" after /24? >> >> I also saw another prefix list before. They use "le 32" >> instead of "le 24" >> >> What are their different? >> >> ip prefix-list prefix-filter-as100 seq 10 permit >> 202,168.136.0/22 le 24 >> ip prefix-list prefix-filter-as100 seq 20 permit >> 202,22.92.0/22 le 24 >> ip prefix-list prefix-filter-as100 seq 30 permit >> 202,21.148.0/22 le 24 >> ip prefix-list prefix-filter-as100 seq 40 permit >> 203,178.88.0/21 le 24 >> ip prefix-list prefix-filter-as100 seq 50 permit >> 178.88.74.0/24 >> >> Thank you so much >> > > Here is how I look at prefix lists Lets say I have the following: ip prefix-list EXAMPLE permit 202.21.148.0/22 le 24 What this essentially means is match any prefixes that match the first 22 bits of 202.21.148.0 with a prefix length less than or equal to /24. The third octet (148) is 10010100 in binary, the /22 would be at 100101|00. So we would match anything that has the same bits set before the divider or the /22 mark. Matching prefixes would be: 202.21.148.0/22 202.21.148.0/23 202.21.150.0/23 202.21.148.0/24 202.21.149.0/24 202.21.150.0/24 202.21.151.0/24 Hope that makes sense. -- Matt Reath CCIE #27316 (SP) m...@mattreath.com | http://mattreath.com Twitter: http://twitter.com/mpreath
Re: Question about prefix list
Ann, the commas not withstanding, the le/ge operands as applicable to prefix-lists simply mean "less-than or equal-to" or greater-than or "equal-to" wrt netmasks in CIDR speak. In you prefix-list below, the le operand means - allow following ranges: /22,/23,/24 deny all else for the /21 it means allow /21 thru /24 Anything without an operand means an exact-match(permit/deny) Homework for you: What do the following do: 1) ip prefix-list foo deny 0.0.0.0/0 le32 2) ip prefix-list foo permit 0.0.0/0 le 32 Understand the above and you will understand how operands work in prefix-lists. ./Randy --- On Wed, 2/1/12, Ann Kwok wrote: > From: Ann Kwok > Subject: Question about prefix list > To: nanog@nanog.org > Date: Wednesday, February 1, 2012, 6:32 AM > Hi > > I read this prefix list. > > Can I know why there is "le 24" after network block in /22 > and /21 > > Why don't have "le 24" after /24? > > I also saw another prefix list before. They use "le 32" > instead of "le 24" > > What are their different? > > ip prefix-list prefix-filter-as100 seq 10 permit > 202,168.136.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 20 permit > 202,22.92.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 30 permit > 202,21.148.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 40 permit > 203,178.88.0/21 le 24 > ip prefix-list prefix-filter-as100 seq 50 permit > 178.88.74.0/24 > > Thank you so much >
Re: Question about prefix list
> ip prefix-list prefix-filter-as100 seq 10 permit 202,168.136.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 20 permit 202,22.92.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 30 permit 202,21.148.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 40 permit 203,178.88.0/21 le 24 ^ randy
Re: Question about prefix list
Hi Ann, The le parameter can be included to match all more-specific prefixes within a par ten prefix up to a specified length. FE: 202.168.136.0/22 le 25 will match 202.168.136.0/22 and all prefixes contained therein with a length of 24 or less. They appear to be blocking everything with a length longer dan /24 (so /25 /26 etc etc.) the last line doesn't have this because it's only 1 /24 subnet. Regards, Wouter On Feb 1, 2012, at 15:32 , Ann Kwok wrote: > Hi > > I read this prefix list. > > Can I know why there is "le 24" after network block in /22 and /21 > > Why don't have "le 24" after /24? > > I also saw another prefix list before. They use "le 32" instead of "le 24" > > What are their different? > > ip prefix-list prefix-filter-as100 seq 10 permit 202,168.136.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 20 permit 202,22.92.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 30 permit 202,21.148.0/22 le 24 > ip prefix-list prefix-filter-as100 seq 40 permit 203,178.88.0/21 le 24 > ip prefix-list prefix-filter-as100 seq 50 permit 178.88.74.0/24 > > Thank you so much
Question about prefix list
Hi I read this prefix list. Can I know why there is "le 24" after network block in /22 and /21 Why don't have "le 24" after /24? I also saw another prefix list before. They use "le 32" instead of "le 24" What are their different? ip prefix-list prefix-filter-as100 seq 10 permit 202,168.136.0/22 le 24 ip prefix-list prefix-filter-as100 seq 20 permit 202,22.92.0/22 le 24 ip prefix-list prefix-filter-as100 seq 30 permit 202,21.148.0/22 le 24 ip prefix-list prefix-filter-as100 seq 40 permit 203,178.88.0/21 le 24 ip prefix-list prefix-filter-as100 seq 50 permit 178.88.74.0/24 Thank you so much
