[cisco-nas] Question about prefix list

Mark Tinka mtinka at globaltransit.net
Wed Feb 1 21:18:38 EST 2012 

On Thursday, February 02, 2012 08:50:18 AM annkwok80 wrote:

> Can I know why there is "le 24" after network block in
> /22 and /21

As Aaron mentioned, this is probably more appropriate on the 
'c-nsp' mailing list, but I'll try and answer your questions 
anyway.

The reason you have 'le xx' or 'ge xx' after the prefix is 
to define additional bit boundaries that warrant further 
examination of that particular prefix, without resorting to 
manually defining the additional prefix itself.

So it's like saying, "of this /22, also consider a /23 from 
the same block, a /24 from the same block, e.t.c.", without 
manually typing the /23 or /24 prefix as well. It saves time 
and effort.

> Why don't have "le 24" after /24?

Well, in this particular case, 'le xx' means "anything 
longer than or equal to xx'. Above, 'x.x.x.x/24 le 24' is 
the same as saying 'x.x.x.x/24', because you're not asking 
the router to consider any prefix longer than a /24, while 
the original prefix is a /24 anyway.

But, if you did something like 'x.x.x.x/24 le 29', that 
means from the /24 prefix, the router can also consider /25, 
/26, /27, /28 and /29.

Hope I didn't confuse you :-).

> I also saw another prefix list before. They use "le 32"
> instead of  "le 24"

'le 32' means the router will consider prefixes that are up 
to 32 bits long, i.e., /24, /25, 26, /27, /28, /29, /30, /31 
and /32.

> ip prefix-list prefix-filter-as100 seq 10 permit
> 202,168.136.0/22 le 24 

> ip prefix-list
> prefix-filter-as100 seq 20 permit 202,22.92.0/22 le 24

> ip prefix-list prefix-filter-as100 seq 30 permit
> 202,21.148.0/22 le 24 

> ip prefix-list prefix-filter-as100
> seq 40 permit 203,178.88.0/21 le 24

All the above prefix lists basically say, "consider the 
prefix and all longer subnets of it up to a maximum length 
of /24", e.g., 202.168.136.0/22, and any other subnet from 
this prefix up to a maximum prefix length of /24.

> ip prefix-list
> prefix-filter-as100 seq 50 permit 178.88.74.0/24

This one basically matches only that particular /24. Any 
subnets that are generated from this /24 will not be 
considered by the router.

Hope this helps.

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20120202/a2a543f5/attachment.sig>

More information about the cisco-nas mailing list