[c-nsp] Leaking specific routes from a VRF

Brian Turnbow b.turnbow at twt.it
Mon Sep 7 04:39:27 EDT 2009


>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of luismi
>Sent: lunedì 7 settembre 2009 10.17
>To: Tomas Caslavsky
>Cc: ivan.diaz at raxon.es; cisco-nsp at puck.nether.net; Daniska Tomas
>Subject: Re: [c-nsp] Leaking specific routes from a VRF

>Hi all,

>We are doing some tests here with the code provided by Tomas.
>We have several questions that we were not able to find a proper answer
>over internet that we would like to share with you to see if we can
>understand everything correctly:

>a) "ip prefix-list" has a parameter called "le" so we can create the
>rule like this: 

>ip prefix-list FTP_NET seq 1 permit 10.53.0.224/29 le 32

>Why is the reason to use "le" parameter? we saw it in several examples
>over internet but we don't understand it yet.
>What is the impact if we don't use it?

Le works like "less than or equal to" 
So 10.53.0.224/29 le 32  matches any route less than or equal to a /32 inside your /29.
So if for example 10.53.0.228/32 arrives it matches, as will 10.53.0.224/30 or 10.53.0.224/29
Without le you match only the /29 so in the above example only the /29 matches.
This makes the use of prefix lists very flexible. 


>b) Is there any difference if we use a normal ACL instead a prefix-list
>in the route-map? we also saw several configurations using ACLs and it
>seems to do the same.

You can use them as well but lose the flexibility.

Brian

>Regards and thanks in advance.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list