Latest

Home / Networks / Network Traffic Filtering : IP Prefix Lists

Network Traffic Filtering : IP Prefix Lists

June 24, 2020
Let's talk about the route filtering technique named as IP Prefix list. So IP Prefix list is the way to permit and deny the routes with the larger block size.

With the use of two keywords , ge and le we are going to deny or permit the IP Prefix block with the subnet mask. The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. 

Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.

Below is the example showing topology and the use of the IP prefix list in the enterprise network. The example shows only for the demo purposes and has no relevance with any of the enterprise network.


Fig 1.1- IP Prefix Lists


Like we are taking an another example to understand the IP prefix list as below where i created the 3 sequences and showing three different prefix-list example

NDNA-R#prefix-list test seq 1 permit 5.5.5.0 255.255.255.0 ge 23
NDNA-R#prefix-list test seq 2 deny 6.6.6.0 255.255.255.0 ge 24 
NDNA-R#prefix-list test seq 3 permit 10.10.0.0 255.255.255.0 ge 24 le 28

Statement I
NDNA-R#prefix-list test seq 1 permit 5.5.5.0 255.255.255.0 ge 23

The first statement would match on prefix greater than the block size of 23 which means all the IP addresses with the higher subnet mask of /23 will be allowed and rest of others will be blocked.

Statement II
NDNA-R#prefix-list test seq 2 deny 6.6.6.0 255.255.255.0 ge 24 

The second statement would match on prefix greater than the block size of 24 which means all the IP addresses with the higher subnet mask of /24 will be allowed and rest of others will be blocked.

Statement III
NDNA-R#prefix-list test seq 3 permit 10.10.0.0 255.255.255.0 ge 24 le 28

The third statement would match on prefix greater than the block size of 24 but less than 28 which means all the IP addresses with the higher subnet mask of /23 and lesser subnet mask /28 will be allowed and rest of others will be blocked.

Hope the above mentioned examples are helpful understanding the IP prefix list.