Re: SV: Match Any behaviour in Prefix lists

From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Sat Sep 17 2005 - 11:30:16 GMT-3

Good, Atleast it makes life simpler, atleast match any can be
0.0.0.0/0<http://0.0.0.0/0>le 32 in for permit and deny. (I am yet to
test your findings though).

Ok, did you check out the default route mystery? Whatz ur observation there?

-Venkat

On 9/17/05, moelkomy@cisco.com <moelkomy@cisco.com> wrote:
>
> I lab it in case of deny and found that both deny
0.0.0.0/0<http://0.0.0.0/0>
> and deny 0.0.0.0/0 <http://0.0.0.0/0> le 32 have same effect, which is
> denying everything.
>
> Regards,
>
> -------------------------------------------------------------------
>
>
>
> Mohamed ElKomy
>
> Cisco Systems, Systems Engineer
>
>
>
> Office: +2024885300
>
> GSM: +20121022297
>
> FAX: +2024885400
>
> moelkomy@cisco.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Venkataramanaiah.R
> Sent: Saturday, September 17, 2005 4:41 PM
> To: Leigh Harrison
> Cc: ccielab@groupstudy.com
> Subject: Re: SV: Match Any behaviour in Prefix lists
>
> Guys, Although i agree with your way of interpreting the default route
> sounds logical to me, it is not working that way practically. Even, i
> applied the same logic, however it is not working when i lab it up..
> Default
> route gets in only when i permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> and not
> with
> 0.0.0.0/32 <http://0.0.0.0/32> <http://0.0.0.0/32>.
>
> Well, if you look at permit all, it works fine with our logic. ie.,
> permit
> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> le 32 works for Permit
> all.
>
> Again, for deny all, the same logic does not work... To deny all, only
> deny
> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> works.
>
> Could you guys lab it and confirm.
>
> Thanks for your attempt to clarify
>
> -Venkat
>
>
> On 9/17/05, Leigh Harrison <ccileigh@gmail.com> wrote:
> >
> > Venkat,
> >
> > The way I think of it is:-
> >
> > ip prefix-list test permit 192.168.0.0/16 <http://192.168.0.0/16> <
> http://192.168.0.0/16> le
> 32
> >
> > The way I read it is the prefix that I'm looking for has to start
> > 192.168.x.x and have a mask of less than or equal to 32 bits - so the
> > mask has to be between 16 and 32 bits and begin with 192.168 and it's
> in.
> >
> > The bit that got me was making the difference between a prefix-list
> and
> > an access-list.
> >
> > For the default route:-
> > ip prefix-list test permit 0.0.0.0/32 <http://0.0.0.0/32> <
> http://0.0.0.0/32>
> >
> > This one reads "The prefix that I'm looking for has to start
> 0.0.0.0 <http://0.0.0.0><http://0.0.0.0>and
> > have mask of 32" - think "1 in the mask = unchangable bits" - so the
> > only thing it will allow here is 0.0.0.0 <http://0.0.0.0> <
> http://0.0.0.0> - no need to
> put
> > any ge or le
> > on the end as 32 bits is pretty definitive !!
> >
> > For all routes:-
> > ip prefix-list test permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> le 32
> >
> > This one reads "The prefix that I'm looking for has to start
> 0.0.0.0 <http://0.0.0.0><http://0.0.0.0>and
> > have a mask of 0" - think "1 in the mask = unchangable bits" - as it's
> a
> > 0, there are no bits that are fixed. The less than or equal to at the
> > end reads "but has to have a mask of 32 bits or less" - which will
> cover
> > everything.
> >
> > To read the last example as a whole:-
> > "I am looking for a prefix that has any number is it, with a mask of
> 32
> > bits or less"
> >
> > To read the first example as a whole:-
> > " I am looking for a prefix that begins with 192.168 and has a mask of
> > 32 bits or less"
> >
> > Hope that helps
> >
> > LH
> >
> >
> > Jens Petter Eikeland wrote:
> >
> > >HI ,
> > >
> > >I was wondering the same thing a while ago.. Here is how it is :
> > >
> > >prefix-list to match the "default-route" is;
> > >
> > >ip prefix-list mebean permit 0.0.0.0/32 <http://0.0.0.0/32> <
> http://0.0.0.0/32>
> > >
> > >all the first 32 bits "must" be zeros.
> > >
> > >
> > >prefix-list to match "any" route is;
> > >
> > >ip prefix-list mrbean permit 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0> le 32.
> > >
> > >All the 32 bits can be "anything" and can have any mask.
> > >
> > >Jens Petter Eikeland
> > >
> > >-----Opprinnelig melding-----
> > >Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
> > >Venkataramanaiah.R
> > >Sendt: 17. september 2005 10:39
> > >Til: ccielab@groupstudy.com
> > >Emne: Match Any behaviour in Prefix lists
> > >
> > >Any idea, which what do we configure for match any when you use the
> > prefix
> > >lists?
> > >
> > >In a case of deny only 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
> <http://0.0.0.0/0>
> > matches all the routes
> > >
> > >In a case of Permit, only 0.0.0.0/0 <http://0.0.0.0/0> <
> http://0.0.0.0/0>
> <http://0.0.0.0/0>
> > le 32 matches all the
> > >routes. Just 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> <
> http://0.0.0.0/0> does not
> > match all traffic, rather
> > >it matches just the default route, when used with a permit command.
> > >
> > >I am sure this is something to do with the way the prefix lists
> operate,
> > >which is apparently not clear to me.
> > >
> > >Can someone clarify?
> > >
> > >TIA
> > >-Venkat
> > >
> >
> >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3