Prefix lists can be used as an alternative to access
lists in many BGP route filtering commands. The advantages of using prefix lists
are:
- Significant performance improvement in loading
and route lookup of large lists
- Support for incremental updates
Filtering using extended access lists does not
support incremental updates.
- More user-friendly command-line interface
The command-line interface for using access
lists to filter BGP updates is difficult to understand and use, since it uses
the packet filtering format.
Before using a prefix list in a command, you must
set up a prefix list, and you may want to assign sequence numbers to the entries
in the prefix list.
How the System Filters Traffic by Prefix List
Filtering by prefix list involves matching the
prefixes of routes with those listed in the prefix list. When there is a match,
the route is used. The matching is similar to that of the access list. More
specifically, whether a prefix is permitted or denied is based upon the
following rules:
- An empty prefix list permits all prefixes.
- An implicit deny is assumed if a given prefix
does not match any entries of a prefix list.
- When multiple entries of a prefix list match a
given prefix, the sequence number of a prefix list entry identifies the
entry with the lowest sequence number. In this case, the entry with the
smallest sequence number is considered to be the "real" match.
The router begins the search at the top of the
prefix list, with the sequence number 1. Once a match or deny occurs, the
router does not need to go through the rest of the prefix list. For
efficiency, you may want to put the most common matches or denies near the top
of the list, using the argument seq in the ip
prefix-list command. The show
commands always include the sequence numbers in their output.
Sequence numbers are generated automatically
unless you disable this automatic generation. If you disable the automatic
generation of sequence numbers, you must specify the sequence number for each
entry using the seq-value argument of the ip
prefix-list command. Regardless of
whether the default sequence numbers are used in configuring a prefix list, a
sequence number does not need to be specified when removing a configuration
entry. Show
commands include the sequence numbers in their output.
Creating a Prefix List
To create a prefix list, use the ip
prefix-list command in Figure ,
beginning in router configuration mode.
Note: To create a prefix list you must enter at least one permit
or deny
clause.
To remove a prefix list and all of its entries,
use the no ip prefix-list
command, beginning in router configuration mode. 
Configuring a Prefix List Entry
You can add entries to a prefix list
individually. To configure an entry in a prefix list, use the ip prefix-list
command, beginning in router configuration mode. 
The optional keywords ge
and le
can be used to specify the range of the prefix length to be matched for prefixes
that are more specific than network/len. An exact match is assumed
when neither ge
nor le
is specified. The range is assumed to be from ge-value to 32 if only the ge
attribute is specified, and from len
to le-value if only the le
attribute is specified.
A specified ge-value and/or le-value
must satisfy the following condition:
len < ge-value <= le-value <= 32
For example, to deny all prefixes matching /24 in
128.0.0.0/8, you would use:
ip prefix-list abc deny 128.0.0.0/8 ge 24
le 24
Note: You
can specify sequence values for prefix list entries in any increments you want
(the automatically generated numbers are incremented in units of 5). If you
specify the sequence values in increments of 1, you cannot insert additional
entries into the prefix list. If you choose very large increments, you could run
out of sequence values.
Configuring How Sequence Numbers of Prefix List
Entries Are Specified
By default, the sequence numbers are
automatically generated when you create a prefix list entry. Sequence numbers
can be suppressed with the command no ip
prefix-list sequence-number. Sequence
values are generated in increments of 5. The first sequence value generated in a
prefix list would be 5, then 10, then 15, and so on. If you specify a value for
an entry and then do not specify values for subsequent entries, the assigned
(generated) sequence values are incremented in units of five. For example, if
you specify that the first entry in the prefix list have a sequence value of 3,
and then do not specify sequence values for the other entries, the automatically
generated numbers will be 8, 13, 18, and so on.
To disable the automatic generation of sequence
numbers, use the no ip prefix-list
sequence-number command, beginning in
router configuration mode. 
To re-enable automatic generation of the sequence
numbers of prefix list entries, use the ip prefix-list sequence number command,
beginning in router configuration mode. 
If you disable automatic generation of sequence
numbers in a prefix list, you must specify the sequence number for each entry
using the seq-value argument of the ip
prefix-list command.
Regardless of whether the default sequence
numbers are used in configuring a prefix list, a sequence number does not need
to be specified when de-configuring an entry. Show commands include the sequence
numbers in their output.
Deleting a Prefix List or Prefix List Entries
To delete a prefix list, use the no
ip prefix-list command, beginning in
router configuration mode. 
You can delete entries from a prefix list
individually. To delete an entry in a prefix list, use the no
ip prefix-list seq command, beginning in
router configuration mode. 
Note: The
sequence number of an entry does not need to be specified when you delete the
entry.
Showing Prefix Entries
To display information about prefix tables,
prefix table entries, the policy associated with a node, or specific information
about an entry, use the following commands, beginning in EXEC mode. 
Clearing the Prefix Table Hit Count
To clear the hit count of prefix list entries,
use the clear ip prefix-list
command, beginning in EXEC mode. 
|