understanding Prefix-List

I am trying to understand the purpose of the number that comes after the "/".
example:
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17

2 means match 2 bits of first octet 10

however whatever I put , the prefix list will care just about the ge 17

to clarify it I have this table before filtering:

R1(config)#do sh ip route 
      10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D        10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0

Open in new window


if I use : ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
router eigrp 1
 distribute-list prefix TEST in


R1(config)#do sh ip route

      10.0.0.0/8 is variably subnetted, 5 subnets, 5 masks
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0

Open in new window


so what 's the purpose of the number that comes after the slash sign "/", example:10.0.0.0/2

Thank you
jskfanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hemil AquinoNetwork EngineerCommented:
Here is a personal example that would help you to understand it better.

Let say I have two routers R1 and R2

R1 has the following loop-back interface with 32 bit subnet mask

lo0 10.0.0.1 255.255.255.255
lo1 10.0.1.1 255.255.255.255
lo2 10.0.2.1 255.255.255.255

All the network above it's been advertised. So, now I want to filter traffic preventing Lo2 to be advertise towards R2

R1(config)# Ip prefix-list Filter_10.0.2.1 deny 10.0.2.1 /32 ----"we are denying that specific subnet"
R1(config)# Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0 le 32 --- "below my description"

Permit anything else with any prefix-list
Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0

ge (greater) Minimum prefix length to be matched
le (less) Maximum prefix length to be matched

When I said (le 32) means: The prefix list should be less OR equal to 32. I have a 32 bit a address so all the network should be less or equal 32.
You follow me so far?

Another example.

I would like to include any routes in the range of 10.0.3.0/24 with a prefix length of 26 or greater. Essentially any advertised route that’s a /26,/27,/28,/29,/30,/31,or /32

R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 ge 26
R2#clear ip eigrp 100 neighbors
R2#sh ip route

     10.0.0.0/8 is variably subnetted, 7 subnets, 7 masks
D       10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.192/27 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.224/28 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.248/30 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.252/31 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.254/32 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D       10.0.3.240/29 [90/156160] via 192.168.1.1, 00:00:19, FastEthernet0/0
     192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0

As you can see we are now collecting the desired routing information.  Like the  “gr” option the “le” or “less than or equal to” option has a similar effect but in reverse.   After clearing the list and creating the rule below the results are as follows:

R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 le 26
R2(config)#do clear ip eigrp neighbor
R2(config)#do sh ip route

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D       10.0.3.0/25 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
D       10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0

The example configuration above will include /24, /25 and /26 prefixes falling inside the 10.0.3.0/24 range of network

Hope it helps,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
thanks Hemil Aquino
I had this one :  10.0.0.0/2 ge 17  -----you can see it is just 2 bits after the slash "/"


if it was  10.0.0.0/8 ge 17  or  10.0.0.0/16 ge 17, it would make sense , but  2 bits from the first octet , I could not tell what is covered to be permitted and what  is not...
0
jskfanAuthor Commented:
i know 10 in binary is 00001010

if  My prefix list is :
ip prefix-list LIST1 permit 10.0.0.0/2

you would think from the first octet (10) in binary it has  2 Zeros 00001010
 so any network that starts with 10 in our case  is permitted

but when I used that prefix list ... the routing table dis not show any of the Network 10
0
JustInCaseCommented:
Prefix list ip prefix-list LIST1 permit 10.0.0.0/2 without ge or le will permit exactly that network 0.0.0.0/2 (0.0.0.0 192.0.0.0). Router will automatically convert 10.0.0.0/2 to 0.0.0.0/2, since it is the same range as 0.0.0.0/2 (matches network range 0.0.0.0 - 63.255.255.255).

ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17 will be match for any network from range that first octet starts 0 - 63 that has subnet mask greater or equal to /17  -> and it did its job. As you can see from your outing output - route
D        10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0

Open in new window

is missing is the second show ip route output (implicit deny at the end of prefix list matches 10.1.0.0/16).
0
jskfanAuthor Commented:
Thank you Guys !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.