Sep 20

The Use of Prefix Lists for Route Filtering

Using IP prefix lists has several advantages over using an ACL.  Prefix lists match on more than just an IP address, they also match on the prefix length of the route.  This as we have seen maybe an advantage but can also cause problems with routes being filtered that we didn’t intend.  Finally, the internal processing of the IP prefix lists uses an internal tree structure that results in faster matching of routes than with ACLs.

Much like ACLs,  Prefix configuration commands using the same name end up being in the same list.  As with named ACLs, each ip prefix-list command has a sequence number to allow later deletion of individual commands and insertion of commands into a particular sequence position.  Prefix lists are read in order, top to bottom and once a match is found the rest of the list does not get read. Each command has a permit or deny action, but because it is used only for matching routes, and not for packet filtering, the permit or deny keyword just implies whether a route is matched (permit) or not (deny).

Creating a Prefix list uses the following command syntax.

ip prefix-list list-name [seq seq-value] {deny | permit prefix/prefixlength}[ge gevalue] [le le-value]

EX.  Ip prefix-list FILTER_ADV_ROUTES seq 10 permit 172.31.26.0/23 ge 24 le 32

Continue reading