Prefix Lists

Prefix List entries determine parts of networks which can be allowed or denied in specific contexts used in routing daemons. For example, a prefix list may be used to match specific routes in a route map.

Prefix lists are managed on the Prefix Lists tab under Services > FRR Global/Zebra.

Prefix List Configuration

To create a new prefix list, click fa-plus Add from the Prefix Lists tab.

The top section of the page sets data about the prefix list itself:

IP Type

The IP version to match using this access list, either IPv4 or IPv6.

Name

The name of this prefix list, which will be visible in drop-down lists throughout FRR where prefix lists can be selected.

Description

A text comment to describe this prefix list.

Prefix List Entries

The Prefix list entries list contains rules which govern the behavior of the list. A prefix list can have multiple rules. To add more entries to the list, click fa-plus Add.

Sequence

The order of entries inside prefix lists is important, and this order is determined by a sequence number.

Each rule in a prefix list must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use 10, 20, 30, rather than 1, 2, 3.

Warning

The order of rules displayed in the GUI may be different than the order set by the sequence numbers. The sequence number order is the true order in which rules are evaluated.

Action

The action to take for this rule, either permit or deny.

Network

The network prefix to match. This may optionally be bound by Minimum Prefix (lower bound) or Maximum Prefix (upper bound) size limit. When no upper or lower bound is set, the prefix will be matched only exactly as given. Setting bounds allows a prefix list to also match more specific routes which are a contained within the given prefix.

Any

When set, matches any prefix.

Minimum Prefix

Also known as ge. Sets a lower bound for the prefix length. This must be greater than the prefix length given in Network, and less than or equal to the value of Maximum Prefix, if present.

Maximum Prefix

Also known as le. Sets an upper bound for the prefix length. This must be greater than the prefix length given in Network, and greater than or equal to the value of Minimum Prefix, if present.

Prefix List Examples

For example, the following prefix list will match any of the RFC1918 networks:

  • Sequence: 10, Action: Permit, Network: 10.0.0.0/8, Maximum Prefix: 32

  • Sequence: 20, Action: Permit, Network: 172.16.0.0/12, Maximum Prefix: 32

  • Sequence: 30, Action: Permit, Network: 192.168.0.0/16, Maximum Prefix: 32

For each of these entries, the prefix list will match based on the bits specified in the prefix. A match will occur for any network included in the specified range. For example, 10.0.0.0/8 with a Maximum Prefix of 32 means a route for any smaller network inside 10.0.0.0/8 will also match, so long as the prefix length is less than 32. So 10.2.0.0/16 will also match this entry, as will 10.34.157.82/32. Taken as a whole, this prefix list will match not only the list of RFC1918 networks exactly, but any smaller network wholly contained inside.

As another example, consider this rule instead:

  • Sequence: 10, Action: Deny, Network: 10.0.0.0/8, Minimum Prefix: 24, Maximum Prefix: 32

This matches routes for networks inside of 10.0.0.0/8 with a prefix length greater than or equal to 24 but less than or equal to 32. Meaning it will not match larger networks such as 10.2.0.0/16 but it will match more specific networks such as 10.2.56.128/29 anywhere inside the 10.0.0.0/8 address space. This type of rule can be used to exclude small prefixes from being matched by a route map, for example.