Dynamic Routing Prefix Lists

Prefix List entries determine parts of networks which can be allowed or denied in specific contexts used in routing daemons. For example, a prefix list may be used to match specific routes in a route map.

The order of entries inside prefix lists is important, and this order is determined by a sequence number.

Prefix List Configuration

To create a new prefix list, use the route dynamic prefix-list <name> command, which enters config-prefix-list mode:

tnsr(config)# route dynamic prefix-list mypl
tnsr(config-prefix-list)#

config-prefix-list mode contains the following commands:

description <text>

A text comment to describe this prefix list.

sequence <sequence-number> (permit|deny) <prefix> [ge <lower-bound>] [le <upper-bound>]

Creates a new rule with the specified sequence number to permit or deny a given prefix. This may optionally be bound by an upper or lower prefix size limit. When no upper or lower bound is set, the prefix will be matched only exactly as given. Setting bounds allows a prefix list to also match more specific routes which are a part of the specified network.

sequence <sequence-number>

The sequence number for this rule, which controls the order in which rules are matched inside this prefix list. Each rule in a prefix list must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use 10, 20, 30, rather than 1, 2, 3.

(permit|deny)

The action to take for this rule, either permit or deny.

<ip-prefix>

The IP prefix to match for this rule, given in network/prefix notation. For example, 192.168.0.0/16.

ge <lower-bound>

Sets a lower bound for the prefix length. This must be greater than the prefix length given in <prefix>, and less than or equal to the value of le <upper-bound>, if present.

le <upper-bound>

Sets an upper bound for the prefix length. This must be greater than the prefix length given in <prefix>, and greater than or equal to the value of ge <upper-bound>, if present.

Prefix List Examples

For example, the following prefix list will match any of the RFC1918 networks:

tnsr(config)# route dynamic prefix-list RFC1918
tnsr(config-prefix-list)# description List of RFC1918 private address space
tnsr(config-prefix-list)# sequence 10 permit 10.0.0.0/8 le 32
tnsr(config-prefix-list)# sequence 20 permit 172.16.0.0/12 le 32
tnsr(config-prefix-list)# sequence 30 permit 192.168.0.0/16 le 32

For each of these entries, the prefix list will match based on the bits specified in the prefix. A match will occur for any network included in the specified range. For example, 10.0.0.0/8 le 32 means a route for any smaller network inside 10.0.0.0/8 will also match, so long as the prefix length is less than 32. So 10.2.0.0/16 will also match this entry, as will 10.34.157.82/32. Taken as a whole, this prefix list will match not only the list of RFC1918 networks exactly, but any smaller network wholly contained inside.

As another example, consider this rule instead:

tnsr(config-prefix-list)# sequence 10 deny 10.0.0.0/8 ge 24 le 32

This matches routes for networks inside of 10.0.0.0/8 with a prefix length greater than or equal to 24 but less than or equal to 32. Meaning it will not match larger networks such as 10.2.0.0/16 but it will match more specific networks such as 10.2.56.128/29 anywhere inside the 10.0.0.0/8 address space. This type of rule can be used to exclude small prefixes from being matched by a route map, for example.

Prefix lists are then used in another context, such as with a route map, to match routes any of the specified networks when taking other actions.

Prefix List Status

To view prefix lists, use the show route dynamic prefix-list [name] command. Add the name of a prefix list to restrict the output to a single prefix list.

tnsr(config)# show route dynamic prefix-list

Prefix Name: RFC1918
Description: List of RFC1918 private address space
    Seq Action Prefix         LE Len GE Len
    --- ------ -------------- ------ ------
    10  permit 10.0.0.0/8     32
    20  permit 172.16.0.0/12  32
    30  permit 192.168.0.0/16 32

Prefix Name: mypl
Description:
    Seq Action Prefix         LE Len GE Len
    --- ------ -------------- ------ ------
    10  deny   192.168.0.0/16