prefix-list logic

I've been trying to crack prefix-list logic for past few days.

For instance to block all class B we would run:

ip prefix-list BLOCKb seq 1 deny 128.0.0.0/2 ge 17

 

so we matching 2 bits so thats 1100 0000 - which is 192 right ? so does that mean we matching addresses that start with 128-through-192 that have subnetmasks of 255.255.128.0 or greater  ?

 

 

im greatly confused sorry if its obvious question ?

 

p.s edit did subnetting wrong

Comments

  • Hi,

    This page explain you how prefix-list works:

    http://blog.ine.com/2007/12/26/how-do-prefix-lists-work/

     

    Good Luck...

     

  • You are matching all Class B subnets with a mask of /17 or greater (255.255.128.0). To match all Class B subnets regardless of mask use le 32.

  • Unsobill,

    Sort of, to better understand it, I would divide it in two parts:

    128.0.0.0/2, says I care about the two most siginficant bits in binary of the first octet.

    128 = 10000000, therefore the two MSBs needs to be 10, all the other bits it doesn't care, so this will encompass, 128-191. (10000000 through 10111111 binary-wise)

    Now for the second part, you are referring to the masks available, ge 17, signifies that the masks denied in this case are all the masks greater than or equal to a /17 (255.255.128.0).

    So your prefix-list will match first on anything from 128-191.x.x.x with a subnet mask higher than /17. 

    Hope this helps you understand this.

    Good studies.

  • Unsobill,

    Sort of, to better understand it, I would divide it in two parts:

    128.0.0.0/2, says I care about the two most siginficant bits in binary of the first octet.

    128 = 10000000, therefore the two MSBs needs to be 10, all the other bits it doesn't care, so this will encompass, 128-191. (10000000 through 10111111 binary-wise)

    Now for the second part, you are referring to the masks available, ge 17, signifies that the masks denied in this case are all the masks greater than or equal to a /17 (255.255.128.0).

    So your prefix-list will match first on anything from 128-191.x.x.x with a subnet mask higher than /17. 

    Hope this helps you understand this.

    Good studies.

    qqabdal,

    So just to recap, the 128.0.0.0/2 deals with the address portion......the ge or le would deal with only the subnet masks that you are concerned with.....just making sure i have it cemented in my brain.... :)

    Thanks!

    Warjack

  • Thanks for replies :

    please corect me if i'm wrong  : does this prefix-list

    0.0.0.0/0 le 10

    allows any ip address with subnets 255.192.0.0 ?

     

    but if its :

    0.0.0.0/2 le 10

    then only allow class B networks (128.x.x.x-191.xx.x.x with subnets of 255.192.0.0 ?)

     

  • 0.0.0.0/0 le 10 matches all subnets with a netmask of 255.192 or less (/1, /2, /3, /4, /5, /6, /7, /8, /9, /10).

    The second one matches subnets start with 00 (0-63) and has a netmask of 255.192 or less.

    To practice prefix-lists start by typing your subnet in binary:

    00|00 0000

    You are saying that the first two bits should be 00 and don't care about the rest. Which means you have the values 0-63. The second portion matches the subnet mask. Le /10 means that you are matching /10 or less which is 255.192.0.0, 255.128.0.0, 255.0.0.0 and so on.

     

  • Thanks Daniel

    Sorry, how did you got 0-63 if first 2 bits are 128 and 64 ?

     

    128 64 | 32 16 8 4 2 1

     

    so we move on bits from right to left (not left to right ) ?

     

    I think its slowly setting in my head @[email protected] thanks everyone !

     

    p.s

     

    what if we have

    128.0.0.0/4 le 22 - does that mean match 128.0.0.0 through 128.7.255.255 (with subnets /1 through /22 ?) ?

     

     

  • The first two bits were set to zero in your example

    128 64 32 16 8 4 2 1

    0     0   x   x  x x x x

    So the lowest value you can get is 00000000 and the highest is 00111111 (63).

    If you have 128.0.0.0/4 then it means that you have

    128 64 32 16 8 4 2 1

    1    0   0   0  x  x x x

    So you have 10000000 (128) to 10001111 (143).

    Your understanding of the subnetmask is correct.

  • thanks Daniel for shaping my brains, next time im in Göteborg i get you a beer

     

     

     

    P.S

    I found nice prefix-list practice, will spend day training this for it to settle.

    http://www.netcraftsmen.net/presos/Prefix-List_Practice/player.html

  • Np. Beer sounds nice :) If you like hockey I'll take you to a game :D

  • 128.0.0.0/2 ge 17

    128 = 1000 0000
    /2   = 1100 0000

    will match "10"00 0000 = 128 up to "10"11 1111=191 with subnet mask of
    255.255.128.0




    --
    thx
    dsu
Sign In or Register to comment.