Replies: 2 comments
-
|
In fact, the prefix-lists working as have to be working (hope it is not broken in 9.1-dev). Fortunately it is one of the few features in quagga/frr that I have never experienced any problems and bugs with (except the logic change in some versions with le/ge)... In your prefix-list you match all announces that are exactly for network 10.0.0.0/8 it do not match 10.1.0.0/16 for example. If you want to match 10.0.0.0/8 and all /24 networks that the /8 can contain have to use this: ip prefix-list No-Exp seq 5 permit 10.0.0.0/8 le 24 That will match 10.0.0.0/8, and everything the 8bit netmask limits - all networks from 10.0.0.0/24 up to 10.255.255.0/24 and all /23 ,/22, /21... up to /8. Because your 2 example networks (10.6.2.0/24 and 10.5.2.0/24) can not be combined in one bigger network (for example 10.2.4.0/24 and 10.2.5.0/24 can be combined in 10.2.4.0/23) you can NOT write your prefix-list with just one line. For more info you can read the docs: https://docs.frrouting.org/en/latest/filter.html |
Beta Was this translation helpful? Give feedback.
-
|
Aggreed with @IvayloJ ip prefix-list XXX seq 5 deny 10.0.0.0/8 ge 8 le 24 route-map XXX-IN permit 10 Works well almost 3 years in frr 7 until now using 9.0.1 |
Beta Was this translation helpful? Give feedback.
-
c4c3989cc2da# show version
FRRouting 9.1-dev-my-manual-build (c4c3989cc2da) on Linux(5.4.0-166-generic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--prefix=/usr' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--enable-sharpd' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-config-rollbacks' '--enable-vty-group=frrvty' '--enable-snmp=agentx' '--enable-scripting' '--with-pkg-extra-version=-my-manual-build'
c4c3989cc2da#
(ubuntu based FRR)
I have two loopback interfaces with /24 mask configured as follows:
lo:5: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.5.2.1 netmask 255255.255.0
loop txqueuelen 1000 (Local Loopback)
lo:6: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.6.2.1 netmask 255.255.255.0
loop txqueuelen 1000 (Local Loopback)
I want to match both the prefixes in a prefix-list for a bgp route-map and apply community as follows
ip prefix-list No-Exp seq 5 permit 10.0.0.0/8
But, it's not matching the prefixes 10.5.2.0/24 and 10.6.2.0/24
I can see the hit count is always zero
c4c3989cc2da# show ip prefix-list detail
Prefix-list with the last deletion/insertion: No-Exp
ZEBRA: ip prefix-list No-Exp:
count: 1, range entries: 0, sequences: 5 - 5
seq 5 permit 10.0.0.0/8 (hit count: 0, refcount: 0)
Prefix-list with the last deletion/insertion: No-Exp
OSPF: ip prefix-list No-Exp:
count: 1, range entries: 0, sequences: 5 - 5
seq 5 permit 10.0.0.0/8 (hit count: 0, refcount: 0)
Prefix-list with the last deletion/insertion: No-Exp
BGP: ip prefix-list No-Exp:
count: 1, range entries: 0, sequences: 5 - 5
seq 5 permit 10.0.0.0/8 (hit count: 0, refcount: 0)
c4c3989cc2da#
to match the prefixes individually, I have to use two individual prefix-list sequences as follows
ip prefix-list No-Exp seq 5 permit 10.5.2.0/24
ip prefix-list No-Exp seq 6 permit 10.6.2.0/24
BGP: ip prefix-list No-Exp:
count: 2, range entries: 0, sequences: 5 - 6
seq 5 permit 10.6.2.0/24 (hit count: 7, refcount: 0)
seq 6 permit 10.5.2.0/24 (hit count: 3, refcount: 0)
I can see the hit count incrementing properly in this case.
Question is, how can I match a large number of prefixes in a single prefix-list statement since shortest global match /8 match is not working?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions