Route Filtering - Prefix Lists - LE and GE Examples

I always get the le and ge confused when I write prefix-lists to filter routes. I think I get a mental hang-up trying to get my head around the "more specific than x" is equal to "greater than x length subnet mask". I did a lab this afternoon because I had to provide a filter and decided to write down the results into this blog so I can reference in the future. Hope it does help someone else.

Topology is as per the below points:

• R1 and R2 have BGP adjacency across 1.1.1.0/30 network. 
• R1 has LAN interfaces 192.168.3.1/28 and 192.168.3.250/30. 

In the below examples we look at "matching the /30 routes only within the /24 range" as one example and "matching the smaller routes within the /24" as a second example. The last example we "match routes that are /28 to /29 in length from within the /24" by chaining both le and ge together.

Match all /30 routes within larger supernet

I wanted to write a prefix-list that would:

• Advertise /30 routes only from within the 192.168.3.0/24 supernet (i.e don't advertise 192.168.3.0/28 but advertise 192.168.3.250/30)

The below achieves that:

R1#router bgp 1

 no synchronization

 bgp log-neighbor-changes

 network 1.1.1.0 mask 255.255.255.252

 network 192.168.3.0 mask 255.255.255.240

 network 192.168.3.252 mask 255.255.255.252

 timers bgp 5 20

 neighbor 1.1.1.2 remote-as 2

 neighbor 1.1.1.2 soft-reconfiguration inbound

 neighbor 1.1.1.2 route-map BGP-OUT out

 no auto-summary

!

route-map BGP-OUT permit 10

 match ip address prefix-list TEST

!

ip prefix-list TEST seq 5 permit 192.168.3.0/24 ge 30

In the above we match /30 routes only within the /24 supernet. Below is the output proving it. You can see that we don't advertise the 192.168.3.0/28 route we have.

R1#show ip bgp neigh 1.1.1.2 advertised-routes

BGP table version is 6, local router ID is 192.168.3.253

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 192.168.3.252/30 0.0.0.0                  0         32768 i

Total number of prefixes 1

Match all smaller routes within larger supernet

I wanted to write a prefix-list that would:

• Advertise all smaller routes within a specific supernet (192.168.3.0/24)

The below achieves that:

R1#router bgp 1

 no synchronization

 bgp log-neighbor-changes

 network 1.1.1.0 mask 255.255.255.252

 network 192.168.3.0 mask 255.255.255.240

 network 192.168.3.252 mask 255.255.255.252

 timers bgp 5 20

 neighbor 1.1.1.2 remote-as 2

 neighbor 1.1.1.2 soft-reconfiguration inbound

 neighbor 1.1.1.2 route-map BGP-OUT out

 no auto-summary

!

route-map BGP-OUT permit 10

 match ip address prefix-list TEST

!

ip prefix-list TEST seq 5 permit 192.168.3.0/24 le 32

In the above I match routes that have a subnet mask between /24 and /32. Below is evidence of this being true (note that both the /28 and /30 routes are advertised):

R1#show ip bgp neigh 1.1.1.2 advertised-routes

BGP table version is 8, local router ID is 192.168.3.253

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 192.168.3.0/28   0.0.0.0                  0         32768 i

*> 192.168.3.252/30 0.0.0.0                  0         32768 i

Total number of prefixes 2

Match /28 to /29 routes from within a supernet

I wanted to write a prefix-list that would:

• Advertise only routes that are between /28 and /29 in length from within a specific supernet (192.168.3.0/24)

The below achieves that:

R1#router bgp 1

 no synchronization

 bgp log-neighbor-changes

 network 1.1.1.0 mask 255.255.255.252

 network 192.168.3.0 mask 255.255.255.240

 network 192.168.3.252 mask 255.255.255.252

 timers bgp 5 20

 neighbor 1.1.1.2 remote-as 2

 neighbor 1.1.1.2 soft-reconfiguration inbound

 neighbor 1.1.1.2 route-map BGP-OUT out

 no auto-summary

!

route-map BGP-OUT permit 10

 match ip address prefix-list TEST

!

ip prefix-list TEST seq 5 permit 192.168.3.0/24 ge 28 le 29

In the above I match routes that have a subnet mask between /28 and /29 only from within the /24 supernet. Below is evidence of this being true (note: that we only advertise the /28 route as it is the only one meeting the criteria):

R1#show ip bgp neigh 1.1.1.2 advertised-routes

BGP table version is 8, local router ID is 192.168.3.253

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 192.168.3.0/28   0.0.0.0                  0         32768 i

Total number of prefixes 1