Prefix List

Prefix lists are powerful route filtering tools that provide precise control over route advertisements and acceptance by matching IP prefixes based on network address and subnet mask length criteria, offering more granular control than traditional access lists. They support flexible matching conditions including exact prefix matches, prefix length ranges using greater-equal and less-equal operators, and sequence-based processing that enables complex routing policies for BGP, OSPF, and other routing protocols. Prefix lists are essential for implementing routing security, controlling route propagation, preventing route leaks, and optimizing routing table size by filtering unwanted or unnecessary routes at redistribution points and routing protocol boundaries.

By matching IP prefixes and mask lengths, prefix lists enable granular route filtering for secure and optimized routing policy enforcement.

Key Components:

• Prefix List Name (name): The identifier for the prefix list.

• Sequence Number (seqs.seq): The sequence number for each entry in the prefix list.

• Action (seqs.action): Specifies whether the entry permits or denies the matched prefix.

• IP Prefix (seqs.prefix): The network address and mask length to match.

• Greater-Equal (seqs.greater_equal): Minimum prefix length for matching.

• Less-Equal (seqs.less_equal): Maximum prefix length for matching.

• Description (description): Descriptive text for the prefix list or individual sequences.

Key Parameters Briefly Explained:

• name: Prefix list identifier.
• seqs.seq: Entry sequence number.
• seqs.action: Permit or deny action.
• seqs.prefix: IP prefix to match.
• seqs.greater_equal: Minimum mask length.
• seqs.less_equal: Maximum mask length.
• description: Description for the list or entry.

You can use these Prefix List parameters to filter routes based on specific IP prefixes and their mask lengths. Customize the permit/deny actions, prefix ranges, and sequence numbers to fit your network’s routing policy requirements, security needs, and route optimization goals. Adjusting these parameters lets you precisely control which routes are advertised or accepted by routing protocols.

The following configuration describes how to set up prefix lists on a Cisco IOS-XE device, including entries for permitting private network ranges with specific mask length criteria and denying the default route.

ip prefix-list ALLOW-PRIVATE-NETWORKS description Allow private network prefixes
ip prefix-list ALLOW-PRIVATE-NETWORKS seq 10 permit 10.0.0.0/8 ge 24 le 32
ip prefix-list ALLOW-PRIVATE-NETWORKS seq 20 permit 172.16.0.0/12 ge 16 le 24
ip prefix-list ALLOW-PRIVATE-NETWORKS seq 30 permit 192.168.0.0/16 ge 24 le 32
!
ip prefix-list DENY-DEFAULT-ROUTE description Deny default route advertisements
ip prefix-list DENY-DEFAULT-ROUTE seq 10 deny 0.0.0.0/0

The following YAML code defines multiple prefix lists on an IOS-XE device, specifying their names, descriptions, and a series of sequences with actions, prefixes, and optional greater-equal/less-equal mask length criteria.

iosxe:
  devices:
    - name: Device1
      configuration:
        prefix_lists:
          - name: ALLOW-PRIVATE-NETWORKS
            description: Allow private network prefixes
            seqs:
              - seq: 10
                action: permit
                prefix: 10.0.0.0/8
                greater_equal: 24
                less_equal: 32
              - seq: 20
                action: permit
                prefix: 172.16.0.0/12
                greater_equal: 16
                less_equal: 24
              - seq: 30
                action: permit
                prefix: 192.168.0.0/16
                greater_equal: 24
                less_equal: 32
          - name: DENY-DEFAULT-ROUTE
            description: Deny default route advertisements
            seqs:
              - seq: 10
                action: deny
                prefix: 0.0.0.0/0