Thought I understood prefix-list...

Yea, like the title says. I thought I had a pretty good understanding of prefix lists as everything I've read/labbed up until now have worked like I expected. However, I'm running into a problem with a PBR lab that I just can't seem to figure out.

The lab have 2 subnets, 192.168.4.0/25 and 192.168.4.128/25. The 192.168.4.128/25 subnet needs to be policy routed to a different router (set ip next hop). I accomplished this using an ACL, but figure I try it with a prefix list, so I created a prefix-list as follows:

ip prefix-list POLICY seq 10 permit 192.168.4.128/25

Alright, here's what I expect the prefix list to do. When no le or ge option is set, the "/25" specifies how many bits must match, as well as the subnet mask that needs to match. In other word, for a packet to match my prefix list, the first 25 bits must match, and it must have a subnet mask of 25. Is that wrong?

Why is it that packets with a source of 192.168.4.1/25 is also being matched to the prefix-list?

Find more posts tagged with

Comments

DPG

I don't think you can use prefix lists for PBR.

mattau

what about the path that both those networks normally take?

If whatever you are trying to match for the PBR isnt matched by the prefix / acl or something like that, it just gets routed per the normal routing table. Could it be that it so happens that both next hop addresses for the 4.0 and 4.128 network happen to be going to the same next hop regardless of the policy applied? which means even though you specifically wanted the 4.128 to go via next hop X both go to next hop X because thats the way they would go anyway without the policy.

Im assuming you have the prefix list called from inside a route map ?

Another thing is if you are trying to locally originate traffic for the PBR then you need to specify the ip local policy command
other wise pbr only works from traffic coming into the router from another source.

Anyway this is just a thought i am not an expert

drkat

The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

debug ip policy should give you the info you need - you'll need to use an ACL

pham0329

I don't think you can use prefix lists for PBR.

what about the path that both those networks normally take?

Default route is different than the PBR route. If the packet are "rejected" by the policy, it would take a different route, which is not the case here.

@drkat, I had debug ip policy on when testing, and it says that the packets were being matched to my policy, and it's being "FIB Policy Routed". Additionally, show route-map shows that packets being matched to the route-map.

Forsaken_GA

pham0329 wrote: »

Why is it that packets with a source of 192.168.4.1/25 is also being matched to the prefix-list?

Oh, I think you'll find it's a little bit worse than that. I suspect that you'll find it's matching on the policy for *every* prefix.

pham0329

Drkat, did you google my question or are you Harold Ritter? I did a quick search of my problem and came upon https://supportforums.cisco.com/thread/195931 in which a poster by the name of Harrold Ritter posted on April, 2007:

"The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context."

(not bagging on you or anything, just thought it was a bit funny!)

Hm, so prefix-lists are not supported for PBR? Bummer. I've read several CCIE blogs and posts that all suggested that a PBR route-map can be configured with an ACL or prefix-list.

Is there a technical/logical reason as to why prefix lists aren't supported for used with PBR?

Forsaken_GA

pham0329 wrote: »

Hm, so prefix-lists are not supported for PBR? Bummer. I've read several CCIE blogs and posts that all suggested that a PBR route-map can be configured with an ACL or prefix-list.

Is there a technical/logical reason as to why prefix lists aren't supported for used with PBR?

I'm just spitballing here, but I'm guessing it's because prefix-lists are there to identify prefixes, whereas PBR is more concerned with actual traffic. it makes sense to me that prefix-lists should work with PBR, but I can't find any actual working examples of it being used as such, except as applied to VRF's in an MPLS setup. The quick scenario I labbed up had the prefix list policy routing everything, not just the prefixes I defined in the prefix list, which is obviously very very wrong.

DPG

Forsaken_GA wrote: »

I'm just spitballing here, but I'm guessing it's because prefix-lists are there to identify prefixes, whereas PBR is more concerned with actual traffic. it makes sense to me that prefix-lists should work with PBR, but I can't find any actual working examples of it being used as such, except as applied to VRF's in an MPLS setup. The quick scenario I labbed up had the prefix list policy routing everything, not just the prefixes I defined in the prefix list, which is obviously very very wrong.

I can confirm the same behavior here as well.