IP Prefix List Overview
Introduction
- Netmask length: A netmask length, together with an IP address, identifies an IP prefix. Each IP prefix in an IP prefix list is used to filter routes with the same IP prefix.
For example, the netmask length of 10.1.0.0/16 is 16, and the valid prefix is 10.1.0.0.
- Netmask length range: A netmask length range can be defined in an IP prefix list to match routes with the same IP prefix or different netmask lengths within the specified range.
Currently, IP prefix lists only support IPv4 addresses.
IP Prefix Match Rules
- If a route matches a prefix rule with Action set to Allow, the route is allowed. If the prefix rule has Action set to Deny, the route is denied.
- If a route does not match any prefix rule in the IP prefix list, the route is denied.
An IP prefix list filters routes by sequential match, unique match, or deny by default.
- Sequential match: A prefix rule with a smaller number is matched first. Prefix rules in an IP prefix list can be sorted by sequence number in different orders, leading to different filtering results.
- Unique match: If a route matches a prefix rule, it no longer tries to match other prefix rules.
- Deny by default: By default, routes that do not match any prefix rule in an IP prefix list are denied. If an IP prefix list has one or more deny rules, you need to create a rule to allow all other routes.
IP Prefix Netmask Match Rules
An IP prefix rule consists of an IP prefix, min. netmask length, and max. netmask length, as detailed in Table 1.
Parameter |
Description |
---|---|
IP prefix |
An IP prefix consists of an IP address and a netmask in the format of IP address/Netmask, for example, 10.1.0.0/16. An IP prefix specifies the first bits of an IP address range that a route destination must match. |
|
If a route matches a prefix rule, the netmask length of the route destination is within a specified length range. In a prefix rule:
A prefix rule uses min. and max. netmask lengths to filter routes based on the following:
|
Table 2 lists example prefix rules and describes the requirements that routes to be filtered must meet.
Prefix Rule |
Route Can Be Filtered |
Allowed IP Address Range |
Denied IP Address Range |
---|---|---|---|
Example 1
|
A route can only be filtered when it meets both of the following conditions:
|
Both the two conditions are met: 10.0.0.0/16 |
|
Example 2
|
A route can only be filtered when it meets both of the following conditions:
|
Both the two conditions are met:
|
|
Example 3
|
A route can only be filtered when it meets both of the following conditions:
|
Both the two conditions are met:
|
|
Example 4
|
A route can only be filtered when it meets both of the following conditions:
|
Both the two conditions are met:
|
|
When the first four octets in an IP prefix are set to 0.0.0.0:
- If the IP prefix netmask length is specified, all routes with the netmask length are allowed or denied.
- If both min. and max. netmask lengths are specified, all routes with netmask lengths in the range are allowed or rejected.
Table 3 describes the route matching rules if 0.0.0.0 used.
Min. and Max. Netmask Lengths |
IP Prefix |
Matching Rule |
---|---|---|
|
IP Prefix: 0.0.0.0/0 |
Matches only the default route (destination: 0.0.0.0/0). Example: Only default route (destination: 0.0.0.0/0) is allowed or denied. |
IP Prefix: 0.0.0.0/X (X is not 0) |
Matches all routes with the netmask length of X. Example: If X is 8, all routes with the netmask length of 8 are allowed or denied. |
|
|
IP Prefix: 0.0.0.0/0 |
Matches all the routes with netmask lengths within [min. netmask length, 32]. Example: If the min. netmask length is 20, all the routes with the netmask lengths from 20 to 32 are allowed or denied. |
IP Prefix: 0.0.0.0/X (X is not 0) |
Matches all the routes with netmask lengths within [min. netmask length, 32]. Example: If X is 8 and the min. netmask length is 20, all the routes with the netmask lengths from 20 to 32 are allowed or denied. |
|
|
IP Prefix: 0.0.0.0/0 |
Matches all the routes with netmask lengths within [0, max. netmask length]. Example: If the max. netmask length is 28, all the routes with the netmask lengths from 0 to 28 are allowed or denied. |
IP Prefix: 0.0.0.0/X (X is not 0) |
Matches all the routes with netmask lengths within [X, max. netmask length]. Example: If X is 8 and the max. netmask length is 28, all the routes with the netmask lengths from 8 to 28 are allowed or denied. |
|
|
IP Prefix: 0.0.0.0/0 |
Matches all the routes with netmask lengths within [min. netmask length, max. netmask length]. Example: If min. and max. netmask lengths are 20 and 28, all the routes with the netmask lengths from 20 to 28 are allowed or denied. |
IP Prefix: 0.0.0.0/X (X is not 0) |
Matches all the routes with netmask lengths within [min. netmask length, max. netmask length]. Example: If X, min. and max. netmask lengths are 8, 20, and 28, all the routes with the netmask lengths from 20 to 28 are allowed or denied. |
Notes and Constraints
- By default, an account can have up to five IP prefix lists.
- By default, each IP prefix list can have up to 100 prefix rules.
- Changing an IP prefix list will also change the associated routes and traffic routing. To reduce the impact on network performance, a prefix list can only be changed once within 40 seconds.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.