IPv6 Prefix List

This chapter contains the following sections:

clear ipv6 prefix-list

Use the clear ipv6 prefix-list command in privileged EXEC mode to reset the hit count of the IPv6 prefix list entries.

Syntax

clear ipv6 prefix-list [prefix-list-name [ipv6-prefix/prefix-length]]

Parameters

  • prefix-list-name—The name of the prefix list from which the hit count is to be cleared.

  • ipv6-prefix—The IPv6 network from which the hit count is to be cleared. This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal using 16-bit values between colons.

  • prefix-length—The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

Default Configuration

The hit count is automatically cleared for all IPv6 prefix lists.

Command Mode

Privileged EXEC mode

User Guidelines

The hit count is a value indicating the number of matches to a specific prefix list entry.

Example

The following example clears the hit count from the prefix list entries for the prefix list named first_list that match the network mask 2001:0DB8::/35: 

switchxxxxxx# clear ipv6 prefix-list first_list 2001:0DB8::/35

ipv6 prefix-list

Use the ipv6 prefix-list command in Global Configuration mode to create an entry in an IPv6 prefix list. To delete the entry, use the no form of this command.

Syntax

ipv6 prefix-list list-name [seq number] {{deny|permit} ipv6-prefix/prefix-length [ge ge-length] [le le-length]} | description text

no ipv6 prefix-list list-name [seq number]

Parameters

  • list-name—Name of the prefix list. The name may contain up to 32 characters.

  • seq seq-number—Sequence number of the prefix list entry being configured. This is an integer value from 1 to 4294967294.

  • deny—Denies networks that matches the condition.

  • permit—Permits networks that matches the condition.

  • ipv6-prefix—IPv6 network assigned to the specified prefix list. This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal—using 16-bit values between colons.

  • prefix-length—Length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value from 0 to 128. The zero prefix-length may be used only with the zero ipv6-prefix (::).

  • description text—Text that can be up to 80 characters in length.

  • ge ge-value—Specifies a prefix length greater than or equal to the /prefix-length argument. It is the lowest value of a range of the length (the “from” portion of the length range).

  • le le-value—Specifies a prefix length less than or equal to the /prefix-length argument. It is the highest value of a range of the length (the “to” portion of the length range).

Default Configuration

No prefix list is created.

Command Mode

Global Configuration mode

User Guidelines

This command without the seq keyword adds the new entry after the last entry of the prefix list with the sequence number equals to the last number plus 5. For example, if the last configured sequence number is 43, the new entry will have the sequence number of 48. If the list is empty, the first prefix-list entry is assigned the number 5 and subsequent prefix list entries increment by 5.

This command with the seq keyword puts the new entry into the place specified by the parameter, if an entry with the number exists it is replaced by the new one.

This command without the seq keyword removes the prefix list.

The no version of this command with the seq keyword removes the specified entry.

The sequence number of a prefix list entry determines the order of the entries in the list. The router compares network addresses to the prefix list entries. The router begins the comparison at the top of the prefix list, with the entry having the lowest sequence number.

If multiple entries of a prefix list match a prefix, the entry with the lowest sequence number is considered the real match. Once a match or deny occurs, the router does not go through the rest of the prefix list. For efficiency, you might want to put the most common permits or denies near the top of the list, using the seq-number argument.

IPv6 prefix lists are used to specify certain prefixes or a range of prefixes that must be matched before a permit or deny statement can be applied. Two operand keywords can be used to designate a range of prefix lengths to be matched. A prefix length of less than, or equal to, a value is configured with the le keyword. A prefix length greater than, or equal to, a value is specified using the ge keyword. The ge and le keywords can be used to specify the range of the prefix length to be matched in more detail than the usual ipv6-prefix/prefix-length argument.

For a candidate prefix to match against a prefix list entry the following conditions must exist:

  • The candidate prefix must match the specified prefix list and prefix length entry

  • The value of the optional le keyword specifies the range of allowed prefix lengths from 0 up to the value of the le-length argument, and including, this value.

    The value of the optional ge keyword specifies the range of allowed prefix lengths from the value of the ge-length argument up to, and including, 128.

Note that the first condition must match before the other conditions take effect.

An exact match is assumed when the ge or le keywords are not specified. If only one keyword operand is specified then the condition for that keyword is applied, and the other condition is not applied. The prefix-length value must be less than the ge value. The ge value must be less than, or equal to, the le value. The le value must be less than or equal to 128.

Every IPv6 prefix list, including prefix lists that do not have permit and deny condition statements, has an implicit deny any any statement as its last match condition.

Formal Specification

Checked prefix is cP and checked prefix length is cL.

Function PrefixIsEqual(P1, P2, L) compares the first L bits of two addresses P1 and P2 and returns TRUE if they are equal.

Case 1. A prefix-list entry is:

  • P - prefix address

  • L - prefix length

  • ge - is not defined

  • le - is not defined

The prefix cP/cL matches the prefix-list entry if PrefixIsEqual(cP,P,L) && cL == L

Case 2. An prefix-list entry is:

  • P - prefix address

  • L - prefix length

  • ge - is defined

    le - is not defined

The prefix cP/cL matches the prefix-list entry if PrefixIsEqual(cP,P,L) && cL >= ge

Case 3. An prefix-list entry is:

  • P - prefix address

  • L - prefix length

  • ge - is not defined

    le - is defined

The prefix cP/cL matches to the prefix-list entry if PrefixIsEqual(cP,P,L) && cL <= le

Case 4. An prefix-list entry is:

  • P - prefix address

  • L - prefix length

  • ge - is defined

    le - is defined

The prefix cP/cL matches the prefix-list entry if PrefixIsEqual(cP,P,L) && ge <= cL <= le

Examples

Example 1. The following example denies all routes with a prefix of ::/0: 

switchxxxxxx(config)# ipv6 prefix-list abc deny ::/0

Example 2. The following example permits the prefix 2002::/16: 

switchxxxxxx(config)# ipv6 prefix-list abc permit 2002::/16

Example 3. The following example shows how to specify a group of prefixes to accept any prefixes from prefix 5F00::/48 up to and including prefix 5F00::/64: 

switchxxxxxx(config)# ipv6 prefix-list abc permit 5F00::/48 le 64

Example 4. The following example denies prefix lengths greater than 64 bits in routes that have the prefix 2001:0DB8::/64: 

switchxxxxxx(config)# ipv6 prefix-list abc permit 2001:0DB8::/64 le 128

Example 5. The following example permits mask lengths from 32 to 64 bits in all address space: 

switchxxxxxx(config)# ipv6 prefix-list abc permit ::/0 ge 32 le 64

Example 6. The following example denies mask lengths greater than 32 bits in all address space: 

switchxxxxxx(config)# ipv6 prefix-list abc deny ::/0 ge 32

Example 7. The following example denies all routes with a prefix of 2002::/128: 

switchxxxxxx(config)# ipv6 prefix-list abc deny 2002::/128

Example 8. The following example permits all routes with a prefix of ::/0: 

switchxxxxxx(config)# ipv6 prefix-list abc permit ::/0

show ipv6 prefix-list

Use the show ipv6 prefix-list command in user EXEC or privileged EXEC mode. to display information about an IPv6 prefix list or IPv6 prefix list entries.

Syntax

show ipv6 prefix-list [detail [list-name] | summary [list-name]]

show ipv6 prefix-list list-name ipv6-prefix/prefix-length [longer | first-match]

show ipv6 prefix-list list-name seq seq-num

Parameters

  • detail | summary—Displays detailed or summarized information about all IPv6 prefix lists.

  • list-name—Name of a specific IPv6 prefix list.

  • ipv6-prefix—All prefix list entries for the specified IPv6 network. This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal using 16-bit values between colons.

  • prefix-length—Length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

  • longer—Displays all entries of an IPv6 prefix list that are more specific than the given ipv6-prefix/prefix-length values.

  • first-match—Displays the entry of an IPv6 prefix list that matches the given ipv6-prefix/prefix-length values.

  • seq seq-num—Sequence number of the IPv6 prefix list entry.

Command Mode

User EXEC mode

Privileged EXEC mode

User Guidelines

If the detail and summary keywords are omitted, the detail option is applied.

If the longer and first-match keywords are omitted, all entries of the specified prefix list that matches the given network/length are displayed.

Examples

Example 1. The following example shows the output of this command with the detail keyword: 

switchxxxxxx# ipv6 prefix-list detail
ipv6 prefix-list 6to4:
  count: 1, range entries: 0
  seq 5 permit 2002::/16 (hit count: 313)
ipv6 prefix-list aggregate:
  count: 3, range entries: 2
  seq 5 deny 3FFE:C00::/24 ge 25 (hit count: 568)
  seq 10 description The Default Action
  seq 15 permit ::/0 le 48 (hit count: 31310)

Field Descriptions

  • count—Number of entries in the list.

  • range entries—Number of entries with matching range.

  • seq—Entry number in the list.

  • permit, deny—Granting status.

  • description—Comment.

  • hit count—Number of matches for the prefix entry. 

    Example 2. The following example shows the output of the show ipv6 prefix-list command with the summary keyword:
switchxxxxxx# show ipv6 prefix-list summary
ipv6 prefix-list 6to4:
  count: 1, range entries: 0
ipv6 prefix-list aggregate:
  count: 2, range entries: 2
Example 3. The following example shows the output of the show ipv6 prefix-list command with the seq keyword:
switchxxxxxx# show ipv6 prefix-list bgp-in seq 15
  seq 15 deny ::/1 (hit count: 0)