Can access-lists and prefix lists be used interchangeably to perform route-filtering via distribute-lists or filter-lists? Is there an advantage to using one over the other? Also, is there a best practice, considerations when deciding to use distribute lists vs. filter lists?
There are some important differences. When you refer to a distribute-list, you can choose between a number of options. For example here’s EIGRP:
R1(config)#router eigrp 1 R1(config-router)#distribute-list ? <1-199> IP access list number <1300-2699> IP expanded access list number WORD Access-list name gateway Filtering incoming updates based on gateway prefix Filter prefixes in routing updates route-map Filter prefixes based on the route-map
You can choose between an access-list, prefix-list or route-map.
If you want to match specific hosts, subnets or networks then you can use an access-list. You can achieve the same thing with a prefix-list but there is one thing that you can do with a prefix-list that you can’t with an access-list.
Let’s say you want to match all subnets in the 10.x.x.x range that have a subnet mask between /24 and /30. This can be achieved with a prefix-list, not with an access-list. You can find some examples here:
Other protocols like BGP are a bit more restrictive:
R1(config-router)#neighbor 192.168.12.2 filter-list ? <1-500> AS path access list
The filter list is only to filter AS paths, the distribute-list is only for access-lists:
R1(config-router)#neighbor 192.168.12.2 distribute-list ? <1-199> IP access list number <1300-2699> IP access list number (expanded range) WORD IP Access-list name
As a best practice, it’s best to use route-maps everywhere when possible:
R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.12.2 route-map R2_FILTER out
R1(config)#router eigrp 1 R1(config-router)#distribute-list route-map R2_FILTER out
The reason for this is that the route-map offers a lot of different match options:
R1(config)#route-map R2_FILTER permit 10 R1(config-route-map)#match ? additional-paths BGP Add-Path match policies as-path Match BGP AS path list clns CLNS information community Match BGP community list extcommunity Match BGP/VPN extended community list interface Match first hop interface of route ip IP specific information ipv6 IPv6 specific information length Packet length local-preference Local preference for route mdt-group Match routes corresponding to MDT group metric Match metric of route mpls-label Match routes which have MPLS labels policy-list Match IP policy list route-type Match route-type of route rpki Match RPKI state of route security-group Security Group source-protocol Match source-protocol of route tag Match tag of route track tracking object
R1(config-route-map)#match ip address ? <1-199> IP access-list number <1300-2699> IP access-list number (expanded range) WORD IP access-list name prefix-list Match entries of prefix-lists
Not all route-map options are supported when you want to use it for filtering. Combining different options is also possible sometimes.
I am bit new to distribution list, and prefix-list can you explain why they are being used for filtering are give an example of what they are being used for? Is it to reduce the size of the routing table so that every packet does not have to go through the entire routing table to forward packets?
- Do route-maps use process switching or fast switching?
- If route-maps use process switching and have to inspect every packet that is routed via different path why would you use it if it is CPU intensive?
A distribute and prefix lists are used in order to filter particular routes from being learned via a routing protocol. You may want to do this in order to restrict access to these networks from particular areas of the network and to provide access to them from others. It all depends on what your requirements are. The point is not to make the routing table smaller, it just gives you control over what information you want to provide to particular routers on the network and what information you want to restrict. Distribute and prefix lists just function differently from each other. You can find out information about them on these lessons. The first two are the application of distribute lists for OSPF and EIGRP (which is almost identical) and the third is the application of prefix lists in EIGRP:
Now concerning your other questions:
According to the documentation below, policy based routing, which employs route maps, uses
process switching. In order to employ fast switching for policy based routing, the
ip route-cache policy interface configuration command must be issued.
For more information about this particular command, take a look at this command reference link:
I hope this has been helpful!