Understand Match Types in Routing Filters

Route filters match on specific IP addresses or ranges of prefixes. Much like other routing policies, they include some match criteria and corresponding match action(s).

An important difference between route filters and other policy match conditions is how multiple filters are handled. If you have more than one match condition, the conditions are treated as a logical AND, meaning all of them must be true for it to be considered a match.

With route filters, the presence of multiple filters represents a logical OR, meaning it’s a match if the route matches any of the configured filters.

The combination of a route prefix and prefix length along with the type of match determines how route filters are evaluated against incoming routes. Here are a half-dozen match types to be aware of.

Match Type Description
Exact Matches if the prefix-length is equal to the route’s prefix length.
Orlonger Matches if the prefix-length is equal to or greater than the route’s prefix length.
Longer Matches if the prefix-length is greater than the route’s prefix length.
Upto Matches if the route shares the most significant bits in the prefix-length and the route’s prefix length falls between the prefix-length and the configured upper limit.
prefix-length-range Matches if the route shares the most significant bits in the prefix-length and the route’s prefix length falls within the specified range.
Through Route falls between the lower prefix/prefix-length and the upper prefix/prefix-length.

Each tree represents a set of addresses. For this particular picture, the top node within each tree represents the address 192.168/16 (about 66,000 network routes). Each set of nodes below the top node represents longer prefix lengths. In other words, as you traverse downward on the tree, the addresses become more specific. (More significant bits are specified.)

A topology showing the different types of matches.
A topology showing the different types of matches.

Here’s what the different match types mean:

  • The exact match type means that only a route with the same prefix and same prefix length will match. It has to be an exact match, so only the 192.168/16 route is highlighted.

  • The orlonger match indicates that any route that starts with 192.168 and has a prefix length of 16 or greater will match. In other words, any route that is more specific than 192.168/16 is a match, which is why all the routes are highlighted.

  • The longer match type is the same as the orlonger match type, except that it doesn’t include any exact matches. So the only difference is that the top node isn’t included.

  • If you use the upto match type, you must specify the upper limit for the prefix-length. For example, you’d configure 192.168/16 upto /24 to highlight all the addresses between 192.168/16 and 192.168/24.

  • The prefix-length-range match type allows you to specify the significant bits of an address and then bound addresses with those significant bits between two prefix lengths. In this case, you can ensure that all addresses begin with 192.168, but you want to match only on addresses that have prefix lengths between 20 and 24.

  • The final match type is through. This match type essentially creates a list of exact matches between the starting node and the ending address. All addresses between the two are considered matches. The term 0/0 through 0/32 covers every possible all-0 network address (usually, you’d want to reject these bogus address forms).

blog comments powered by Disqus
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.