Prefix-exclude

A prefix can be excluded from an IPv4 or IPv6 prefix list by using the prefix-exclude command.

For example, when the operator needs to rate-limit traffic to 10.0.0.0/16 with the exception of 10.0.2.0/24, then the following options are available.

• By applying prefix-exclude, a single IP prefix list with two prefixes is configured:

          ip-prefix-list "list-1" create
              prefix 10.0.0.0/16
              prefix-exclude 10.0.2.0/24
          exit
  
  

• Without applying prefix-exclude, all eight included subnets should be manually configured in the ip-prefix-list:

          ip-prefix-list "list-1" create
              prefix 10.0.0.0/23
              prefix 10.0.3.0/24
              prefix 10.0.4.0/22
              prefix 10.0.8.0/21
              prefix 10.0.16.0/20
              prefix 10.0.32.0/19
              prefix 10.0.64.0/18
              prefix 10.0.128.0/17
          exit
  
  

  This is a time consuming, and error-prone task compared to using the prefix-exclude command.

The filter resources, consumed in hardware, are identical between the two configurations.

A filter match-list using prefix-exclude is mutually exclusive with apply-path, and is not supported as a match criterion in cpm-filter.

Configured prefix-exclude prefixes are ignored when no overlapping larger subnet is configured in the prefix-list. For example: prefix-exclude 1.1.1.1/24 is ignored if the only included subnet is 10.0.0.0/16.