Which two network prefixes match the prefix match pattern 172.16 0.0 12 ge 16 Choose two

A route filter is a collection of match prefixes. When specifying a match prefix, you can specify an exact match with a particular route or a less precise match. You can configure either a common action that applies to the entire list or an action associated with each prefix.

Note:

Because the configuration of route filters includes setting up prefixes and prefix lengths, before proceeding with the configuration you should have a thorough understanding of IP addressing, including supernetting, and how route filters are evaluated (explained here: How Route Filters Are Evaluated in Routing Policy Match Conditions).

This section discusses the following topics:

To understand the operation of a route filter, you need to be familiar with a device used for binary number matching known as a radix tree (sometimes called a patricia trie or radix trie). A radix tree uses binary lookups to identify IP addresses (routes). Remember that an IP address is a 32-bit number represented in a dotted decimal format for easy comprehension by humans. These 8-bit groupings can each have a value between 0 and 255. A radix tree can be a graphical representation of these binary numbers.

In Figure 1, the radix tree starts with no configured value (starts at 0) and is at the leftmost position of the binary IP address. This is shown as 0/0, which is often referred to as the default route.

Figure 1: Beginning of a Radix Tree

Because this is binary, each bit can have only one of two possible values—a 0 or a 1. Moving down the left branch represents a value of 0, while moving to the right represents a value of 1. The first step is shown in Figure 2. At the first position, the first octet of the IP address has a value of 00000000 or 10000000—a 0 or 128, respectively. This is represented in Figure 2 by the values 0/1 and 128/1.

Figure 2: First Step of a Radix Tree

The second step is shown in Figure 3. This second level of the tree has four possible binary values for the first octet: 00000000, 01000000, 10000000, and 11000000. These decimal values of 0, 64, 128, and 192 are represented by the IP addresses of 0/2, 64/2, 128/2, and 192/2 on the radix tree.

Figure 3: Second Step of a Radix Tree

This step-by-step process continues for 33 total levels to represent every possible IP address.

The radix tree structure is helpful when locating a group of routes that all share the same most significant bits. Figure 4 shows the point in the radix tree that represents the 192.168.0.0/16 network. All of the routes that are more specific than 192.168.0.0/16 are shown in the highlighted section.

Figure 4: Locating a Group of Routes

Note:

The topic, Configuring Route Filters, describes default Junos OS behavior. The walkup feature, which is not covered in this topic, alters the evaluation results discussed in this topic by allowing the router to consider shorter match conditions configured within the same term. See Walkup for Route Filters Overview for details.

To configure a route filter, include one or more route-filter or source-address-filter statements:

[edit policy-options policy-statement policy-name term term-name from] route-filter destination-prefix match-type { actions; }

The route-filter option is typically used to match an incoming route address to destination match prefixes of any type except for unicast source addresses.

The destination-prefix address is the IP version 4 (IPv4) or IP version 6 (IPv6) address prefix specified as prefix/prefix-length. If you omit prefix-length for an IPv4 prefix, the default is /32. If you omit prefix-length for an IPv6 prefix, the default is /128. Prefixes specified in a from statement must be either all IPv4 addresses or all IPv6 addresses.

The source-address-filter option is typically used to match an incoming route address to unicast source addresses in multiprotocol BGP (MBGP) and Multicast Source Discovery Protocol (MSDP) environments.

source-address-filter source-prefix match-type { actions; }

source-prefix address is the IPv4 or IPv6 address prefix specified as prefix/prefix-length. If you omit prefix-length for an IPv4 prefix, the default is /32prefix-length. If you omit prefix-length for an IPv6 prefix, the default is /128. Prefixes specified in a from statement must be either all IPv4 addresses or all IPv6 addresses.

match-type is the type of match to apply to the source or destination prefix. It can be one of the match types listed in Table 1. For examples of the match types and the results when presented with various routes, see Table 2.

actions are the actions to take if a route address matches the criteria specified for a destination match prefix (specified as part of a route-filter option) or for a source match prefix (specified as part of a destination-address-filter option). The actions can consist of one or more of the actions described in Actions in Routing Policy Terms.

In a route filter you can specify actions in two ways:

In the route-filter or source-address-filter option—These actions are taken immediately after a match occurs, and the then statement is not evaluated.
In the then statement—These actions are taken after a match occurs but no actions are specified for the route-filter or source-address-filter option.

The upto and prefix-length-range match types are similar in that both specify the most-significant bits and provide a range of prefix lengths that can match. The difference is that upto allows you to specify an upper limit only for the prefix length range, whereas prefix-length-range allows you to specify both lower and upper limits.

For more examples of these route filter match types, see Route Filter Examples.

Table 1: Route Filter Match Types for a Prefix List

Match Type	Match Criteria
address-mask netmask-value	All of the following are true: The bit-wise logical AND of the netmask-value pattern and the incoming IPv4 or IPv6 route address and the bit-wise logical AND of the netmask-value pattern and the destination-prefix address are the same. The bits set in the netmask-value pattern do not need to be contiguous. The prefix-length component of the incoming IPv4 or IPv6 route address and the prefix-length component of the destination-prefix address are the same. Note: The address-mask routing policy match type is valid only for matching an incoming IPv4 (family inet) or IPv6 (family inet6) route address to a list of destination match prefixes specified in a route-filter statement. The address-mask routing policy match type enables you to match an incoming IPv4 or IPv6 route address on a configured netmask address in addition to the length of a configured destination match prefix. The length of the route address must match exactly with the length of the configured destination match prefix, as the address-mask match type does not support prefix length variations for a range of prefix lengths. When the longest-match lookup is performed on a route filter, the lookup evaluates an address-mask match type differently from other routing policy match types. The lookup does not consider the length of the destination match prefix. Instead, the lookup considers the number of contiguous high-order bits set in the netmask value. For more information about this route filter match type, see How an Address Mask Match Type Is Evaluated. For example configurations showing route filters that contain the address-mask match type, see the following topics:
exact	All of the following are true: The route address shares the same most-significant bits as the match prefix (destination-prefix or source-prefix). The number of significant bits is described by the prefix-length component of the match prefix. The prefix-length component of the match prefix is equal to the route’s prefix length.
longer	All of the following are true: The route address shares the same most-significant bits as the match prefix (destination-prefix or source-prefix). The number of significant bits is described by the prefix-length component of the match prefix. The route’s prefix length is greater than the prefix-length component of the match prefix.
orlonger	All of the following are true: The route address shares the same most-significant bits as the match prefix (destination-prefix or the source-prefix). The number of significant bits is described by the prefix-length component of the match prefix. The route’s prefix length is equal to or greater than the prefix-length component of the configured match prefix.
prefix-length-range prefix-length2-prefix-length3	All of the following are true: The route address shares the same most-significant bits as the match prefix (destination-prefix or source-prefix). The number of significant bits is described by the prefix-length component of the match prefix. The route’s prefix length falls between prefix-length2 and prefix-length3, inclusive.
through {destination-prefix2 \| source-prefix2}	All of the following are true: The route address shares the same most-significant bits as the first match prefix (destination-prefix or source-prefix). The number of significant bits is described by the prefix-length component of the first match prefix. The route address shares the same most-significant bits as the second match prefix (destination-prefix2 or source-prefix2). The number of significant bits is described by the prefix-length component of the second match prefix. The route’s prefix length is less than or equal to the prefix-length component of the second match prefix. You do not use the through match type in most routing policy configurations. For an example, see Rejecting Routes from Specific Hosts.
upto prefix-length2	All of the following are true: The route address shares the same most-significant bits as the match prefix (destination-prefix or source-prefix). The number of significant bits is described by the prefix-length component of the match prefix. The route’s prefix length falls between the prefix-length component of the first match prefix and prefix-length2.

Figure 5 shows the detailed radix tree for the route 192.168.0.0/16.

Figure 5: Portion of the Radix Tree

Figure 6 and Table 2 demonstrate the operation of the various route filter match types.

Figure 6: Route Filter Match Types

Table 2: Match Type Examples

Prefix	192.168/16 exact	192.168/16 longer	192.168/16 orlonger	192.168/16 upto /24	192.168/16 prefix-length-range/18 – /20	192.168/16 through192.168.16/20	192.168/19 address-mask255.255.0.0
10.0.0.0/8	–	–	–	–	–	–	–
192.168.0.0/16	Match	–	Match	Match	–	Match	–
192.168.0.0/17	–	Match	Match	Match	–	Match	–
192.168.0.0/18	–	Match	Match	Match	Match	Match	–
192.168.0.0/19	–	Match	Match	Match	Match	Match	Match
192.168.4.0/24	–	Match	Match	Match	–	–	–
192.168.5.4/30	–	Match	Match	–	–	–	–
192.168.12.4/30	–	Match	Match	–	–	–	–
192.168.12.128/32	–	Match	Match	–	–	–	–
192.168.16.0/20	–	Match	Match	Match	Match	Match	–
192.168.192.0/18	–	Match	Match	Match	Match	–	–
192.168.224.0/19	–	Match	Match	Match	Match	–	Match
10.169.1.0/24	–	–	–	–	–	–	–
10.170.0.0/16	–	–	–	–	–	–	–

During route filter evaluation, the policy framework software compares each route’s source address with the destination prefixes in the route filter. The evaluation occurs in two steps:

The policy framework software performs a longest-match lookup, which means that the software searches for the prefix in the list with the longest length.

The longest-match lookup considers the prefix and prefix-length components of the configured match prefix only, and not the match-type component. The following sample route filter illustrates this point:
from { route-filter 192.168.0.0/14 upto /24 reject; route-filter 192.168.0.0/15 exact; } then accept;
The longest match for the candidate route 192.168.1.0/24 is the second route-filter, 192.168.0.0/15, which is based on prefix and prefix length only.
When an incoming route matches a prefix (longest first), the following actions occur:
1. The route filter stops evaluating other prefixes, even if the match type fails.
2. The software examines the match type and action associated with that prefix.

Note:

When a route source address is evaluated against a match criteria that uses the address-mask match type, both steps of the evaluation include the configured netmask value. For more information, see How an Address Mask Match Type Is Evaluated.

In Step 1, if route 192.168.1.0/24 were evaluated, it would fail to match. It matches the longest prefix of 192.168.0.0/15, but it does not match exact. The route filter is finished because it matched a prefix, but the result is a failed match because the match type failed.

If a match occurs, the action specified with the prefix is taken. If an action is not specified with the prefix, the action in the then statement is taken. If neither action is specified, the software evaluates the next term or routing policy, if present, or takes the accept or reject action specified by the default policy. For more information about the default routing policies, see Default Routing Policies.

Note:

If you specify multiple prefixes in the route filter, only one prefix needs to match for a match to occur. The route filter matching is effectively a logical OR operation.

If a match does not occur, the software evaluates the next term or routing policy, if present, or takes the accept or reject action specified by the default policy.

For example, compare the prefix 192.168.254.0/24 against the following route filter:

route-filter 192.168.0.0/16 orlonger; route-filter 192.168.254.0/23 exact;

The prefix 192.168.254.0/23 is determined to be the longest prefix. When the software evaluates 192.168.254.0/24 against the longest prefix, a match occurs (192.168.254.0/24 is a subset of 192.168.254.0/23). Because of the match between 192.168.254.0/24 and the longest prefix, the evaluation continues. However, when the software evaluates the match type, a match does not occur between 192.168.254.0/24 and 192.168.254.0/23 exact. The software concludes that the term does not match and goes on to the next term or routing policy, if present, or takes the accept or reject action specified by the default policy.

Note:

The walkup feature allows terms with multiple route filters to “walk-up” the evaluation process to include less-specific routes as well as the longest match. In other words, enabling walkup changes the default behavior from “if one fails, then the term fails” to “if one matches, then the term matches.” For more information about the walkup feature, see Walkup for Route Filters Overview.

A common problem when defining a route filter is including a shorter prefix that you want to match with a longer, similar prefix in the same list. For example, imagine that the prefix 192.168.254.0/24 is compared against the following route filter:

route-filter 192.168.0.0/16 orlonger; route-filter 192.168.254.0/23 exact;

Because the policy framework software performs longest-match lookup, the prefix 192.168.254.0/23 is determined to be the longest prefix. An exact match does not occur between 192.168.254.0/24 and 192.168.254.0/23 exact. The software determines that the term does not match and goes on to the next term or routing policy, if present, or takes the accept or reject action specified by the default policy. (For more information about the default routing policies, see Default Routing Policies.) The shorter prefix 192.168.0.0/16 orlonger that you wanted to match is inadvertently ignored.

One solution to this problem is to remove the prefix 192.168.0.0/16 orlonger from the route filter in this term and move it to another term where it is the only prefix or the longest prefix in the list.

Another solution is to enable the walkup feature. See Walkup for Route Filters Overview for details.