Understanding Prefix-lists

If only prefix is specified in a permit or deny statement without mentioning le or ge keywords, then the actual route (including prefix length) is matched.
If  le or ge keywords are used, then in a prefix/prefix length we specify how many bits to check for exact match in a route and the actual prefix length of the route is matched by the le or ge keyword.


What was tricky to realize is the difference between the following two commands:


prefix-list DEFAULT permit 0.0.0.0/0 le 32

matches every possible route. Essentially this statement says: check 0 bits of the prefix for exact match and make sure that prefix length is less than 32 bits.

However let's check the next statement:

prefix-list DEFAULT permit 0.0.0.0/0

It was tricky to understand that this prefix-list would match only DEFAULT route.  Everything else is denied!