The less than (lt), less than or equal to (le), greater than (gt), and greater than or equal to (ge) operators in prefix-lists can certainly be a bit confusing. They’re used to match on the length of the network prefix. Here’s an explanation:
1. Equal: If we have a prefix-list entry like `permit 10.0.0.0/8`, it will only match routes that are exactly `10.0.0.0/8`. Nothing more specific (like 10.0.0.0/9, 10.0.0.0/10, etc.) or less specific (like 10.0.0.0/7) will match.
2. Less than: If we had `permit 10.0.0.0/8 lt 16`, it would match routes that are less specific than /16, but more specific than /8. This would include routes like 10.0.0.0/9, 10.0.0.0/10, up to 10.0.0.0/15. It would not match 10.0.0.0/16, 10.0.0.0/17, etc. because those are /16 or more specific.
3. Less than or equal to: If we had `permit 10.0.0.0/8 le 16`, it would match routes that are less specific than or exactly /16, but more specific than /8. This would include routes like 10.0.0.0/9, 10.0.0.0/10, up to and including 10.0.0.0/16. It would not match 10.0.0.0/17, etc. because those are more specific than /16.
4. Greater than: If we had `permit 10.0.0.0/8 gt 16`, it would match routes that are more specific than /16. This would include routes like 10.0.0.0/17, 10.0.0.0/18, etc. It would not match 10.0.0.0/16, 10.0.0.0/15, etc. because those are /16 or less specific.
5. Greater than or equal to: If we had `permit 10.0.0.0/8 ge 16`, it would match routes that are more specific than or exactly /16. This would include routes like 10.0.0.0/16, 10.0.0.0/17, 10.0.0.0/18, etc. It would not match 10.0.0.0/15, etc. because those are less specific than /16.
Remember, in the context of network prefixes, a higher number is more specific (because it includes fewer IP addresses), and a lower number is less specific (because it includes more IP addresses). So “greater than” is used to match more specific routes, and “less than” is used to match less specific routes.