summary routes not in allowed list

Find IPv4 summary routes that are not in a specific allowed list

The following check iterates through all IPv4 routes on all devices and returns those routes whose prefix length is less than 8 and whose prefix is not in a specific allowed list of summary subnets.

allowedSummarySubnets = [ipSubnet("224.0.0.0/4"), ipSubnet("117.0.0.0/8")];

foreach device in network.devices
foreach vrf in device.networkInstances
where isPresent(vrf.afts.ipv4Unicast)
foreach ipEntry in vrf.afts.ipv4Unicast.ipEntries
where length(ipEntry.prefix) <= 8
select {
  device: device.name,
  vrf: vrf.name,
  prefix: ipEntry.prefix,
  violation: ipEntry.prefix not in allowedSummarySubnets
}

Note that the length function works on both lists and IP subnets, as in this example.

Find IPv4 summary routes that are not in a specific allowed list​

Find IPv4 summary routes that are not in a specific allowed list