Here's the history of how they came into being (and why they are the way they are):
- In the very early days of the Internet, people started asking for packet filters (aka access lists).
- Cisco implemented simple access lists first (filtering on destination host addresses, augmented by wildcard masks), but of course they weren't good enough to block (for example) SMTP, so they created extended access lists, which can match on source and destination IP addresses (with wildcards bits on both - these bits allow you to match whole prefixes), protocols, port numbers ...
So: access list = packet filter.
Later (but still decades ago) people started running multiple routing protocols on the same box and wanted to redistribute information between them. Not a problem, but you wouldn't want ALL the information you have propagated into the other routing protocol - you need ROUTE FILTERS. As is usually the case, everything looks like a nail if you happen to have a hammer, and thus Cisco's engineers implemented route filters with the object they already had - access lists.
At this point: access list = packet filter (and sometimes route filter)
With the advent of classless routing (yeah, it's that long ago - does anyone still remember the days of Class A, Class B and Class C addresses), people wanted to redistribute prefixes of certain size between routing protocols. For example: advertise all /24s from OSPF into BGP, but not the /32s. Impossible to do with access lists. Time for a new kludge: let's use extended access list and let's pretend the source IP address in the packet filter represents network address (actually prefix address) and the destination IP address in the same line of the packet filter represents subnet mask.
This far: access lists = packet filters. Simple access lists also serve as route filters (matching only on network addresses) and extended access lists serve as route filters matching addresses and subnet masks.
Fortunately someone retained a shred of reason at that time and started wondering what exactly the brilliant minds that decided reusing extended ACLs for route filters makes sense were smoking when they got that brilliant idea.
End result: Cisco IOS got prefix lists, which are (almost) identical in functionality to extended access lists acting as route filters, but displayed in a format that a regular human being has a chance of understanding.
Today: use access lists for packet filters and prefix lists for route filters. You can still use access lists as route filters but don't do it.
Makes sense?
Yes indeed router 2 and router 3 are missing 172.16.96.0 mask 255.255.224.0 172.16.128.15 and 0.0.0.0 mask 0.0.0.0 172.16.128.15. But when I add those it still doesn't work. So where can it go wrong?
The routes you proposed are incorrect according to the diagram you provided, the routes you need to configure on R2 and R3 are
0.0.0.0 0.0.0.0 172.16.160.6
172.16.96.0 255.255.224.0 172.16.160.6 (you don't need this route actually but I'm including it anyway).
The reason for this is that R2 and R3 do not have an interface connected to the 172.16.128.1/19 network, only R1 does. Since that network is not directly connected to R2 or R3, you cannot use it as a "next hop" for your static routes - it is not the next hop. R2 and R3 would have to forward traffic to R1 to reach the internet first, so it must be configured as the gateway for the default routes on R2 and R3.
Best Answer
By "router leg" they mean a (directly) connected route (and use a strange way of putting it).
What is a connected route compared to a static route?
Connected route (router leg)
A connected route is a route that points to an interface. For example if you configure
10.0.0.1/24
on (ethernet) interfaceGi0/1
the directly connected route (the "router leg") is10.0.0.0/24
.If the router wants to send a packet to a host in the
10.0.0.0/24
network it will do a L2 (Layer2) lookup (ARP for IPv4, ND for IPv6) on theGi0/1
interface to find the MAC address of the host. It will then send the packet to the MAC address.One-liner: Connected routes point to an interface, next-hop for packet will be resolved at L2 by ARP/ND on the respective interface.
Static route
A static route points to an IP address. For example you could have route
10.0.0.0/24
pointing to10.0.2.1
. The router will send packets for hosts in the10.0.0.0/24
network to10.0.2.1
.For this to work
10.0.2.1
itself must be part of a connected route so that the router can find the right L2 next-hop for the packets.One-liner: Static routes point to an IP next-hop. The IP next-hop itself will be resolved by L2 lookup on the interface the connected route for the next-hop points to.
One thing you should ask your vendor: If the specs are for IPv4 and for IPv6, and if not how many IPv6 routes you can have for each of the different types.