IP prefix how-to completed.

joemarshallmsft · joemarshallmsft · commit 4180a9baa371 · 2024-03-01T11:02:06.000Z
diff --git a/articles/operator-nexus/how-to-ip-prefixes.md b/articles/operator-nexus/how-to-ip-prefixes.md
@@ -13,43 +13,35 @@ ms.custom: template-how-to
 
 This article explains the main management operations for IP prefixes and IP prefix rules in Azure Operator Nexus.
 
+## Properties 
 
-## IP prefixes
+The IpPrefix resource has the following properties: 
 
-### Example
+1.  **location**: The Azure region where the resource is located. 
 
-The following json object is an example of an IP prefix resource that can be used in route policies: 
+2.  **properties**: The properties of the IpPrefix resource, which include: 
+
+    -   **configurationState**: The configuration state of the resource. 
+
+    -   **provisioningState**: The provisioning state of the resource. 
+
+    -   **administrativeState**: The administrative state of the resource. 
+
+    -   **ipPrefixRules**: A list of IP Prefix Rules. Each rule has the following properties: 
+
+        -   **action**: The action to be taken on the configuration (`Permit` or `Deny`). 
+
+        -   **sequenceNumber**: The sequence to insert to/delete from the existing route. The sequence number must be between 1 and 4294967295. 
+
+        -   **networkPrefix**: The network prefix specifying IPv4/IPv6 packets to be permitted or denied.
+
+        -   **condition**: Specifies the prefix-list bounds. Possible values are `EqualTo`, `GreaterThanOrEqualTo`, `LesserThanOrEqualTo`, and `Range`.
+
+        -   **subnetMaskLength**: Gives the minimum NetworkPrefix length to be matched. Possible values for IPv4 are 1-32. Possible values for IPv6 are 1-128. 
+
+
+## IP prefix operations
 
-```azurecli
-{
-  "id": "/subscriptions/subscription-id/resourceGroups/op1-cluster/providers/Microsoft.ManagedNetworkFabric/ipPrefixes/ipprefixv4-1204-cn1",
-  "location": "eastus",
-  "name": "ipprefixv4-1204-cn1",
-  "provisioningState": "Succeeded",
-  "resourceGroup": "op1-cluster",
-  "ipPrefixRules": [
-    {
-      "action": "Permit",
-      "networkPrefix": "10.10.10.0/28",
-      "sequenceNumber": 10
-    },
-    {
-      "action": "Permit",
-      "networkPrefix": "20.20.20.0/24",
-      "sequenceNumber": 12
-    }
-  ],
-  "systemData": {
-    "createdAt": "2023-06-12T10:23:26.7645536Z",
-    "createdBy": "user@microsoft.com",
-    "createdByType": "User",
-    "lastModifiedAt": "2023-06-12T10:23:26.7645536Z",
-    "lastModifiedBy": "user@microsoft.com",
-    "lastModifiedByType": "User"
-  },
-  "type": "microsoft.managednetworkfabric/ipPrefixes"
-}
-```
 
 ### Create an IP prefix
 
@@ -88,7 +80,6 @@ To create an IP Prefix resource, follow these steps: 
 
             -  `GreaterThanOrEqualTo`: The condition is true when the network prefix of the route is greater than or equal to the network prefix of the rule.
 
-
         -  `networkPrefix`: The network segment to match. It's an IP address and a prefix length, such as 10.10.10.0/28 or 2001:db8::/64. 
 
         -  `sequenceNumber`: The order of evaluation of the rule, from lowest to highest. The rule with the lowest sequence number is evaluated first, and the rule with the highest sequence number is evaluated last. If a rule matches the route, the evaluation stops and the action of the rule is executed. If no rule matches the route, the default action is Deny. 
@@ -121,7 +112,7 @@ az networkfabric ipprefix show \
 
 The REST API response body for getting the details of an IP Prefix resource by its ID is as follows: 
 
-```
+```json
 {
   "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.ManagedNetworkFabric/ipPrefixes/myIpPrefix",
   "location": "eastus",
@@ -175,8 +166,123 @@ az networkfabric ipprefix delete \
 
 The REST API request body for deleting an IP Prefix resource by its ID is as follows: 
 
-```
+```json
 {
   "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.ManagedNetworkFabric/ipPrefixes/myIpPrefix"
 }
 ```
+
+## Example IP prefix resources
+
+### ipprefixv4-externalnetwork1-export 
+
+This resource is used to manage network traffic rules for a specific external network in a resource group. It contains rules that permit traffic to the 20.20.20.0/24 and 50.50.50.0/24 network prefixes, but deny traffic to the 10.10.10.0/28 network prefix. 
+
+
+```json
+{
+  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedNetworkFabric/ipPrefixes/ipprefixv4-externalnetwork1-export",
+  "ipPrefixRules": [
+    {
+      "action": "Deny",
+      "condition": "EqualTo",
+      "networkPrefix": "10.10.10.0/28",
+      "sequenceNumber": 10
+    },
+    {
+      "action": "Permit",
+      "condition": "EqualTo",
+      "networkPrefix": "20.20.20.0/24",
+      "sequenceNumber": 12
+    },
+    {
+      "action": "Permit",
+      "condition": "EqualTo",
+      "networkPrefix": "50.50.50.0/24",
+      "sequenceNumber": 13
+    }
+  ],
+  "location": "eastus",
+  "name": "ipprefixv4-externalnetwork1-export",
+  "provisioningState": "Succeeded",
+  "resourceGroup": "...",
+  "type": "microsoft.managednetworkfabric/ipprefixes"
+}
+```
+
+This resource denies traffic to the 10.10.10.0/28 network prefix and permits traffic to the 20.20.20.0/24 and 50.50.50.0/24 network prefixes.
+
+### ipprefixv4-1204-cn1 
+
+This resource is used to manage network traffic rules for a specific network in a resource group. It contains rules that permit traffic to the 10.10.10.0/28 and 20.20.20.0/24 network prefixes. 
+
+```json
+{
+  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedNetworkFabric/ipPrefixes/ipprefixv4-1204-cn1",
+  "ipPrefixRules": [
+    {
+      "action": "Permit",
+      "condition": "EqualTo",
+      "networkPrefix": "10.10.10.0/28",
+      "sequenceNumber": 10
+    },
+    {
+      "action": "Permit",
+      "condition": "EqualTo",
+      "networkPrefix": "20.20.20.0/24",
+      "sequenceNumber": 12
+    }
+  ],
+  "location": "eastus",
+  "name": "ipprefixv4-1204-cn1",
+  "provisioningState": "Succeeded",
+  "resourceGroup": "...",
+  "type": "microsoft.managednetworkfabric/ipprefixes"
+}
+```
+
+This resource permits traffic to the 10.10.10.0/28 and 20.20.20.0/24 network prefixes.
+
+### ipprefix-v6-ingress
+
+This resource is located in the `eastus` region and is part of a resource group. It's configured, but currently disabled. The resource is of type `microsoft.managednetworkfabric/ipprefixes`.
+
+The resource has two IP prefix rules: 
+
+1. Permits traffic from network prefixes that are greater than or equal to fda0:d59c:db12::/59 with a subnet mask length of 59. 
+
+2. Permits traffic from network prefixes that are greater than or equal to fc00:f853:ccd:e793::/64 with a subnet mask length of 64. 
+
+
+```json
+{
+  "administrativeState": "Disabled",
+  "configurationState": "Succeeded",
+  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedNetworkFabric/ipprefixes/ipprefix-v6-ingress",
+  "ipPrefixRules": [
+    {
+      "action": "Permit",
+      "condition": "GreaterThanOrEqualTo",
+      "networkPrefix": "fda0:d59c:db12::/59",
+      "sequenceNumber": 10,
+      "subnetMaskLength": "59"
+    },
+    {
+      "action": "Permit",
+      "condition": "GreaterThanOrEqualTo",
+      "networkPrefix": "fc00:f853:ccd:e793::/64",
+      "sequenceNumber": 20,
+      "subnetMaskLength": "64"
+    }
+  ],
+  "location": "eastus",
+  "name": "ipprefix-v6-ingress",
+  "provisioningState": "Succeeded",
+  "resourceGroup": "...",
+  "type": "microsoft.managednetworkfabric/ipprefixes"
+}
+```
+
+This resource is configured to allow IPv6 traffic from the specified network prefixes.
+
+
