Hi Alef, Yes, a bit mask is most likely how the router treats it under the hood.
Taking your example: If we look at 200.0.0.0 0.0.254.0 The first two and the last parts of the network have to match (due to the 0's in the mask) So we know already that networks/IPs of 200.0.X.0 are candidates 254 and 0 when converted to bit strings are mask 11111110 source 0000000 1 is a don't care 0 is a must match since at the only must match, the source value is a 0, the candidate string must have a 0 at that bit position. Any binary number with the least significant bit set to 0 is even, so this ACL will match all even candidates 200.0.1.0 0.0.254.0 254 and 1 when converted to bit strings are mask 11111110 source 0000001 since at the only must match, the source value is a 1, the candidate string must have a 1 at that bit position. Any binary number with the least significant bit set to 1 is odd, so this ACL will match all odd candidates. Cheers, Adam On Thu, Jun 2, 2011 at 8:57 AM, Alef <[email protected]> wrote: > Hi Adam, > Thanks, i think i get most of it, i just want to make sure i have the math > system down. The easy tricks like inverting or subtracting 255 i get, but i > really want to know the logic behind it and get it down before continueing > (although the more examples i see the more i feel i understand it). The bit > about matching odd and even networks really threw me off at first. It seems > the wildcard mask is more like a bitmask then anything else. > And the odd/even thing i'm still not entirely sure. I.e. there is a lab > somewhere where i think, 200.0.0.0 0.0.254.0 is used and 200.0.1.0 0.0.254.0 > > so same wildcard mask, different network and both match either odd or even. > I understand if the lsb is set you always get an odd, and otherwise even, > but what does having a different network value tip the scale for that? > > On Jun 1, 2011, at 11:47 PM, Adam Booth wrote: > > Hi Alef, > > Which part is getting you confused? > > One of the most important things to be aware of is that a wildcard mask is > not just an inverted network mask. > > A rule regarding netmasks is that when looking at it as a binary sequence > it has to be a bunch of consecutive 1s and 0s, as soon as the first 0 > appears, the following digits must continue to be 0 > > For a wild card mask, the above concept does not apply, 1s and 0s can be in > any order. The binary sequence of the wild card mask has a meaning that a > 0 means, the value of this bit much match, where a 1 means, I don't care > what the source value is and is therefore an implied match. > > To give a simple example, say you are in OSPF and have an interface > 192.168.1.1/24 that you wish to enable. > > You could be most specific and do > > router ospf 1 > network 192.168.1.1 0.0.0.0 area 0 > > or more general and do > > router ospf 1 > network 192.168.1.0 0.0.0.255 area 0 > > I guess you could just go directly to the interface and do "ip ospf 1 area > 0" but that kind of sidelines the use case here, so lets ignore that for the > time being :) > > in both cases OSPF would be enabled for the interface, however if you > wanted to have the most direct control, specifying the complete address and > using an exact wildcard mask ensures that only that interface gets > activated. For example if I renumbered the interface on 192.168.1.1/24 to > 192.168.1.111/24 in the first case OSPF would be disabled for the > interface and the later it would not since the IP still matches the wildcard > mask. > > There are also interesting things you can do with ACLs to match multiple > non-consecutive IP addresses by use of an interesting wildcard mask, these > rely on a base IP address and a wildcard string that relies on must > match/don't care values for the binary string. > > Is that of any help? > > Cheers, > Adam > > > On Thu, Jun 2, 2011 at 7:22 AM, Alef <[email protected]> wrote: > >> Does anyone have any recommendations for a good tutorial on wildcard >> masks? I know the one on the ipexpert site, i'm afraid i need some more >> material to digest if possible ;-) >> i'm somewhere in between getting it and not getting it i think >> thanks, >> alef >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
