I guess the difference in understanding is just hard as i don't understand how that range and mask all of a sudden apply to *all* following ranges, and it seems as if the bit is set by the third octet in the network range. In a regular subnetmask it would apply *only* to that range. maybe i should think about it that way that we only 'care' about the third octet LSB with the .254 bit value or with any other bit value.
this is like learning subnetting all over again :-) will sleep on it On Jun 2, 2011, at 12:26 AM, Adam Booth wrote: > Hi Alef, > > Don't get discouraged, I'm sure someone else will explain this much better > than I have. I think that the best way to do it is to not take the short > cuts at first and write things down by hand to see the patterns directly and > do quite a few examples until you're confident. > > Perhaps this thread on Cisco may help put another spin on things? > https://learningnetwork.cisco.com/thread/3194 > > Cheers, > Adam > > > > On Thu, Jun 2, 2011 at 9:19 AM, Alef <[email protected]> wrote: > Thanks Adam, > i will ponder over this a bit more and see if i get it through my thick skull > :-) > > > On Jun 2, 2011, at 12:09 AM, Adam Booth wrote: > >> Hi Alef, >> >> Yes, a bit mask is most likely how the router treats it under the hood. >> >> Taking your example: >> >> If we look at 200.0.0.0 0.0.254.0 >> >> The first two and the last parts of the network have to match (due to the >> 0's in the mask) >> >> So we know already that networks/IPs of 200.0.X.0 are candidates >> >> 254 and 0 when converted to bit strings are >> >> mask 11111110 >> source 0000000 >> >> 1 is a don't care >> 0 is a must match >> >> since at the only must match, the source value is a 0, the candidate string >> must have a 0 at that bit position. Any binary number with the least >> significant bit set to 0 is even, so this ACL will match all even candidates >> >> 200.0.1.0 0.0.254.0 >> >> 254 and 1 when converted to bit strings are >> >> mask 11111110 >> source 0000001 >> >> since at the only must match, the source value is a 1, the candidate string >> must have a 1 at that bit position. Any binary number with the least >> significant bit set to 1 is odd, so this ACL will match all odd candidates. >> >> Cheers, >> Adam >> >> >> On Thu, Jun 2, 2011 at 8:57 AM, Alef <[email protected]> wrote: >> Hi Adam, >> Thanks, i think i get most of it, i just want to make sure i have the math >> system down. The easy tricks like inverting or subtracting 255 i get, but i >> really want to know the logic behind it and get it down before continueing >> (although the more examples i see the more i feel i understand it). The bit >> about matching odd and even networks really threw me off at first. It seems >> the wildcard mask is more like a bitmask then anything else. >> And the odd/even thing i'm still not entirely sure. I.e. there is a lab >> somewhere where i think, 200.0.0.0 0.0.254.0 is used and 200.0.1.0 0.0.254.0 >> >> so same wildcard mask, different network and both match either odd or even. >> I understand if the lsb is set you always get an odd, and otherwise even, >> but what does having a different network value tip the scale for that? >> >> On Jun 1, 2011, at 11:47 PM, Adam Booth wrote: >> >>> Hi Alef, >>> >>> Which part is getting you confused? >>> >>> One of the most important things to be aware of is that a wildcard mask is >>> not just an inverted network mask. >>> >>> A rule regarding netmasks is that when looking at it as a binary sequence >>> it has to be a bunch of consecutive 1s and 0s, as soon as the first 0 >>> appears, the following digits must continue to be 0 >>> >>> For a wild card mask, the above concept does not apply, 1s and 0s can be in >>> any order. The binary sequence of the wild card mask has a meaning that a >>> 0 means, the value of this bit much match, where a 1 means, I don't care >>> what the source value is and is therefore an implied match. >>> >>> To give a simple example, say you are in OSPF and have an interface >>> 192.168.1.1/24 that you wish to enable. >>> >>> You could be most specific and do >>> >>> router ospf 1 >>> network 192.168.1.1 0.0.0.0 area 0 >>> >>> or more general and do >>> >>> router ospf 1 >>> network 192.168.1.0 0.0.0.255 area 0 >>> >>> I guess you could just go directly to the interface and do "ip ospf 1 area >>> 0" but that kind of sidelines the use case here, so lets ignore that for >>> the time being :) >>> >>> in both cases OSPF would be enabled for the interface, however if you >>> wanted to have the most direct control, specifying the complete address and >>> using an exact wildcard mask ensures that only that interface gets >>> activated. For example if I renumbered the interface on 192.168.1.1/24 to >>> 192.168.1.111/24 in the first case OSPF would be disabled for the interface >>> and the later it would not since the IP still matches the wildcard mask. >>> >>> There are also interesting things you can do with ACLs to match multiple >>> non-consecutive IP addresses by use of an interesting wildcard mask, these >>> rely on a base IP address and a wildcard string that relies on must >>> match/don't care values for the binary string. >>> >>> Is that of any help? >>> >>> Cheers, >>> Adam >>> >>> >>> On Thu, Jun 2, 2011 at 7:22 AM, Alef <[email protected]> wrote: >>> Does anyone have any recommendations for a good tutorial on wildcard masks? >>> I know the one on the ipexpert site, i'm afraid i need some more material >>> to digest if possible ;-) >>> i'm somewhere in between getting it and not getting it i think >>> thanks, >>> alef >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
