RE: Quiz Question of the Day 20040502

From: Kian Wah, Lai (kian_wah@qala.com.sg)
Date: Mon May 03 2004 - 00:13:42 GMT-3

Think this helps

http://www.internetworkexpert.com/resources/01700370.htm

Regards,
Kian Wah, Lai

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kenneth Wygand
Sent: Monday, May 03, 2004 10:41 AM
To: alsontra@hotmail.com
Cc: ccielab@groupstudy.com
Subject: RE: Quiz Question of the Day 20040502

Alsontra,
 
Let's take your first line for example:
 
Network (NET) = 10.0.0.0
Don't Care Bits (DCB) = 0.129.129.0
 
NET = 00001010.00000000.00000000.00000000
DCB = 00000000.10000001.10000001.00000000
 
Matching networks are:
 
00001010.00000000.00000000.00000000 = 10.0.0.0
00001010.00000000.00000001.00000000 = 10.0.1.0
00001010.00000000.10000000.00000000 = 10.0.128.0
00001010.00000000.10000001.00000000 = 10.0.129.0
00001010.00000001.00000000.00000000 = 10.1.0.0
00001010.00000001.00000001.00000000 = 10.1.1.0
00001010.00000001.10000000.00000000 = 10.1.128.0
00001010.00000001.10000001.00000000 = 10.1.129.0
00001010.10000000.00000000.00000000 = 10.128.0.0
00001010.10000000.00000001.00000000 = 10.128.1.0
00001010.10000000.10000000.00000000 = 10.128.128.0
00001010.10000000.10000001.00000000 = 10.128.129.0
00001010.10000001.00000000.00000000 = 10.129.0.0
00001010.10000001.00000001.00000000 = 10.129.1.0
00001010.10000001.10000000.00000000 = 10.129.128.0
00001010.10000001.10000001.00000000 = 10.129.129.0
 
Obviously, this is oversummarized since it includes a lot of networks that
we don't want to match.
 
An easy way to see this is to look at the _number_ of don't care bits in the
binary form of each of your ACL lines. Since your mask was
"0000000.10000001.10000001.0000000", you have 4 bits that can be flopped in
either direction and still make a match. That's 2^4 combinations, or 16
networks with that single statement. From your explanation, it appears as
if you only wanted to match 2 networks with that statement (10.128.1.0 and
10.1.128.0).
 
Now, if we didn't care about oversummarization, your answer would be
correct. But instead of matching the 16 networks listed, your lines of
configuration have matched 8 times as much, or 128 networks.
 
Does this make sense?
 
Ken
 
 
-----Original Message-----
From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
Sent: Mon 5/3/2004 12:22 AM
To: Kenneth Wygand
Cc: ccielab@groupstudy.com
Subject: Re: Quiz Question of the Day 20040502

        Yeah, my masking kunk-fu is very poor today, always- First guess was
        completely wild, here's my final answer Regis....
        
        10.0.0.0 0.129.129.0
        10.0.0.0 0.65.65.0
        10.0.0.0 0.33.33.0
        10.0.0.0 0.17.17.0
        10.0.0.0 0.9.9.0
        10.0.0.0 0.5.5.0
        10.0.0.0 0.3.3.0
        10.1.1.0 0.0.0.0
        
        Overlap is four nets- not sure how far is can go?
        
        
        Example of my thinking-
        
        10.128.1.0 00001010.00100000.00000010.00000000
        10.1.128.0 00001010.00000001.01000000.00000000
        
        10.0.0.0 - 00000101.00000000.00000000.00000000 AND
        0.129.129.0 - 00000000.01000010.01000010.00000000 XOR
        
        
        ********************************************************
        
        
        10.1.64.0 00000101.00000001.00100000.00000000
        10.64.1.0 00000101.00100000.00000010.00000000
        
        10.0.0.0 00000101.00000000.00000000.00000000 AND
        0.65.65.0 00000000.00100001.00100010.00000000 XOR
        
        
        Alsontra
        
        ----- Original Message -----
        From: "Kenneth Wygand" <KWygand@customonline.com>
        To: <alsontra@hotmail.com>
        Cc: <ccielab@groupstudy.com>
        Sent: Sunday, May 02, 2004 5:08 PM
        Subject: RE: Quiz Question of the Day 20040502
        
        
> Alsontra,
>
> Unfortunately not. If you actually map out the "don't care" bits
in your
        masks, your first mask is "00000000.00000000.01111111.11111111". If
we
        don't count the last octet (because these are host bits due to the
fact that
        I said the networks were /24's), you have 7 "don't care" bits for
your
        network portion. 2^7 is 128, so you are actually matching 128
networks with
        your first statement, much more than my question allowed. Likewise,
your
        second statement includes 14 "don't care" bits, totaling 16384
networks
        (2^14).
>
> Keep thinking... and think about how the "don't care" bits work.
It might
        help to actual map out the networks I mentioned in binary...
>
> Good luck!
> Ken
>
> -----Original Message-----
> From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
> Sent: Sun 5/2/2004 9:50 PM
> To: Kenneth Wygand
> Cc:
> Subject: Re: Quiz Question of the Day 20040502
>
>
>
> Sorry about that. I mean..
>
> 10.1.0.0 0.0.254.255
> 10.0.1.0 0.254.254.255
>
> Thnaks- Here for lucky guesses...????
>
>
> Alsontra
>
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, May 02, 2004 4:36 PM
> Subject: Quiz Question of the Day 20040502
>
>
> > Write an access list (ACL 10) using the _fewest_ number of lines
that
> denies _all_ of the following networks _without_ oversummarization
and
> permits all other networks.
> >
> > 10.1.1.0 /24
> > 10.1.2.0 /24
> > 10.1.4.0 /24
> > 10.1.8.0 /24
> > 10.1.16.0 /24
> > 10.1.32.0 /24
> > 10.1.64.0 /24
> > 10.1.128.0 /24
> > 10.1.1.0 /24
> > 10.2.1.0 /24
> > 10.4.1.0 /24
> > 10.8.1.0 /24
> > 10.16.1.0 /24
> > 10.32.1.0 /24
> > 10.64.1.0 /24
> > 10.128.1.0 /24
> >
> > If you really understand how access lists work, this one should
be
        easy...
> :)
> >
> > Ken
> >
> >

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:03 GMT-3