From: Kenneth Wygand (KWygand@customonline.com)
Date: Mon May 03 2004 - 09:13:42 GMT-3
OK, Here's a clue. Map out the binary conversion of all the networks I provided. Then realize, the _only_ time you can put a "don't care" or "wildcard" bit in is when you want to match combinations of networks that bit provides. For example, if I wanted to match the following:
128.128.128.0 = 10000000.10000000.10000000.00000000
If I used the following "don't care" bits:
0.0.128.0 = 00000000.00000000.10000000.00000000
Since the 17'th bit is a "1", it means I don't care about this bit. Therefore I would have to be matching the network combination when this bit is both a "0" and a "1" in the network option. So I would be matching:
10000000.10000000._0_0000000.00000000 = 128.128.0.0
10000000.10000000._1_0000000.00000000 = 128.128.128.0
Sooo... when I decide how I can summarize these networks, the only time I can summarize an address is when the rest of the address ("care" bits) are identical across at least two networks in my pool I am trying to match. Furthermore, all combinations of "don't care" bit values must be matched as well. So if I am trying to match 16 networks, the _most_ number of "don't care" bits I can use would be x, where x^2=16. In this case, the most number of "don't care" bits without summarization would be 4 bits... and that's _only_ if I am matching all these networks in a single line! If the networks provided don't fall on "common bit boundaries", I have to use even less than this...
There are two approaches to finding "wildcard masks". The first approach is the "I don't care if I overlap, just give me the fewest number of ACL lines to include all of these networks". This is the approach taken by Brian McGahan's tutorial found at the following link:
http://www.internetworkexpert.com/resources/01700370.htm <http://www.internetworkexpert.com/resources/01700370.htm>
However, this approach will not work for my question because I do _not_ want _any_ overlapping addresses (oversummarization)! The question does _not_ say it has to be done in one line, two lines or ten lines. The question says the _fewest_ number of lines _without_ oversummarization. This implies that not oversummarizing is the absolute first priority, with fewest number of lines being the second priority.
I'll let you guys struggle with this a little more because it really is quite a lesson of how subnetting works, and _completely_ relevant in any capacity in the network design world.
Good luck,
Ken
-----Original Message-----
From: Devi Mallampalli [mailto:Devi.Mallampalli@chubb.com.au]
Sent: Mon 5/3/2004 4:15 AM
To: Kenneth Wygand; ccielab@groupstudy.com
Cc:
Subject: RE: Quiz Question of the Day 20040502
Hi Group & Ken,
The trick I think here is to use "NCBB" ( non common bit boundary),
which is opposite to CBB which we normally use during
summarization/aggregation. For example in the first half of the
question, instead of 8 x 10.1.x.x prefix ACL commands for the following
networks, we can indeed derive similar result with 4 commands by picking
up NCBB on the 3rd octet and lock down the mask accordingly as stated
below.
8 networks : >>>>>>>
10.1.1.0 /24
10.1.2.0 /24
10.1.4.0 /24
10.1.8.0 /24
10.1.16.0 /24
10.1.32.0 /24
10.1.64.0 /24
10.1.128.0 /24
Condensed to 4 networks and at the same time allowing every thing else
>>>>>>
10.1.1.0 /24 00001010.00000001.00000001.00000000 /
11111111.1111111.11111111.0
10.1.2.0 /24 00001010.00000001.00000010. 00000000 /
11111111.1111111.11111111.0
10.1.1.0 / 0.0.1.255 >>>>>>>>>>>>>>
10.1.4.0 /24 00001010.00000001.00000100. 00000000 /
11111111.1111111.11111111.0
10.1.8.0 /24 00001010.00000001.00001000. 00000000 /
11111111.1111111.11111111.0
10.1.4.0 / 0.0.4.255 >>>>>>>>>>>>>>
10.1.16.0 /24 00001010.00000001.00010000. 00000000 /
11111111.1111111.11111111.0
10.1.32.0 /24 00001010.00000001.00100000. 00000000 /
11111111.1111111.11111111.0
10.1.16.0 / 0.0.16.255 >>>>>>>>>>>>
10.1.64.0 /24 00001010.00000001.01000000. 00000000 /
11111111.1111111.11111111.0
10.1.128.0 /24 00001010.00000001.10000000. 00000000 /
11111111.1111111.11111111.0
10.1.64.0 / 0.0.64.255 >>>>>>>>>>>>
Dev
-----Original Message-----
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Monday, 3 May 2004 9:36 AM
To: ccielab@groupstudy.com
Subject: Quiz Question of the Day 20040502
Write an access list (ACL 10) using the _fewest_ number of lines that
denies _all_ of the following networks _without_ oversummarization and
permits all other networks.
10.1.1.0 /24
10.1.2.0 /24
10.1.4.0 /24
10.1.8.0 /24
10.1.16.0 /24
10.1.32.0 /24
10.1.64.0 /24
10.1.128.0 /24
10.1.1.0 /24
10.2.1.0 /24
10.4.1.0 /24
10.8.1.0 /24
10.16.1.0 /24
10.32.1.0 /24
10.64.1.0 /24
10.128.1.0 /24
If you really understand how access lists work, this one should be
easy... :)
Ken
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
*************************************************************
This email and any files attached are considered
confidential and intended solely for the use of the
individual or entity to whom this email is addressed.
If you have received this email in error, please send a
reply message to this email address.
This footnote also confirms that the above email has been
scanned for the presence of computer viruses.
*************************************************************
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:03 GMT-3