RE: route filtering with wild-card mask

From: John Matus (john_matus@hotmail.com)
Date: Fri Jun 10 2005 - 00:52:40 GMT-3

• Next message: Wang, Ting \(Taylor\): "IP CEF"
• Previous message: John Matus: "wccp redirection question"
• Maybe in reply to: John Matus: "route filtering with wild-card mask"
• Next in thread: John Matus: "RE: route filtering with wild-card mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hmmm........i guess the way i was taught to look at it was off.
but if you have the mask 0.0.1.0, from what you have said, does that not
also give the possiblity of having the route 30.1.2.0 as well?

>From: "Scott Morris" <swm@emanon.com>
>Reply-To: <swm@emanon.com>
>To: "'John Matus'"
><john_matus@hotmail.com>,<noble@inserviceindia.com>,<ccielab@groupstudy.com>
>Subject: RE: route filtering with wild-card mask
>Date: Thu, 9 Jun 2005 23:28:05 -0400
>
>Not really... Sorry that was more confusing! (have caffeine, or if
>already
>had too much, try alcohol!)
>
>A "1" in the wildcard means that you don't care what that bit value is.
>
>Remember that these are octets, so your 0.0.1.0 really means
>00000000.00000000.00000001.00000000 as the mask. And in that ONE
>particular
>position that you have a "1" value, you could care less what the value is.
>Every other bit must remain the same.
>
>The router sees:
>
>30.1.0.0 = 00011110.00000001.00000000.00000000 as the starting point.
> 0.0.1.0 = 00000000.00000000.00000001.00000000 as the mask to apply to
>those
>starting bits.
>==============================================
>Result = 00011110.00000001.0000000x.00000000 where 'x' can be a 0 or a 1.
>Converting back, that would give you 30.1.0.0 and 30.1.1.0 as the possible
>matches.
>
>Think like the router does! The router sees 32 bits in a row, it doesn't
>care where those bits fall as far as the mask is concerned.
>
>Does that help? (if not, try more alcohol)
>
>;)
>
>Scott
>
>
>-----Original Message-----
>From: John Matus [mailto:john_matus@hotmail.com]
>Sent: Thursday, June 09, 2005 11:21 PM
>To: swm@emanon.com; noble@inserviceindia.com; ccielab@groupstudy.com
>Subject: RE: route filtering with wild-card mask
>
>krud.....actually that was almost more confusing to me than helpful.....but
>perhaps that's b/c i just got off of work :) so you're saying -
>access-list 1 deny 30.1.0.0 0.0.1.0 means that the 3rd bit can be
>anything....
>and
>access-list deny 30.1.0.0 0.0.0.0 matches the 3rd bit exactly, which is
>even?....
>
>so then it is the best approach to permit even routes in the 3rd octet to
>use:
>
>permit 30.1.0.0 0.0.0.0
>
>and the best way to permit only the odd routes would be to use:
>deny 30.1.0.0 0.0.0.0
>permit 30.1.0.0 0.0.1.0 ? is this correct scott?
>
> >From: "Scott Morris" <swm@emanon.com>
> >Reply-To: <swm@emanon.com>
> >To: "'John Matus'"
> ><john_matus@hotmail.com>,<noble@inserviceindia.com>,<ccielab@groupstudy
> >.com>
> >Subject: RE: route filtering with wild-card mask
> >Date: Wed, 8 Jun 2005 08:56:43 -0400
> >
> >Remember that a "1" bit in the wildcard mask means that you don't care
> >what the value it. "0" bit means that it must stay the same...
> >
> >So let's look at your third octet:
> >
> >00000000 ==> This is what you are setting the starting bits there.
> >00000001 ==> This is the mask you are using. (0.0.1.255) ========
> >0000000x ==> This is what you'll end up with. So a 0 or 1 can be in
> >that least significant bit position there, which means 0 or 1 are the
> >two values.
> >Obviously one of those is even, one is odd.
> >
> >To get all even or odd numbers, you need to make sure that the least
> >significant bit does NOT change ("0" in the wildcard mask). Anything
> >else, you don't care about.
> >
> >So:
> >
> >00000000 ==> Starting point
> >11111110 ==> Mask
> >========
> >Xxxxxxx0 ==> This will give you all EVEN networks since you started
> >with an even number. Change to the 31.1.1.0 starting point and the
> >same mask to get all ODD networks.
> >
> >HTH,
> >
> >Scott
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >John Matus
> >Sent: Wednesday, June 08, 2005 2:29 AM
> >To: noble@inserviceindia.com; ccielab@groupstudy.com
> >Subject: RE: route filtering with wild-card mask
> >
> >noble........from what i remember reading that does make
> >sense......like i said, you are matching anything in the third octed
> >with the least significant bit turned on <for odd>.......but i was
> >doing a lab last week and it worked just the oposite as
> >expected.....hence my question. it's perplexing. i wonder if anyone
> >else has had a similar experience with "deny 30.1.0.0 0.0.1.255'
> >denying the "even" routes instead of the odd
> >
> >john
> >
> > >From: "T. N. Noble" <noble@inserviceindia.com>
> > >To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
> > >Subject: RE: route filtering with wild-card mask
> > >Date: Wed, 8 Jun 2005 08:44:16 +0300
> > >
> > >I have a different understanding of your question. "DENY ANYTHING
> > >WITH
> >ODD
> > >3rd OCTET" may be looked at based on the provided networks / all
> >networks.
> > >
> > >If it is based on the provided network, then I believe that the ACL
> > >"access-list 1 deny 30.1.0.0 0.0.1.255" is more correct.
> > >
> > >Further if it is looked up on based on all the networks then the ACL
> >"deny
> > >30.1.0.0 0.0.1.0" may be correct.
> > >
> > >I may be wrong but was trying to put my interpretation of your
>question.
> > >
> > >Thanks,
> > >
> > >Noble
> > >
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > >Of John Matus
> > >Sent: 08 June 2005 07:57
> > >To: ccielab@groupstudy.com
> > >Subject: route filtering with wild-card mask
> > >
> > >ok,
> > >you have networks 30.1.1.0 and 30.1.2.0. you want to deny anything
> >with
> > >an odd 3rd octed
> > >
> > >now, i alway thought that you the access-list should be:
> > >
> > >access-list 1 deny 30.1.0.0 0.0.1.255 since you are matching
>anything
> > >with the last bit set to 1,
> > >or
> > >to deny any thing even you should use:
> > >
> > >access-list 1 deny 30.1.0.0 0.0.255.255 since only numbers with the
> > >least significant bit set to zero are even................but lately
> > >when i've been configuring offset-lists my findings have been just
> > >the opposite as anticipated....
> > >
> > >it this correct?
> > >
> > >as a side note, in the 1st example you can actually use "deny 30.1.0.0
> > >0.0.1.0" yeah? since you don't need to match the 1, 2, or 4th bit
><?>
> > >
> > >just trying to get my fact nailed down!
> > >
> > >tia
> > >
> > >_________________________________________________________________
> > >Dont just search. Find. Check out the new MSN Search!
> > >http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > >
> > >_____________________________________________________________________
> > >__ Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >_________________________________________________________________
> >Dont just search. Find. Check out the new MSN Search!
> >http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
>_________________________________________________________________
>FREE pop-up blocking with the new MSN Toolbar - get it now!
>http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>

• Next message: Wang, Ting \(Taylor\): "IP CEF"
• Previous message: John Matus: "wccp redirection question"
• Maybe in reply to: John Matus: "route filtering with wild-card mask"
• Next in thread: John Matus: "RE: route filtering with wild-card mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3