Complex Route Summarization
Thursday, 17 April 2008
I've already posted about route summarization but I found this interesting technique for calculating complex route summaries at http://www.sadikhov.com/forum from member MarkinManchester. Thanks Mark!
Sometimes you are asked to filter a complex set of routes using as few lines as possible. Here we will examine a way to calculate the subnet and wildcard for such a scenario. With some practice, you should be able to calculate any set in 5 minutes or less. It is also recommend to test your results in a lab setting, using loopbacks and distribute-lists.
For example, say we are asked to filter the following routes using a one-line filter:
102.17.63.0
126.22.61.0
111.22.57.0
125.33.101.0
First, make a table as shown:
Then, enter the decimal digits from the first octet in the left-hand column. Convert each number to binary. You can use Windows Calculator set to Scientific Mode to do the conversion if you so wish.
In the binary area, first check the octet then column by column, apply the following rules:
- If the entire octet is 0, the subnet is 0 for that octet, and the mask is 255 for that octet.
- Else If the column is all 0’s, the subnet is 0, and the mask is 0
- Else If the column is all 1’s, the subnet is 1, and the mask is 0
- Else the column is a mixture of 1’s and 0’s, the subnet is 0, and the mask is 1.
For the first octet the table should look like:
Convert the binary Subnet and Wildcard Mask to decimal to complete the table:
So far, our filter looks like: 100.xxx.xxx.xxx 27.xxx.xxx.xxx
For the second octet the completed table should look like:
Our summary address now looks like: 100.0.xxx.xxx 27.55.xxx.xxx
For the third octet the completed table should look like:
Our summary address now looks like: 100.0.33.xxx 27.55.94.xxx
Now the last octet for all addresses is zero so the subnet address must be 0 in the last octet and the wilcard mask must be 255 in the last octet.
Our completed summary address looks like: 100.0.33.0 27.55.94.255
Apply this technique as you wish, for example:
access-list 1 permit 100.0.33.0 27.55.94.255
This is a great technique for reducing something complex into easier computation so hats off to Mark again for turning me on to this.
Posted byChris Bloomfield at 19:47
Labels: complex, Route Summarization, Summarisation, summary routes, Supernetting, wildcard
Is it really so that you can made that kind of subnet masks?
I highly doubt it..
But sure I can be wrong also :)
Don't doubt it, try it!
Whoa! ...chris .... This Looks really amazing and something which could distinguish you from the others in the real world scenarios..Thank you.
J
Hey Chris!
Yes, I do know we can play a bit around with the Wildcard mask but only to a certain level.
Let me focus on the first octet of the summary 100.0.33.0 27.55.94.255, which is 100.
The network 100 with a WC of 27 gives the following:
01100100=100
============
00011011=027
------------
Where WC 0 is an exact match and WC 1 is a don't care match. Iterating, we get the following:
01100100=100
01100101=101
01100110=102
01100111=103
--------------
01101100=108
01101101=109
01101110=110
01101111=111
--------------
01111100=124
01111101=125
01111110=126
01111111=127
The above does allow the networks below
102.17.63.0
126.22.61.0
111.22.57.0
125.33.101.0
but also allows others involved in the resulting networks where the WC mask was applied.
Though the idea is somewhat promising, it will not actually work to allow just the 4 /24 networks stated above.