Welcome

First of all, may I welcome you to my site. My name is Chris and I'm from the UK and work as a Systems Engineer for Cisco. This blog was initially created to post up my subnetting technique but has now got more stuff to do with attaining Cisco certifications. Either way I really hope that the content is sufficent for your needs and I look forward to hearing your feedback. If you find that the content really helps you please feel free to donate using the PayPal link on the right.

To view the index of all my articles please click here.

Complex Route Summarization

I've already posted about route summarization but I found this interesting technique for calculating complex route summaries at http://www.sadikhov.com/forum from member MarkinManchester. Thanks Mark!

Sometimes you are asked to filter a complex set of routes using as few lines as possible. Here we will examine a way to calculate the subnet and wildcard for such a scenario. With some practice, you should be able to calculate any set in 5 minutes or less. It is also recommend to test your results in a lab setting, using loopbacks and distribute-lists.

For example, say we are asked to filter the following routes using a one-line filter:

102.17.63.0
126.22.61.0
111.22.57.0
125.33.101.0

First, make a table as shown:















Then, enter the decimal digits from the first octet in the left-hand column. Convert each number to binary. You can use Windows Calculator set to Scientific Mode to do the conversion if you so wish.















In the binary area, first check the octet then column by column, apply the following rules:


  1. If the entire octet is 0, the subnet is 0 for that octet, and the mask is 255 for that octet.
  2. Else If the column is all 0’s, the subnet is 0, and the mask is 0
  3. Else If the column is all 1’s, the subnet is 1, and the mask is 0
  4. Else the column is a mixture of 1’s and 0’s, the subnet is 0, and the mask is 1.


For the first octet the table should look like:















Convert the binary Subnet and Wildcard Mask to decimal to complete the table:















So far, our filter looks like: 100.xxx.xxx.xxx 27.xxx.xxx.xxx

For the second octet the completed table should look like:















Our summary address now looks like: 100.0.xxx.xxx 27.55.xxx.xxx


For the third octet the completed table should look like:















Our summary address now looks like: 100.0.33.xxx 27.55.94.xxx

Now the last octet for all addresses is zero so the subnet address must be 0 in the last octet and the wilcard mask must be 255 in the last octet.

Our completed summary address looks like: 100.0.33.0 27.55.94.255

Apply this technique as you wish, for example:

access-list 1 permit 100.0.33.0 27.55.94.255

This is a great technique for reducing something complex into easier computation so hats off to Mark again for turning me on to this.

Posted byChris Bloomfield at 19:47  

5 comments:

ProtoGollum said... 18 April 2008 at 11:20  

Is it really so that you can made that kind of subnet masks?

I highly doubt it..
But sure I can be wrong also :)

Chris Bloomfield said... 18 April 2008 at 12:03  

Don't doubt it, try it!

kyusan93 said... 26 August 2008 at 00:51  
This comment has been removed by the author.
Jatin said... 5 January 2010 at 09:26  

Whoa! ...chris .... This Looks really amazing and something which could distinguish you from the others in the real world scenarios..Thank you.

J

Jaeson Velasco said... 5 June 2010 at 03:23  

Hey Chris!

Yes, I do know we can play a bit around with the Wildcard mask but only to a certain level.

Let me focus on the first octet of the summary 100.0.33.0 27.55.94.255, which is 100.

The network 100 with a WC of 27 gives the following:

01100100=100
============
00011011=027
------------

Where WC 0 is an exact match and WC 1 is a don't care match. Iterating, we get the following:

01100100=100
01100101=101
01100110=102
01100111=103
--------------
01101100=108
01101101=109
01101110=110
01101111=111
--------------
01111100=124
01111101=125
01111110=126
01111111=127

The above does allow the networks below

102.17.63.0
126.22.61.0
111.22.57.0
125.33.101.0

but also allows others involved in the resulting networks where the WC mask was applied.

Though the idea is somewhat promising, it will not actually work to allow just the 4 /24 networks stated above.

Post a Comment