Hello everyone.
This article was written for those who are already familiar with subnetting calculations and well understand the operating dynamics of the network mask. The wildcard mask (mask Joker) is a common feature in the configuration of routers and other equipment, mainly with regard to the write access control lists (ACL) and even the configuration of some dynamic routing protocols. This week a student asked me to write a blog article explaining the concept of wildcard mask, beyond that simplistic cliché that they are the inverse of the network mask. Well, then let the explanation ...
This article was written for those who are already familiar with subnetting calculations and well understand the operating dynamics of the network mask. The wildcard mask (mask Joker) is a common feature in the configuration of routers and other equipment, mainly with regard to the write access control lists (ACL) and even the configuration of some dynamic routing protocols. This week a student asked me to write a blog article explaining the concept of wildcard mask, beyond that simplistic cliché that they are the inverse of the network mask. Well, then let the explanation ...
Let's start with an objective answer to the following question:
Why wildcard mask instead of the traditional network mask?
A: Because the wildcard mask offers greater flexibility.
Why wildcard mask instead of the traditional network mask?
A: Because the wildcard mask offers greater flexibility.
Here then the second question arises:
Why wildcard mask offers greater flexibility?
This response takes a little discussion ...
Why wildcard mask offers greater flexibility?
This response takes a little discussion ...
It is important to remember that the network mask and the mask joker are not directly related to each other. Remember that the purpose of the network mask is to establish a boundary between what we call the network prefix (network identifier) and the host suffix (identifcador a host on the network) necessarily in that order (contiguous). That is, the net mask of the structure there is an uninterrupted sequence of 1 bits (prefix) and then an uninterrupted sequence of 0 bits, without interleaving bits 0s and 1s. On the other hand the wildcard mask does not have this rigid structure and the bits are treated individually, so you can have masks wildcards that interleave bits 0s and 1s.
In traditional network mask bits sigificam:
- 1 = NETWORK
- 0 = HOST
In the wildcard mask bits siginificam:
- 1 = the equivalent bit is irrelevant and can take any value
- 0 = the equivalent bit MUST be equal
Um, so that's where comes the flexibility of wildcard masks !!! ??? It seems that conceptually things are getting a little clearer, but we will continue to develop this reasoning from a practical example of the flexibility of wildcard masks. A classic example concerns the wildcard mask 0.0.0.254 for matching purposes only those IP addresses with even or odd values in the last octet of networks / 24.
Taking the IP address 192.168.0.10 (pair) as a reference, in binary it is equivalent to:
> 11000000.10101000.00000000.00001010
> 11000000.10101000.00000000.00001010
The wildcard mask 0.0.0.254 binary equivalent to:
> 00000000.00000000.00000000.11111110
A value of 0 in the mask wildcard (highlighted in red) indicates that the respective positional bit of an IP address any should be equivalent to the reference address, while a value of 1 indicates that the positional bits do not matter and can take any value.
All IP addresses that have the last odd octet end with bit 1, while all IP addresses that are even end in 0. Thus, if the IP address associated with wildcard mask is even (192.168.0.10), then there will only be correspondence with other peers addresses, whatever. For example, 192.168.0.22 equals 11000000.10101000.00000000.00010110. Notice the lines below as is the comparison between the reference address, the address to be tested and the mask wildcard (especially in red in the "locked" bit):
All IP addresses that have the last odd octet end with bit 1, while all IP addresses that are even end in 0. Thus, if the IP address associated with wildcard mask is even (192.168.0.10), then there will only be correspondence with other peers addresses, whatever. For example, 192.168.0.22 equals 11000000.10101000.00000000.00010110. Notice the lines below as is the comparison between the reference address, the address to be tested and the mask wildcard (especially in red in the "locked" bit):
> 11000000.10101000.00000000.00001010 = IP 192.168.0.10 (reference)
> 11000000.10101000.00000000.00010110 = IP 192.168.0.22
> 00000000.00000000.00000000.11111110 = Wildcard Mask
The first three octets had a match because all the first 24 bits of the address 192.168.0.10 192.168.0.22 and are equal, equivalent to 192.168.0 (prefix / 24). The last octet had a match because the last bit of 192.168.0.10 192.168.0.22 and address is equal, equal to 0 (both pairs).
Now let us take an example of the opposite, ie the IP 192.168.0.33 (odd) that is in binary 11000000.10101000.00000000.00100001. By comparing this address with the reference address (192.168.0.10) and accompanying mask joker is evident that there is no match on the last bit, so the address 192.168.0.33 is rejected.
Now let us take an example of the opposite, ie the IP 192.168.0.33 (odd) that is in binary 11000000.10101000.00000000.00100001. By comparing this address with the reference address (192.168.0.10) and accompanying mask joker is evident that there is no match on the last bit, so the address 192.168.0.33 is rejected.
> 11000000.10101000.00000000.00001010 = IP 192.168.0.10 (reference)
> 11000000.10101000.00000000.00100001 = IP 192.168.0.33
> 00000000.00000000.00000000.11111110 = Wildcard Mask
The first three octets had a match because all the first 24 bits of the address 192.168.0.10 192.168.0.33 and are equal, equivalent to 192.168.0. The last byte has not a match because the last bit of the address is 192.168.0.10 0 (2), while the last bit of the address is 192.168.0.33 1 (2).
So you can use the wildcard mask 0.0.0.254 associated with an even address to allow only even addresses, while the combination of this mask joker with an odd address implies match only with odd addresses. This is often only an example used to demonstrate the flexibility of the wildcard mask.
A recommendation to work quickly with the wildcard masks in daily operations is to think of it as the "inverse" of the network mask. For example, the values of wildcard masks associated with the masks patterns are:
So you can use the wildcard mask 0.0.0.254 associated with an even address to allow only even addresses, while the combination of this mask joker with an odd address implies match only with odd addresses. This is often only an example used to demonstrate the flexibility of the wildcard mask.
A recommendation to work quickly with the wildcard masks in daily operations is to think of it as the "inverse" of the network mask. For example, the values of wildcard masks associated with the masks patterns are:
- 255.0.0.0 (/08) = WC 0.255.255.255
- 255.255.0.0 (/16) = WC 0.0.255.255
- 255.255.255.0 (/24) = WC 0.0.0.255
Decorate these values associated with the masks standards is not enough to help you in environments where there are subnets that do not follow the standard classes (classless). When the environment has subnets using network masks than the traditional / 8/16 or / 24, the mask Joker can be obtained by subtraction mask in use on the subnet value 255.255.255.255. For example, a network / 26 (255,255,255,192) has the wildcard 0.0.0.63 (example), while a network / 30 (255.255.255.252) has the wildcard 0.0.0.3 (example b).
-------------------------------------------------------
a) Exemplo:Sub-network /26 | b) Exemplo: Sub-network /30
---------------------------|---------------------------
255.255.255.255 | 255.255.255.255
(-) | (-)
255.255.255.192 | 255.255.255.252
_______________ (=) | _______________ (=)
0. 0. 0. 63 | 0. 0. 0. 3
-------------------------------------------------------
Still not sure? Keep studying and practicing ...
V3r0nocy
Ok, That's all about work as the Wildcard Masks Thank you for visiting, and have a nice day
work as the Wildcard Masks
0 komentar:
Post a Comment