Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: network prefix matching

network prefix matching 9 years 5 months ago #21042

  • unlight
  • unlight's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
Hello,

I was wondering if anybody could direct me to some resources on how IP prefix matching works, e.g. BGP using IP prefixes to transmit reachable destinations of that BGP speaker (network-layer reachability information).

I get confused with how the equality operators work (le, ge etc), for instance, what exactly does 192.168.0.0/16 less than /24 match out? The way I see it the /16 would match anything higher then 192.168.0.0 but the /24 limits it to 192.168.0.254.

Any help appreciated.

Thanks!
The administrator has disabled public write access.

Re: network prefix matching 9 years 5 months ago #21049

  • krik
  • krik's Avatar
  • Offline
  • Frequent Member
  • Posts: 69
  • Karma: 0
what exactly does 192.168.0.0/16 less than /24 match out

192.168.0.0/16 is the range on which you want to match, in other words it is anything between 192.168.0.0 and 192.168.255.255

less than /24 means that any subnet within this range and with a netmask smaller than 24 will match.

so 192.168.3.0/23 will match
but 192.168.3.0/24 won't match.

Finally, 192.168.0.0/15 won't match because it is greater than your range (192.168.0.0/16)
Christophe Lemaire
www.exp-networks.be/blog/
The administrator has disabled public write access.

Re: network prefix matching 9 years 5 months ago #21050

  • krik
  • krik's Avatar
  • Offline
  • Frequent Member
  • Posts: 69
  • Karma: 0
And hop! A small link! :D
Christophe Lemaire
www.exp-networks.be/blog/
The administrator has disabled public write access.

Re: network prefix matching 9 years 4 months ago #21468

  • unlight
  • unlight's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
Hey Krik - thanks for the explanation and link.

What you've explained makes sense - I was thinking in terms of indivdual addresses rather than subnets i.e. I figured if you are going to accept 192.168.0.0/16 it seemed odd to deny 192.168.xxx.xxx/32 when you've already accepted the entire /16 range of addresses.

However, I am a little bit confused on the whole point of the operation - I'm guessing in the context of BGP it is prudent to deny small subnets from your peers to keep your routing table down? for instance if in your peering relationship you only accept 192.168.0.0/16 le 192.168.0.0/29 you wont get your routing table hammered with a whole bunch of probably unnecessary small subnets - or even better you only accept 192.168.0.0/16 exact to consolidate all those routes into one entry in your routing table?

thanks again.
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup