ACL question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Morning,

I'm just trying to get my head around Access Control lists and the inverse mask using this here page.

Now it says that these network addresses;

192.168.32.0/24
192.168.33.0/24
192.168.34.0/24
192.168.35.0/24
192.168.36.0/24
192.168.37.0/24
192.168.38.0/24
192.168.39.0/24

Can be summarised into one address: 192.168.32.0/21 or 192.168.32.0 255.255.248.0 to give you the inverse mask of 0.0.7.255.

This makes sense so far and I think I understand it.

However, in the next example, these addresses;

192.168.146.0/24
192.168.147.0/24
192.168.148.0/24
192.168.149.0/24

Can not be summarised into one network address, you need a minimum of 2 networks. Yet when you write them out in binary the first 5 bits of the third octet are all the same and is the same as the first example.

I do not understand why you can not put these all in one network!

Could somebody explain to me why this is the case?

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

First off, just to make sure we're clear, you've stated ACL (Access Control Lists) in the header but the real question is about summarization.
OK so let's try this.
The thing to remember is that route summarization is used to combine a number of routes into fewer statements, thus it takes less memory and processor resources.

From your example
192.168.146.0/24
192.168.147.0/24
192.168.148.0/24
192.168.149.0/24

You're right, the following address does work (it can be used to summarize the addresses):
Decimal: 192.168.144.0
Binary: 11000000.10101000.10010000.00000000

However, it does too much. Let's work out the example:
11000000.10101000.1001xxxx.0
'xxxx' - inclussions
0001 - 145
--0010 - 146
--0011 - 147
--0100 - 148
--0101 - 149
0110 - 150
0111 - 151
1000 - 152
1001 - 153
1010 - 154
1011 - 155
1100 - 156
1101 - 157
1110 - 158
1111 - 159

You'll see that the problem is not only does the summarization cover the routes in the question, but also everything else between:
192.168.144.0 - 192.168.159.0 That's way beyond the scope of the question.
What does it mean? Any route between the summarized range will be advertised out this router.

By using 2 more bits you can summarize without capturing the extra routes:
11000000.10101000.100100xx. - includes: 192.168.146-147
11000000.10101000.100101xx. - includes: 192.168.148-149

Hope that helps...
It's pretty early for me, so if it doesn't make sense let me know

 

Hey Sunn,

That's great and makes perfect sense

The reason I stated ACL's was because that was what I was reading up on when summarisation popped on to the scene. Didn't realise it was a different subject, but now I do it's something else to go and learn!

Thanks again

 

Glad to be of service