If you’ve been doing Networking, then you are probably familiar with CIDR notation, and how it correlates to Subnet Masks and Wildcard Masks. Which means you know that a /26
correlates to a Subnet Mask of 255.255.255.192
and a Wildcard Mask of 0.0.0.63
.
But what is the purpose of a Wildcard Mask if you already have Subnet Masks that largely do the same thing? That is a good question. And the answer to that is they allow Discontiguous Wildcard Masks.
Subnet Masks can only identify sequential IP addresses. Wildcard Masks, however, can identify IP addresses which are not sequential.
This video talks through what that means, how that works, and illustrates combining 8 different non-sequential /24 networks using a single Wildcard mask.
Topics Covered:
- Basic definition of Wildcard Masks
- Basic definition of Discontiguous Wildcard Masks
- Topology explanation
- How an Access Control List (ACL) matches traffic
- Theory behind a Discontiguous Wildcard Mask
- Viewer Quiz – Find where else Discontiguous Wildcard Mask can be used
- Why do Discontiguous Wildcard Mask exists?
- Why Discontiguous Wildcard Masks are rarely used today
- Regular Wildcard Mask are still used today
A pre-cursor to this video is the video I created recently that defines Wildcard Masks themselves.
Hy
where and what is the use of this type of Discontiguous Wildcard Masks
The purpose is to reduce the lines you need in your ACL. You can optimize by combining multiple ACL entries into a fewer entries.
That said, in the current day, the benefit is less valuable. I speak to why in the video.
Regarding the redundant ACL entries mentioned at ~6.30 in the video, ACL lines was reduced to 10.96.32.0 0.3.8.25. Does that mean, results would be just the same using 10.99.40.0 0.3.8.255?
Yes, but generally the “Network ID” used along with the Subnet Mask are listed with the “1” bits set to 0.
For instance:
Notice, if you set all the “1” bits in the Wildcard mask
0.3.8.255
to0
, you end up with10.96.32.0