Solved: Re: Need help with Extended ACL List BGP permit/deny

hfakoor222 · ‎03-30-2022

I'm trying to interpret the ACL commands for extended ACL applied to BGP, which is slightly different than applied ti IGP

I need help with the subnet mask part

first entry 255.255.0.0 0.0.0.0

is /16 prefix as 255.255.0.0 resolves to /16 in standard (non-wildcard) prefix definition

the 2nd line

255.255.255.0 0.0.0.0

resovles to /24 prefix and the wildcard portion is 0 (bold) so there is no range

the third line 255.255.255.0 0.0.0.255

resolves to /24 for first part and /32 for bolded wildcard portion

so a /24 to /32 prefix length

the last box makes no sense to me

255.255.255.128 resolves to /25, as 128 takes it from 24 to 25 bits

this is where I get confused

0.0.0.127 resolves to /32?

The last row in the image aboce says "a /25 to /32" prefix length

I'm, interpreting the extended ACLs applied to BGP as standard mask and wildcard mask, and to me I do not see how /127 resolves to /32.

Jon Marshall · ‎03-30-2022

You really need to write it out in binary to make sense ie. an octet has 8 bits with values -

128 64 32 16 8 4 2 1

for the 3rd line the subnet mask is 255.255.255.0 ie. /24 and then you have the whole of the last octet to use which gives you the values 25 - 32.

If you add up 128 + 64 + 32 + 16 etc. you get 255 which is where the .255 comes in for the last octet of the wildcard mask.

For the 4th line your subnet mask is 255.255.255.128 ie. you have used the first bit of the last octet for the subnet so you only have the last 7 bits left which covers values 26 - 32.

If you add up 64 + 32 + 16 etc. in the last octet you get 127 which is where the .127 value comes in for the last octet of the wildcard mask.

Does that make sense ?

Jon

View solution in original post

Flavio Miranda · ‎03-30-2022

There´s no image in your post.

hfakoor222 · ‎03-30-2022

image posted

Jon Marshall · ‎03-30-2022

You really need to write it out in binary to make sense ie. an octet has 8 bits with values -

128 64 32 16 8 4 2 1

for the 3rd line the subnet mask is 255.255.255.0 ie. /24 and then you have the whole of the last octet to use which gives you the values 25 - 32.

If you add up 128 + 64 + 32 + 16 etc. you get 255 which is where the .255 comes in for the last octet of the wildcard mask.

For the 4th line your subnet mask is 255.255.255.128 ie. you have used the first bit of the last octet for the subnet so you only have the last 7 bits left which covers values 26 - 32.

If you add up 64 + 32 + 16 etc. in the last octet you get 127 which is where the .127 value comes in for the last octet of the wildcard mask.

Does that make sense ?

Jon

hfakoor222 · ‎03-30-2022

yes

128 64 32 16 8 4 2 1

the 2nd line

255.255.255.0 0.0.0.0

gives /24 exact

the third line the command is 255.255.255.0 0.0.0.255

so 1+ 2 + 4 + 8 + 16 + 32 + 64 + 128

= 255

as user defines the 0.0.0.255 wildcard to allow for this range

255.255.255.128

is /25 prefix

we use 0.0.0.127 as 7 digits to play around with

starting from 0 in wildcard

0 1 (1digit) 3(2 digit) 7 (3 digit) 15(4digit) 31(5digit) 63(6digit) 127 (7 digit) 255(8digit)

which makes it a range /25 - /32