Solved: when and why we use /31 subnet - Page 2

mahesh18 · ‎02-07-2011

Hi all,

i know about /30 subnet we use when we have to use point to point network.

/30 we use when we need only 2 hosts on either end of network.

cansomeone tell me why and when we use /31 subnet mask.

thanks

mahesh

koningcoding03540 · ‎04-24-2020

/30 gives you 2^2 = 4 ip addresses. Only 2 of these can be used for hosts.

/31 would give you 2^1 = 2 ip addresses, none of which can be used for hosts.

A /31 network sounds impossible/nonsensical to me. My CCNA Reference table also doesn't show it as an option when discussing DDN mask values.

Georg Pauwen · ‎04-24-2020

Hello,

I think ISPs often use /31 masks for point to point connections, after all, you don't need a broadcast address for these type of links. With IP addresses being sparse, it helps conserve them...

Joseph W. Doherty · ‎04-25-2020

Perhaps you need a CCNP or CCIE reference table. ;)

I can tell you from first hand experience, it does work.

If you want to learn more, you might start with: https://tools.ietf.org/html/rfc3021

Joseph W. Doherty · ‎04-25-2020

NB: not all equipment supports /31s, but generally "newer" equipment does.

As mentioned by others, effectively it allows you to have twice as many p2p links using the same address block.

quangvuk · ‎03-12-2023

Another case you can use /31 CIDR is to permit in ACL for 2 host in a same subnet.

Ex:
Host1 IP: 10.10.10.2
Host2 IP: 10.10.10.3

You want to permit 2 hosts to ping to 10.10.20.1

Instead of :
....
10 permit icmp host 10.10.10.2 host 10.10.20.1
10 permit icmp host 10.10.10.3 host 10.10.20.1

You can:
10 permit icmp 10.10.10.2 0.0.0.1 host 10.10.20.1

I hope it's helpful.

quangvuk · ‎03-12-2023

@quangvuk wrote:
Another case you can use /31 CIDR is to permit in ACL for 2 host in a same subnet.
Ex:
Host1 IP: 10.10.10.2
Host2 IP: 10.10.10.3
You want to permit 2 hosts to ping to 10.10.20.1
Instead of :
....
10 permit icmp host 10.10.10.2 host 10.10.20.1
10 permit icmp host 10.10.10.3 host 10.10.20.1
You can:
10 permit icmp 10.10.10.2 0.0.0.1 host 10.10.20.1
I hope it's helpful.

Correct is:

Instead of :
....
10 permit icmp host 10.10.10.2 host 10.10.20.1
20 permit icmp host 10.10.10.3 host 10.10.20.1

You can:
10 permit icmp 10.10.10.2 0.0.0.1 host 10.10.20.1

Joseph W. Doherty · ‎03-12-2023

Laugh, I read, and re-read and re-read this posting, looking for the correction. I finally found it, two ACEs had a duplicate sequence number.

BTW, perhaps you don't know, but the little circle, with a "v" in it, at top right of each posting, should allow you to edit your posting. I.e. you might have just corrected your original posting without needing to post a "corrected" posting.

To the point you raise, yes, you can match all the IPs in a /31 using a single ACL ACE. Of course, somewhat similar applies to using a mask against other address blocks. I.e. you can match any binary address block, it doesn't have to be a direct network prefix match.

This technique might improve efficiency, as the network device can use fewer statements to achieve the same results.

A couple of downsides, though, many might not realize what/why your ACE is configured that way. Some platforms, might, internally, being doing that already (I believe some switches do this when programming matches in their TCAM). If for some reason, you want to track match counts and/or log hits, you've lost granularity, i.e. you now only have aggregate results.

quangvuk · ‎03-13-2023

@Joseph W. Doherty Thank you for your reply Now I know there is another menu in "v" =)) It's better if Cisco can choose another icon for it.

You are right for the downsides. It's better to make it clear.

Joseph W. Doherty · ‎03-13-2023

"You are right for the downsides. It's better to make it clear."

BTW, my "downsides" are not intended as "should NOTs", they might just be considered, when deciding on an approach.