tozz@hpindda.HP.COM (Bob Tausworthe) (05/24/89)
I have a question concerning subnet masks. Normally, the masks I have seen are a sequence of 1's followed by a sequence of 0's, something like: 255.255.0.0. This corresponds to the high order portion of the IP address denoting the network number, and the low order portion denoting the subnet and host number portions. However, because the algorithm for using masks is to perform a logincal AND and test for equality, technically 255.255.0.255 could be used as a mask. Or could it? 1) is a mask such as 255.255.0.255 even legal (i.e. conform to specifications) 2) does anybody know of a network user whose mask is of the form above. tozz@hpda.hp.com
braden@VENERA.ISI.EDU (05/24/89)
However, because the algorithm for using masks is to perform a logincal AND and test for equality, technically 255.255.0.255 could be used as a mask. Or could it? 1) is a mask such as 255.255.0.255 even legal (i.e. conform to specifications) Yes. Please see Section 1.1.4 of RFC-1009, "Requirements for Internet Gateways". Bob Braden
amanda@intercon.UUCP (Amanda Walker) (05/25/89)
In article <6200023@hpindda.HP.COM>, tozz@hpindda.HP.COM (Bob Tausworthe) writes: > 1) is a mask such as 255.255.0.255 even legal (i.e. conform to specifications) A subnet mask can be any combination of 32 bits and still be legal. However, there do exist a number of IP implementations that can only handle masks with contiguous '1' bits, or worse, contiguous '255' bytes. These implementations are broken. -- Amanda Walker <amanda@intercon.UUCP> InterCon Systems Corporation
mhw@wittsend.LBP.HARRIS.COM (Michael H. Warfield (Mike)) (05/25/89)
In article <6200023@hpindda.HP.COM> tozz@hpindda.HP.COM (Bob Tausworthe) writes: >However, because the algorithm for using masks is to perform a logincal AND >and test for equality, technically 255.255.0.255 could be used as a mask. >Or could it? >1) is a mask such as 255.255.0.255 even legal (i.e. conform to specifications) From RFC 950 (p6): : For example, on a Class B network with a 6-bit wide subnet field, : an address would be broken down like this: : : 1 2 3 : 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ : |1 0| NETWORK | SUBNET | Host Number | : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ : : Since the bits that identify the subnet are specified by a : bitmask, they need not be adjacent in the address. However, we : recommend that the subnet bits be contiguous and located as the : most significant bits of the local address. So yes it is legal, but no it is not a good idea per the recommendation. You may even cause serious network problems due to bugs in some vendors implimentations. A while back, VAX's managed to send a mangled subnet mask in reply to an Address Mask ICMP which resulted in interesting effects in SUN systems. It even resulted in a new term in our vocabulary - Broadcast Storm :-). Some vendors of tcp/ip code for PC's (Hi FTP) specify the subnet in their configuration as "n" bits, where n is the number of bits in the subnet field. This software obviously is only going to work where the subnet mask is contiguous and adjacent to the network address. The alternative to all of this is proxy arp, where these hosts don't even know they are subneting. The subneting is handled and hidden by your routers. I don't know of ANY routers that will handle obscure subnet like what you're asking about though, but that certainly doesn't mean there aren't any! I won't get into any arguments over who is broke or who is supporting what recommendations, after all we still got vendors out there that don't even support subnetting outside of proxy arp! --- Michael H. Warfield (The Mad Wizard) | gatech.edu!galbp!wittsend!mhw (404) 270-2123 / 270-2098 | mhw@wittsend.LBP.HARRIS.COM An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!
zdwcv@dcatla.UUCP (Wm. C. VerSteeg) (05/26/89)
In article <6200023@hpindda.HP.COM> tozz@hpindda.HP.COM (Bob Tausworthe) writes: > >1) is a mask such as 255.255.0.255 even legal (i.e. conform to specifications) > >2) does anybody know of a network user whose mask is of the form above. > > tozz@hpda.hp.com RFC950 clearly states that subnet bits need not be contiguous. However, I have not seen any networks that have been configured to use non-contiguous masks. I have been looking at a situation where a host sends a bogus ICMP mask reply. The device who is looking to resolve his network mask sees this reply and trusts it. This device then can't talk to his own local network, because he has accepted a bogus network mask. A human looking at address masks can probably decide whether or not a particular mask is bogus or not. For instance, a mask reply on a class C network of 101.214.1.77 is obviously bogus. Is there an algorithm for determining whether to trust a mask response? The obvious solution to this problem{is to shoot the person who wrote the code that returns the bogus mask but this is not very pratical (|-)). What I would like to do is use some code that throws away the obviously bad responses. Is there an algorithm in use to do this ? Bill VerSteeg
braden@VENERA.ISI.EDU (05/27/89)
For instance, a mask reply on a class C network of 101.214.1.77 is obviously
bogus. Is there an algorithm for determining whether to trust a mask response?
...
Bill VerSteeg
Bill,
The IETF Host Requirements Working Group pondered this problem, and
here is the best we could come up with (from Section 3.2.2.9 of the
Host Requirements/Communication Layers RFC draft):
It is recommended that the host make the following "sanity
check" on any address mask it installs: the mask MUST NOT be
all 1 bits, and it MUST be either zero or else the 8 highest-
order bits MUST be on.
Your example would in fact fail this check, but lots of bogus
masks would pass. We too would like to know of any better ideas.
Bob Bradenjbvb@VAX.FTP.COM (James Van Bokkelen) (05/30/89)
Long ago, we let users type in the raw, seething subnet mask itself (255.???.???.???), but they got it wrong a lot of the time, and since there are many PCs, the effect was large. We decided to make it easier on them (and their network administrators), and enhanced the configuration code to just ask for the number of subnet bits (a much simpler question to ask/answer), while deriving the actual mask from the number of bits and the IP address in use. The underlying IP module uses the mask itself, not the number of bits. If anyone *needs* non-contiguous masks, it would take about an hour for someone equipped with our developer's kit to write a program that set the mask itself. If they were a little more patient, we'd do it for them (might take a release cycle). Summary: we feel we must weigh flexibility against complexity here. James B. VanBokkelen 26 Princess St., Wakefield, MA 01880 FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901