1 2 Previous Next 16 Replies Latest reply: May 20, 2011 1:32 PM by dkelley RSS

    Wildcard Mask VS Subnet Mask



      Hi Guys,



      Here is a question that has always disturbed me from the day I came to know of these two words:



      1. Subnet Mask



      2. Wildcard Mask






      When we configure an IP address on an interface, when we give network command in DHCP pool, when we specify the inside global range in NAT Pool we use SUBNET MASK



      When we configure networks in OSPF, when we configure networks in EIGRP (not compulsory though), and in ACLs, we use WILDCARD MASK.



      Why had CISCO experts decided to use two different concepts to accomplish the same aim ?



      For example,


      / ( WildCard Notation) specify IP Range to





      / (Subnet Mask Notation) also specify the same IP Range to



      Then why did CISCO programmers preferred using two concepts while developing protocols Although single concept would have solved their problem..






      Where am I lacking in the understanding of these concepts ?






      Please note that I am not asking how to use these concepts or where to use them , Rather My question is why to use TWO concepts instead of one ??



      Kindly elucidate,,...












        • 1. Re: Wildcard Mask VS Subnet Mask
          Scott Morris - CCDE/4xCCIE/2xJNCIE


          Dude... This is CLEARLY in the Vast Collection of Useless Knowledge department... And it scares me that I know the answer.



          Can we play Cisco Trivial Pursuit?



          Anyway... Access Lists actually came before subnet masks. Remember way back when we lived in an evil classful world. So back in like 1985, when access-lists came about it was actually easier to code in assembler to do a NAND operation instead of an AND. Thus the wildcarding.



          When we evolved into subnets (isn't everyone studying for their CCENT/CCNA exams so incredibly happy about that progress?) someone figured out not only that normal human beings weren't used to thinking "backwards" like the ACL masks, but there had to be some backwards compatibility with all the ancient IOS versions. So subnet masks being "new' took their own form. ACLs being "legacy" stayed the same.



          And thus is life.



          I'm going to bed now. I win.










          • 2. Re: Wildcard Mask VS Subnet Mask

            Hi Chetan


            The NAND gate were one of the faster instructions.



            The logic is (0,0)->1 (0,1)->1 (1,0)->1 but (1,1)->0



            So if you have a address 11110000 (240) NAND 00001111 you get 11111111



            For 11111111 (255) NAND 00001111 you get 11111111



            So you know the first four bits are 1111 which is what you are testing and the bottom four you could not care about



            And the final result is all 1's or True.



            I must admit I had forgotten all this see (http://www.cs.bu.edu/~best/courses/cs101/S95/lectures/FromTransistorsToGates.html )



            Regards Conwyn

            • 3. Re: Wildcard Mask VS Subnet Mask

              Hi Conwyn,


              I'm not sure that the NAND function can be used as a mask.

              Truth table for NAND, AND and OR is .....

              A B NAND AND OR

              0 0 1 0 0

              0 1 1 0 1

              1 0 1 0 1

              1 1 0 1 1


              Lets look at two 8 bit numbers 163 (10100011) and 227 (11100011) and use a wild card mask of 15 (00001111) to "ignore" the lower four bits, and thus compare 160 with 224 which should not match. Then use a subnet mask 240 (11110000).


              Using the NAND function

              10100011 (163)

              00001111 ( 15)

              11111100 (252)


              11100011 (227)

              00001111 ( 15)

              11111100 (252)


              The result of the operation on these two different yields the same value. Therefore this cannot work as a mask function!


              Lets try using the AND Function (which we know works).

              AND function

              10100011 (163)

              11110000 (240)

              10100000 (160)


              11100011 (227)

              11110000 (240)

              11100000 (224)

              This works, it correctly separates higher bits and ignores lower bits with 0's


              Now lets try the wild card mask and the OR function.

              OR function

              10100011 (163)

              00001111 ( 15)

              10101111 (175)


              11100011 (227)

              00001111 ( 15)

              11101111 (239)

              This also works, it correctly separates higher bits and ignores lower bits with 1's


              Is my thinking correct here?



              • 4. Re: Wildcard Mask VS Subnet Mask

                It looks like the Rich text/space compression is intent on messing up my truth table

                so here it is on separate lines

                A B NAND

                0 0 1

                0 1 1

                1 0 1

                1 1 0


                A B AND

                0 0 0

                0 1 0

                1 0 0

                1 1 1


                A B OR

                0 0 0

                0 1 1

                1 0 1

                1 1 1



                • 5. Re: Wildcard Mask VS Subnet Mask


                  Hi Charles



                  I think you have mis understood the purpose of the wild card mask is to check whether all bits are set in the 0 part of the mask so 15,14,13,12 can be compared with the mask 12 (0011). We were speculating about NAND



                  Let me have a think. It night here.



                  Regards Conwyn



                  • 6. Re: Wildcard Mask VS Subnet Mask





                    This is in reference to your above post where you concluded that NAND cannot work as mask-function



                    I have read in Computer Architecture Book, that you can create all universal gates AND, OR. NOT etc..with the help of NAND gate only..



                    So perhaps..the correct logic is to get the result of AND operation using NAND gates...



                    And not using NAND operation as it is..



                    This can be easily done..






                    • 7. Re: Wildcard Mask VS Subnet Mask
                      B Haines


                      I have a quick question. I have heard two separate statements in regard to subnet masks and wildcard masks. One side said that they are inversely proportional (which is what I have always seen) but I have read statements where it is stated that there is no relation and that they are NOT inversely proportional... Any insight?



                      By the way, congratz.. Jeremy Ciaora (from CBTNuggets videos) didn't know the answer to the above question either.. said so in the CCNA videos)..

                      • 8. Re: Wildcard Mask VS Subnet Mask

                        Hi Chetan,


                        I agree the NAND gate was/is the building blocks of the other Logic gates. However the way I read the original reply to post was the NAND operation was used with a wildcard mask.



                        • 9. Re: Wildcard Mask VS Subnet Mask

                          Hi Scott,


                          In my opinion yes! In fact I use this the check that I formulated my wildcard masks appropriately


                          Consider a 16 bit mask (old class B) this would be now to represent this as a wildcard mask, so adding (OK Logical OR) the two together we get Now this works at any bit boundary you may care to use.

                          subnet mask = WC mask => This has saved me many times





                          • 10. Re: Wildcard Mask VS Subnet Mask
                            Scott Morris - CCDE/4xCCIE/2xJNCIE


                            Excellent! So I know something Jeremy doesn't. I'm sure there's plenty of things that he knows which I don't!



                            As far as the proportional thing goes that's a "yes and no" kinda thing.



                            From the standpoint of if I want to filter a /24 with a mask, I'll use a ACL mask that's true. A /28 would be with an inverse mask of



                            But they are not directly RELATED to each other since in the mask (subnet) we draw a line between host/network. In an ACL, each bit is treated individually.



                            I don't want to go too deep because my goal is not to make CCNA's brains prematurely explode with things that aren't necessary for their exams! If you do want to dive into the ACL stuff more, I'd suggest checking out my blog entries on blog.internetworkexpert.com and just put "binary math" in the search field.



                            but that's an IF YOU WANT thing, and it's not needed for the CCNA/NP exams!






                            • 11. Re: Wildcard Mask VS Subnet Mask


                              Hi Scott



                              Just to put another spin on this. The early machines did not have storage to storage operation move A,B. they only had an accumulator so add A,B = move A to Accumulator, add B to Accumulator, Store accumulator in A.



                              The test A equals B was move A to accumulator, subtract B from accumulator so if A=B accumulator = zero and then we would have a Jump if Zero instruction. In this working ZERO was true whereas nowadays you see the higher voltage 1 being on/true.



                              The process we are trying to define is really (NOT mask) AND value (mask,value,result) ={(0,0,0),(0,1,1),(1,0,0),(1,1,0)} and this looks like a AND table rotated anticlockwise, Hence perhaps there was not a super clever method of checking bits



                              Regards Conwyn



                              • 12. Re: Wildcard Mask VS Subnet Mask




                                I think the discussion on NAND / Wildcard mask has (nearly ) reached the limit of usefulness for the thread at large.

                                However I enjoy trying to figure out how some of these more obscure processes are actually implemented. So with that in mind, I still don't follow where the NAND logic operation helps with (essentially) doing a comparison between to binary values. The mask process works with contiguous (Subnet) OR non-contiguous masks.


                                I can see how NAND / Subnet mask will yield a complemented value of a binary value.






                                So when 2 addresses (say) are NAND'd with a subnet type mask and the results compared, a match will correctly be identified.




                                • 13. Re: Wildcard Mask VS Subnet Mask
                                  B Haines

                                  Thanks Scott,


                                  Checking it out now!

                                  • 14. Re: Wildcard Mask VS Subnet Mask
                                    B Haines

                                    By the way Scott, I love your site.. Where else can one read on how to xConnect pseudowires with VPLS and the like??? Constantly flipping from there to the internet so that I can figure out what's going on.. LoL


                                    Thanks again for the binary link! It's giving me some trouble at the moment (still on part 1.. LoL) but it's a challenge and a learning experience!

                                    1 2 Previous Next