Re: Proposal to apply mask to IP address set on rule

To: tech-net%NetBSD.org@localhost
Subject: Re: Proposal to apply mask to IP address set on rule
From: Christoph Badura <bad%bsd.de@localhost>
Date: Sat, 24 May 2025 01:08:17 +0200

On Fri, May 23, 2025 at 03:59:04PM -0400, Mouse wrote:
> > [...] masked bits.[*]
> 
> > [*] Note that that would include non-contiguous masks.  I'm aware
> > that they are out of fashion (and for good reasons).
> 
> I don't entirely understand why, possibly excepting how little-used
> they always were (I think I'm the only person I've ever even heard of
> who used a noncontiguous netmask other than for testing - for some
> years my house netmask was 255.255.255.216, I think it was).

In the 2000s there was a large network provider here in Germany that
ran a VPN scheme using non-contiguous netmasks.  They also used FreeBSD
based firewalls in that network.  So it was important for them that
support for non-contiguous masks wasn't removed from the networking
code.

The biggest reason for deprecating them was the growth of the routing
tables in the routers connected to the backboe and the pressure to
aggregate routes.  Something that isn't practically possible if
non-contiguous routes are in widespread use.  So with the switch to CIDR
people started to take a dim view of non-contiguous netmasks.

--chris

Follow-Ups:
- Re: Proposal to apply mask to IP address set on rule
  - From: is

References:
- Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Christoph Badura
- Re: Proposal to apply mask to IP address set on rule
  - From: Mouse

Prev by Date: Re: Proposal to apply mask to IP address set on rule
Next by Date: Re: Proposal to apply mask to IP address set on rule
Previous by Thread: Re: Proposal to apply mask to IP address set on rule
Next by Thread: Re: Proposal to apply mask to IP address set on rule
Indexes:

Home | Main Index | Thread Index | Old Index