tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Proposal to apply mask to IP address set on rule
On Fri, May 23, 2025 at 03:59:04PM -0400, Mouse wrote:
> > [...] masked bits.[*]
>
> > [*] Note that that would include non-contiguous masks. I'm aware
> > that they are out of fashion (and for good reasons).
>
> I don't entirely understand why, possibly excepting how little-used
> they always were (I think I'm the only person I've ever even heard of
> who used a noncontiguous netmask other than for testing - for some
> years my house netmask was 255.255.255.216, I think it was).
In the 2000s there was a large network provider here in Germany that
ran a VPN scheme using non-contiguous netmasks. They also used FreeBSD
based firewalls in that network. So it was important for them that
support for non-contiguous masks wasn't removed from the networking
code.
The biggest reason for deprecating them was the growth of the routing
tables in the routers connected to the backboe and the pressure to
aggregate routes. Something that isn't practically possible if
non-contiguous routes are in widespread use. So with the switch to CIDR
people started to take a dim view of non-contiguous netmasks.
--chris
Home |
Main Index |
Thread Index |
Old Index