Hi Guys - I understand that one of the rules that must be met before we can summarise a route is that the “networks must share the same high-order bits.”
In terms of route summarisation, does this mean the first two octets of an ipv4 address?
I’ve been researching online and have found that ‘high-order’ is a term applicable in other areas of networking. What does it actually mean?
Thanks,
Gareth.
Hello Gareth
High order bits in any binary number simply means the leftmost bits. This is sometimes referred to as the most significant bits. So it is true that in order to summarise several routes in a single summary route, at least one of the leftmost bits must be the same in all routes you want to summarise. If there are no leftmost bits that are the same then you can’t summarise. For example, 10.10.10.0/24 and 212.11.11.0/24 have no leftmost bits the same. Even from the first leftmost bit, they are different, as the first starts with a 0 and the second with a 1 in binary.
Actually what it means is that one or more leftmost bits must be the same in order to summarise. And actually, the number of bits that are the same, counting from left to right, will determine the actual summary route. Just like it was done in the lesson, you get all routes into binary and start looking at all of them from left to right. At the very first instance where there is a difference in them, even in only one route, you have found the subnet mask to use. In this way, you find the total number of higher order (leftmost) bits that are the same in all routes, and you’ve found the subnet mask.
I hope this has been helpful!
Laz
Thanks Laz - so how many leftmost bit are there in an ipv4 address?
Hello Gareth
The number of leftmost bits used for a summarisation can vary. For example, if you have the following networks:
10.10.0.0/24
10.10.1.0/24
10.10.2.0/24
10.10.3.0/24
…then you have to find the maximum number of leftmost bits for which these networks are the same. Allow me to use decimal for the first two octets, and binary for the next two, to illustrate this:
10.10.00000000.00000000
10.10.00000001.00000000
10.10.00000010.00000000
10.10.00000011.00000000
How many leftmost bits are the same for these four networks? The first 22 bits for all four networks are the same, but the 23rd bit changes. So the leftmost bits that do not change, define the summary address which will be:
10.10.0.0 with a subnet mask of /22 which is 255.255.252.0.
So the leftmost bits for this particular example which remain the same, is 22, and this defines the summary address for this specific set of networks.
If we use the following networks:
192.168.10.128/26
192.168.10.192/26
then the number of leftmost bits will be different for the summary address. Doing the same exercise (this time I’ll write the first three octets in decimal, and the fourth in binary):
192.168.10.10000000
192.168.10.11000000
How many leftmost bits are the same? 25, because the 26th bit, counting from the left, changed. So the summary address will be
192.168.10.128 with a subnet mask of /25 which is 255.255.255.128. So this is the summary address.
I hope this has been helpful!
Laz
Going through the binary it is simply a waste of time.
While taking an exam there is no time for this shenanigans, we should skip the conversion crap and go directly to counting the subnets and then eventually use block size.
Very difficult for me to understand why we always go for the most complicated and stressful way instead making our life easier.
Certainly converting from decimal to binary ain’t going to make anyone smarter, nor will ease path toward a PHD.
Hello Dan
You’re right that converting to binary is not something that you should be doing in an exam, especially with the time constraints involved!
However, the purpose of doing it this way in the specific lesson is so that readers are able to understand how a router actually interprets IP addresses, subnets, and subnet masks. Routers inherently use binary, there’s no way of getting around that.
By understanding the underlying logic, it becomes a lot easier to understand how it works, and it also becomes a lot easier to interpret and quickly answer related exam questions, and more importantly, real-life scenarios where route summarization and related operations take place.
So I wouldn’t dismiss the binary conversion so readily as a tool for learning and understanding the concepts involved. Once you have a solid understanding of this, you can then go on to using simpler methods such as those found in the following lesson:
You will find that it will be much easier to understand if the binary conversion is first understood.
I hope this has been helpful!
Laz
Hello
Does the trick also works for networks, which have not all the same subnet mask?
For example:
Hello Manuel
The “trick” is used only when you are determining the summary-address of multiple /24 networks. If you want to find the summary address for the list of networks in your post, you’ll have to use binary. It’s actually not that difficult…
Just one note here however. In your list, you do not have network addresses, but specific IP addresses. In order to perform route summarization, you must use the network addresses of these networks. Why? Because summarization takes place in the routing table, and the routing table only has network addresses, and not addresses of specific hosts. The results may be the same, but it more closely matches what’s going on in the router.
So the network addresses of the IP addresses you have listed are:
The first two octets are the same, so we’ll keep those in decimal for simplicity. I’ll convert the third and fourth octets to binary:
Next, find the leftmost bits that remain the same for all addresses. It looks like it’s the first 22 bits that remain the same, which I’ve made bold. So the summary address is:
209.165.00001000.00000000 with a subnet mask of /22.
In dotted-decimal format, that’s 209.165.8.0/22 or a subnet mask of 255.255.252.0.
I hope this has been helpful!
Laz
For
192.168.0.0 / 24
192.168.1.0 / 24
192.168.2.0 / 24
192.168.3.0 / 24
192.168.4.0 / 24
the summary 192.168.0.0/21 is an inclusive summary since it includes network prefixes you do not own causing routing anomalies. its prudent to create an exclusive summary to avoid this issue. In practice you are allowed to adversie multiple exclusive asummary routes.
So, I would summarize the firsr 4 as:192.168.0.0/22 and leave the last one as it is
The summary route/s that get advertized: 192.168.0.0/22, 192.168.4.0/24.
Rajan
CIDR aggregation rules state that- to get a perfect (exclusive) summary:
–the number of addresses in the block should be a power of 2 and
–the interesting octet (the one whose value varies) of the first address must be evenly divisible by total number of addresses in the block.
So the block (shown below) being discussed satisfies both these conditions:
172.16.0.0 / 16 subnet mask 255.255.0.0
172.17.0.0 / 16 subnet mask 255.255.0.0
172.18.0.0 / 16 subnet mask 255.255.0.0
172.19.0.0 / 16 subnet mask 255.255.0.0
172.20.0.0 / 16 subnet mask 255.255.0.0
172.21.0.0 / 16 subnet mask 255.255.0.0
172.22.0.0 / 16 subnet mask 255.255.0.0
172.23.0.0 / 16 subnet mask 255.255.0.0
If this is the case, then 2^3 =8 = number of addresses in the block.
Subtract 3 from the original mask /16 to get the mask for the summary= /13
Rajan
Hello Rajan
Thanks for sharing this post, you explain it very well.
Concerning your first explanation dealing with inclusive and exclusive summaries. For a simple summary as that in the post, you could indeed create multiple exclusive summary routes as you have done. For a more complex series of addressing, you may find in practice that it is not so efficient to try to make your summaries exclusive. The benefits of exclusive summaries are often outweighed by the complexity of configuration needed. In most cases, when you create such summaries, you are in control of the IP addressing that takes place too. So if you’re careful with your addressing, you will most often find that creating inclusive summaries is usually preferable. But ultimately, each case should be examined individually to determine what is best.
Concerning your second explanation, that is all correct. However, if you are responding to Rene’s previous post, you will find that he is summarizing at the third octet.
Thanks for the detailed post, and as always, I hope this has been helpful!
Laz
Hi Lazaros,
regarding the first part, I am not sure where the complexity lies. We create and use exclusive summaries all the time on our Junos core routers on a large scale… Ideally, inclusive summary could be useful when not all the pefixes are allocated from the address range that you own. In this instance, packets that are destined to networks that don’t physically exist do arrive at the correct destination where they can be dropped.
But when your summary include addresses outside of the address range which is currently under your jusrisdiction, it leads to issues. The summarization must exclude prefixes that are not explicitly listed, because these prefixes may actually be used in some other part of the network. This seems to be the best practice that we religiously follow.
Coming to the second part – No, I wasnt specifically responding to Rene’s post.
i am not sure what you mean by the third octtet. The parent mask /16 spans the first 2 octets. Consequently any summary/aggregate you generate will have a mask shorter than the parent mask.
In fact, if you follow the CIDR rules and observe block is satisfying these rules then intuitively you know that this first address is actually your summary address. To determine the mask you simply count the number of addresses in the block as a power of 2 and subtract from the parent mask.
In this case 2 ^3 = 8. So, just subtract 3 from 16 to get your summary mask /13.
Verification
(parent mask) 16- (summary mask)13=3.
2^3=8 which is the exact number of prefixes in the contained in the block. Thats your exclusive summary.
If you have a block that does not satisfy the CIDR rules then you either end up with multiple exclusive routes or in the worst case an inclusive summary route.
Take the case:
172.16.30.0/24
172.16.31.0/24
172.16.32.0/24
172.16.33.0/24
172.16.34.0/24
172.16.35.0/24
Here, the number of addresses in the block is not a power of 2 although the interesting octet in the first address is evenly divisible by the number of addresses in the block. We cannot create a single exclusive summary.
In this case, we end with two summaries which would cover this address range.
172.16.30.0/23
172.16.32.0/22
Hello Rajan
On an extensively large enterprise network, let’s say you have the following networks and you want to exclusively summarize them:
10.10.10.0/25
10.20.0.0/16
10.38.55.16/30
10.38.56.0/23
10.38.58.0/24
192.168.6.0/24
192.168.7.0/24
192.168.8.0/23
192.168.10.0/23
192.168.16.0/23
172.16.88.0/26
172.16.88.128/25
172.16.90.0/24
172.16.91.0/24
172.16.92.0/24
172.16.95.0/25
You can of course summarize them exclusively, reducing the number of router table entries from 16 to say 9 or 8 (I haven’t really checked). What happens if you add a network, you have to go back and re-summarize to make sure that you are including that new network. What happens if you remove a network in the future, or you add two more? This increases the complexity of administration. And this is just 16 subnets. Imagine 200 subnets of different sizes. It can be done of course, and in some cases, as I’ll mention below, it must be done, but the complexity of administration increases.
Agreed, absolutely with you. There is no choice when that is the case. The choice then begs the question, is it worth it to summarize exclusively or should I not summarize at all? That’s the question that should then be asked, and sometimes the answer is yes I will summarize exclusively, even if that means I have to reexamine my summarization every time my networks change.
My mistake! I was referring to another lesson. Rene is indeed doing the same summarization on the same list of IP addresses. As I mentioned in my previous post, your explanations are all correct, and I agree with you.
I hope this has been helpful!
Laz
One other difference. Supernetting was a technique specific to class C networks. It was a way to concatenate class C networks to form a larger network as Lazaros highlighted which was connected to a single router interface (in some sense it looked like a one armed router). So, technically its not a classless scheme. The default mask that you start with is /24 used for class C addresses. You need to borrow bits form the third octet starting from least signicant bit moving towards the most significant bit (opposite of subnetting) to define your supernet mask.
CIDR on the other hand does not recognize classes. So with CIDR in place, superneetting is no longer required.
Supernetting was specified in RFC 1338 which was published in June 1992 whereas CIDR was first specified in RFC 1519 which was published much later in September 1993. These are two independant techniques and CIDR obsoletes Supernetting.
Can you explain more clearly how to do route summarization for this one
Hello Pavan
Sure, let’s take a look. Here is the list of subnets once again:
172.1.4.0/25
172.1.128.0/25
172.1.5.0/24
172.1.6.0/24
172.1.7.0/24
The first thing you’ll notice is the 172.1.128.0/25 subnet. The third octet is numerically “far away” compared to the others. You can see this more clearly if we look at the addresses in binary:
10101100.00000001.00000100.00000000
10101100.00000001.10000000.00000000
10101100.00000001.00000101.00000000
10101100.00000001.00000110.00000000
10101100.00000001.00000111.00000000
Notice that all the non-bold bits are the same for all addresses. The first bit (from left to right) that differs between all of the values is the 17th bit, and that takes place in the 172.1.128.0 address.
So if we want to summarize all of these, we must use a /16 subnet, because only the first 16 bits are the same. So, the summarization in binary would be:
10101100.00000001.00000000.00000000 with a subnet mask of 11111111.11111111.00000000.00000000
In dotted decimal, that would be 172.1.0.0/16
However, this summarization would include many more subnets than just these five. Specifically, this summarization includes the range from 172.1.0.0 to 172.1.255.255. Such a large range may include subnets that exist elsewhere. It is for this reason that it is best practice to summarize into two different subnets, one including only the 172.1.128.0/25 network, and another including the rest. Here are the binary addresses once again, but without the 172.1.128.0/25 network:
10101100.00000001.00000100.00000000
10101100.00000001.00000101.00000000
10101100.00000001.00000110.00000000
10101100.00000001.00000111.00000000
This time you can see that the 22 leftmost bits are the same, and there are differences only from the 23rd bit. For this reason, we can summarize these like so:
10101100.00000001.00000100.00000000 with a subnet mask of 11111111.11111111.11111100.00000000
Or in decimal, 172.1.4.0/22 which is what Rene came up with in his post.
So ultimately, the summary of the original question would come down to two summarizations:
172.1.4.0/22 and 172.1.128.0/25. This would be the most efficient result.
I hope this has been helpful!
Laz
I’m reviewing an answer you gave to Gabriel in 2015 to get a better understanding of subnetting. To get to the number of networks, are you using this calculation, which is based on default network prefix length for each Class?
/24: 2^0 = 1 network (24-24=0)
/23: 2^1 = 2 networks (24-23=1)
/22: 2^2 = 4 networks (24-2=2), etc.
Hello Jim
First of all, let me just indicate that when Rene mentioned a “network” he is referring to a subnet of size /24, that is, with 256 host addresses (254 + network and broadcast). A network does not strictly need to be /24 as it can indeed be classless, however, for the purposes and constraints of this lesson and this topic, it is assumed that a “network” refers to a /24 subnet.
Now having said that, using your calculation would indeed result in the values that Rene has in his post. It is mathematically correct. However, I believe that Rene is simply listing the sizes of subnets in descending order, and just doubling the number of networks for each. It’s kind of like a “cheat sheet” that you can use for future reference.
You can continue the sequence by reducing the number of the slash prefix and doubling the number of networks all the way down to the /0 prefix if you like, and you’ll have all of the values necessary for any subnetting endeavor you may need, assuming you are sticking with /24 networks. Does that make sense?
I hope this has been helpful!
Laz