Important question on McGahan ACL consolidation

Hi, I saw the post from our noble McGahan and that was an interesting way to consolidate two complex ACLs.

http://blog.ine.com/2007/12/26/q-how-do-i-compute-complex-wildcard-masks-for-access-lists/comment-page-1/#comment-237583

Question:
Let's say if you are asked to consolidate in minimal entries, without any leakage, the following:
106.157.10.0/24

106.181.22.0/24

107.189.11.0/24

107.245.23.0/24

My conclusion is that without allowing any leakage I can't consolidate the above. I applied the AND and XOR method (for the first two entries and the the bottom 2 entries 107.) McGahan showed us and I came up with:

access-list 1 permit 106.149.2.0 0.40.28.255

access-list 1 permit 107.181.3.0 0.72.28.255

The problem is that I see other networks are caught by this.
Can someone confirm I am right that I can't consolidate these ACLs without leakage?

 

Comments

  • Hello,

    Yes, I found that there will be leakage, if reverse mask is not one of 128, 64, 32, 16, 8, 4, 2, 1. That is if reverse mask is having >= 2 set bits then there can be leakage while trying to consolidate 2 addresses. Please correct me if wrong.

    Thanks and Regards,

    Dinesh

Sign In or Register to comment.