[Xorp-hackers] [Xorp-users] Policy network4 operator
Pavlin Radoslavov
pavlin at icir.org
Fri Nov 17 13:12:02 PST 2006
> > "network4 shorter 10.0.0.0/8" SAME AS "network4 > 10.0.0.0/8"
> > "network4 orshorter 10.0.0.0/8" SAME AS "network4 >= 10.0.0.0/8"
>
> [snip]
>
> > Note that the last three keywords (shorter/orshorter/not) don't
> > exist in Juniper, so feel free to suggest better names.
>
> What networks you'd expect to match these conditions? Ok, 10.0.0.0/8 would
> match "orshorter" but point being ... ?
I don't understand your question. Are you asking me to explain how
the above two operators work, or are you asking why someone wants to
use them?
If it is the former:
Recall that currently "network4 <= 10.0.0.0/8" means all networks
that are SUBSETS of 10.0.0.0/8 (i.e., that are contained by
10.0.0.0/8). Those are 10.0.0.0/8, 10.0.0.0/9, 10.128.0.0/9, and so
on.
The ">=" operator is just the opposite: "network4 >= 10.0.0.0/8"
means all networks that are SUPERSETS of 10.0.0.0/8 (i.e., that
contain 10.0.0.0/8). Those are 10.0.0.0/8, 10.0.0.0/7, 8.0.0.0/6,
8.0.0.0/5, 0.0.0.0/4, ... 0.0.0.0/0.
The ">" operator is similar to the ">=" except that the 10.0.0.0/8
network itself is excluded (i.e., this is a strict superset).
Here is another explanation in term of the proposed
"orshorter/orlonger" keywords:
The "orshorter" keyword is just the opposite of "orlonger": with
"orlonger" the prefix length can be longer (8, 9, 10, ...), while
with "orshorter" the prefix length can be shorter (8, 7, 6, ...).
If it is the latter:
I cannot give you a real-world example when exactly you need them,
but they are there to complement the traditionally used longer
prefix matching rules.
Pavlin
More information about the Xorp-hackers
mailing list