Using CIDR notation for IPv4/IPv6 addresses
You can use CIDR (Classless Inter-Domain Routing) notation to enter an IPv4 mask-length or an IPv6 prefix-length with a source and destination address that are used as match criteria in a match/ignore statement. The switch interprets the IP address with CIDR notation to compute the range of corresponding IP source or destination addresses in packet headers that are considered to be a match for the traffic class.
When the switch uses a match/ignore statement to compare an IP address and corresponding mask/prefix length to the IP source/destination address carried in a packet, the IPv4 mask-bit settings and IPv6 prefix-bit settings select packets in different ways.
- An IPv4 mask length creates a mask in which:
A mask-bit setting set to 0 (off) requires the corresponding bit in a packet's IPv4 source/destination address to be the same binary value as the mask-bit in the matching IPv4 source/destination address.
- A mask-bit setting set to 1 (on) is used as a wildcard and allows the corresponding bit in a packet's IPv4 source/destination address to be either binary value (0 or 1).
How CIDR notation is used with IPv4 SA/DA match criteria IPv4 Source/Destination address used with CIDR notation in a Match/Ignore statement
Resulting mask
Range of IPv4 addresses selected by the match criteria
10.38.240.125/15
0.1.255.255
The leftmost 15 bits must match; the remaining bits are wildcards.
10.38.240.125/20
0.0.15.255
The leftmost 20 bits must match; the remaining bits are wildcards.
10.38.240.125/21
0.0.7.255
The leftmost 21 bits must match; the remaining bits are wildcards.
10.38.240.125/24
0.0.0.255
The leftmost 24 bits must match; the remaining bits are wildcards.
18.38.240.125/32
0.0.0.0
All bits must match.
- An IPv6 prefix-length creates a mask in which:
A mask-bit setting set to 1 (on) requires the corresponding bit in a packet's IPv6 source/destination address to be the same binary value as the mask-bit in the matching IPv6 source/destination address.
A mask-bit setting set to 0 (off) is used as a wildcard and allows the corresponding bit in a packet's IPv6 source/destination address to be either binary value (0 or 1).
How CIDR notation is used with IPv6 SA/DA match criteria IPv6 source/destination address used with CIDR notation in a Match/Ignore statement
Resulting mask
Range of IPv6 addresses selected by the match criteria
2001:db8:0:7::5/64
FFFF:FFFF:FFFF:FFFF::
The leftmost 64 bits must match; the remaining bits are wildcards.
2001:db8:0:7::5/72
FFFF:FFFF:FFFF:FFFF:FF00::
The leftmost 72 bits must match; the remaining bits are wildcards.
2001:db8::244:17ff:feb6:d37d/126
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFC
The first 126 bits mst match; the C value in the mask allows four possible combinations (D37C, D37D, D37E, and D37F) in the last block of a matching IPv6 address.
2001:db8:0:7:af:e2:c1:5/128
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
All bits must match.
NOTE:Although IPv4 and IPv6 masks are applied in opposite directions:An IPv4 mask-length is applied from right to left, starting from the rightmost bits.
An IPv6 prefix-length is applied from left to right, starting from the leftmost bits.
The behavior of IPv4 and IPv6 masks as match criteria and wildcards is the same.