A wildcard mask is similar to a subnet mask in that it uses the ANDing process to identify which bits in an IPv4 address to match.
THE RULES
There are two basic rules of a wildcard mask.
· 0-bit = match
· 1-bit = ignore
THE TARGETS
What can wildcard masks target?
· A single host (or a single IP address)
· An entire network (i.e., Class A, B, or C)
· An entire subnet
· A range of IP addresses
Targeting a Single Host
To target a single host with a wildcard means that every bit within the IP address of the host must match. The bit that means we are matching is a zero (0-bit). So, a wildcard mask for a host would be — 0.0.0.0
Targeting an Entire Network
To target an entire network means that every bit within the NETWORK portion of the IP address must match. All others we can ignore. So, for a Class-C network (i.e., 192.168.1.0) the wildcard mask would be — 0.0.0.255
Targeting a Subnet
To target a particular subnet, we will still need to match on every bit on the NETWORK portion, however now we need to find the proper bit boundary in the last octet used by our network. So, for example we need to find the wildcard mask for the network 192.168.1.128/25.
The easiest way to do this is to simply subtract the subnet mask (255.255.255.128) from 255.255.255.255. 255.255.255.255 minus 255.255.255.128 equals a wildcard mask of — 0.0.0.127
Targeting a Range of IP Addresses
To target a range of IP address is where we begin to see how the wildcard mask is different from just a reverse of a subnet mask. The same rules apply 0-match, 1-ignore. If we have a range of 192.168.0.0 through 192.168.1.255, we can match at the 23rd bit. This would allow only the two networks to be targeted. The wildcard mask would be 0.0.1.255
Writing this out in binary helps. We know we want to match on the entire 1st and 2nd octets. That part is easy – both are zeros. It’s the third octet that is the trick. Let’s break that third octet out in binary
192 168.0. ---- binary 00000000
192.168.1. ---- binary 00000001
If you look here the bit, we want to match on is the 23rd bit. The subnet mask for a slash 23 is 255.255.254.0. We then subtract it from 255.255.255.255 to get our wildcard which is 0.0.1.255
Pretty cool huh?
Target all even Networks or all odd Networks
If we need to route all even networks in the 192.168.0.0 block of space. Where can we match within the third octet that will allow us to do this. Once again, we need to break it out in binary to see it more clearly.
192 168.0. ---- binary 00000000
192.168.1. ---- binary 00000001
192.168.2. ---- binary 00000010
192.168.3. ---- binary 00000011
192.168.4. ---- binary 00000100
192.168.5. ---- binary 00000101
192.168.6. ---- binary 00000110
192.168.7. ---- binary 00000111
If look you can see the last bit of the third octet (bit 24) is a zero for every even network. The value for this bit is 1. We can match on this last bit to target the even network by taking the inverse of 1 to get 254. (255-1). The wild card mask for this would be 0.0.254.255.
