Routing (source) policy CIDR limit?

Hi,

Does anyone know if this is an intentional limit on network size for policy routing, or am I hitting a bug here?

luke@vm-fw-a# set policy route MA-OUT-502 rule 37 source address ‘192.168.67.0/23’
Error: 192.168.67.0/23 is not a valid IPv4 address range
Error: 192.168.67.0/23 is not a valid IPv4 prefix
Error: 192.168.67.0/23 is not a valid IPv4 address

It’s happy to accept a ‘192.168.67.0/24’ but that means I need to use up 2 routing policy ‘slots’ to be able to route everything under 192.168.67.0/23.

Thanks in advance.

luke@vm-fw-a:~$ show version
Version: VyOS 1.4-rolling-202212121329
Release train: current

Built by: autobuild@vyos.net
Built on: Mon 12 Dec 2022 13:29 UTC
Build UUID: 488985c8-a9a3-41c2-9813-231c00967954
Build commit ID: f56f9f9d7bc169

Architecture: x86_64
Boot via: installed image
System type: KVM guest

Hardware vendor: QEMU
Hardware model: Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID: 1e50ee72-e5bc-4ebd-a7f3-17d7cbd6b1ca

Copyright: VyOS maintainers and contributors

You’ve overrun a bit into the host part as far as CIDR is concerned. Try 192.168.66.0/23.

$ ipcalc 192.168.67.0/23
Address:        192.168.67.0
Network:        192.168.66.0/23
Netmask:        255.255.254.0 = 23
Broadcast:      192.168.67.255

Address space:  Private Use
HostMin:        192.168.66.1
HostMax:        192.168.67.254
Hosts/Net:      510
2 Likes

Doh! Thanks :slight_smile:

Confirmed it works with 192.168.66.0/23 or 192.168.68.0/23.

2 Likes

No worries - just a quick tip there, a single least significant bit zeroed by the netmask like that will always be an even number. A /22 is always a multiple of 4, /21 of 8, etc.

After doing networks for a short while you remember which power of 2 occupies each bit position in the octet and it gets easier to spot.

I still use ipcalc when I’m feeling lazy.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.