Skip to main content

CIDR notation

The purpose of the IP addresses field is to identify specific external server(s) that are allowed to access the Bravura Security Fabric server within the boundaries of the specified access rights. This is accomplished by using Classless Inter-Domain Routing (CIDR) notation to define an IP address block. The address block is represented by an IP address and a prefix size and is written in slash notation <IP>/<prefix> where:

  • IP is the IPv4 (<0-255>.<0-255>.<0-255>.<0-255>) or IPv6 address (<0000-ffff>:<0000-ffff>:<0000-ffff>:<0000-ffff>:<0000-ffff>:<0000-ffff>:<0000-ffff>:<0000-ffff>)

  • prefix is the prefix size for the mask and must be an integer within the range 0-32 for IPv4 or 0-128 for IPv6

The subnet mask determines the size of the address block (the number of IP addresses belonging to the block), and used in conjunction with the IP address, specifies which particular IP addresses belong to that block. Some planning is required. You need to determine whether the entry is going to be used to represent a single address or a range of consecutive addresses.

The size of the address block, or the number of IP addresses that the block contains is

number of entries = 2(32 - < subnetmask > )

To determine the IP addresses of the servers that will be granted access to the Bravura Security Fabric server from the IP address/subnet entry do the following:

  1. Turn the IP address into binary notation; for example,

    • 128.10.12.1 = 10000000.00001010.00001100.00000001

  2. Start at the left hand side of the binary representation and mark off the number of binary digits specified by the subnet mask; for example, using a 30 bit subnet mask, the first 30 digits are marked off (bolded).

    • 10000000.00001010.00001100.000000 01

    Valid or matching IP addresses must be based on these first 30 digits.

  3. Calculate the valid addresses by creating all possible permutations using the remaining binary digits. In this case, there are only two unmasked digits, and as a result there are only 2(32 - 30) = 22 = 4 possible addresses that match.

    • 10000000.00001010.00001100.000000 00 = 128.10.12.0

    • 10000000.00001010.00001100.000000 01 = 128.10.12.1

    • 10000000.00001010.00001100.000000 10 = 128.10.12.2

    • 10000000.00001010.00001100.000000 11 = 128.10.12.3

To restrict access to a single server use a complete prefix (32 for IPv4 or 128 for IPv6). This means that the IP address must match exactly.

To restrict access only to processes (servers) that reside on the Bravura Security Fabric server, use the local host address with a complete prefix (127.0.0.1/32 or ::1/128 for IPv4 and IPv6 respectively). External access will be denied.

In this section: