Introduction

This talk will cover the basics of IP addressing and subnetting.
Topics covered will include:

IP Addressing

An IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP network. An IP address is a 32 bit binary number usually represented as 4 decimal values, each representing 8 bits, in the range 0 to 255 (known as octets) separated by decimal points. This is known as "dotted decimal" notation.

Example: 140.179.220.200

It is sometimes useful to view the values in their binary form. 

140     .179     .220     .200
10001100.10110011.11011100.11001000

Every IP address consists of two parts, one identifying the network and one identifying the node. The Class of the address and the subnet mask determine which part belongs to the network address and which part belongs to the node address.

Address Classes

There are 5 different address classes. You can determine which class any IP address is in by examining the first 4 bits of the IP address.

Addresses beginning with 01111111, or 127 decimal, are reserved for loopback and for internal testing on a local machine. [You can test this: you should always be able to ping 127.0.0.1, which points to yourself] Class D addresses are reserved for multicasting. Class E addresses are reserved for future use. They should not be used for host addresses.

Now we can see how the Class determines, by default, which part of the IP address belongs to the network (N) and which part belongs to the node (n).

In the example, 140.179.220.200 is a Class B address so by default the Network part of the address (also known as the Network Address) is defined by the first two octets (140.179.x.x) and the node part is defined by the last 2 octets (x.x.220.200).

In order to specify the network address for a given IP address, the node section is set to all "0"s. In our example, 140.179.0.0 specifies the network address for 140.179.220.200. When the node section is set to all "1"s, it specifies a broadcast that is sent to all hosts on the network. 140.179.255.255 specifies the example broadcast address. Note that this is true regardless of the length of the node section.

Private Subnets

There are three IP network addresses reserved for private networks. The addresses are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT or proxy server or a router. It is always safe to use these because routers on the Internet will never forward packets coming from these addresses. These addresses are defined in RFC 1918.

Subnetting

Subnetting an IP Network can be done for a variety of reasons, including organization, use of different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space, and security. The most common reason is to control network traffic. In an Ethernet network, all nodes on a segment see all the packets transmitted by all the other nodes on that segment. Performance can be adversely affected under heavy traffic loads, due to collisions and the resulting retransmissions. A router is used to connect IP networks to minimize the amount of traffic each segment must receive.

Subnet Masking

Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. The network bits are represented by the 1s in the mask, and the node bits are represented by the 0s. Performing a bitwise logical AND operation between the IP address and the subnet mask results in the Network Address or Number.
For example, using our test IP address and the default Class B subnet mask, we get: 

10001100.10110011.11110000.11001000      140.179.240.200   Class B IP Address
11111111.11111111.00000000.00000000      255.255.000.000   Default Class B Subnet Mask
--------------------------------------------------------
10001100.10110011.00000000.00000000      140.179.000.000   Network Address

Default subnet masks:

More Restrictive Subnet Masks

Additional bits can be added to the default subnet mask for a given Class to further subnet, or break down, a network. When a bitwise logical AND operation is performed between the subnet mask and IP address, the result defines the Subnet Address (also called the Network Address or Network Number). There are some restrictions on the subnet address. Node addresses of all "0"s and all "1"s are reserved for specifying the local network (when a host does not know it's network address) and all hosts on the network (broadcast address), respectively. This also applies to subnets. A subnet address cannot be all "0"s or all "1"s. This also implies that a 1 bit subnet mask is not allowed. This restriction is required because older standards enforced this restriction. Recent standards that allow use of these subnets have superceded these standards, but many "legacy" devices do not support the newer standards. If you are operating in a controlled environment, such as a lab, you can safely use these restricted subnets.

To calculate the number of subnets or nodes, use the formula (2n-2) where n = number of bits in either field, and 2n represents 2 raised to the nth power. Multiplying the number of subnets by the number of nodes available per subnet gives you the total number of nodes available for your class and subnet mask. Also, note that although subnet masks with non-contiguous mask bits are allowed, they are not recommended.

Example: 

10001100.10110011.11011100.11001000      140.179.220.200   IP Address
11111111.11111111.11100000.00000000      255.255.224.000   Subnet Mask
--------------------------------------------------------
10001100.10110011.11000000.00000000      140.179.192.000   Subnet Address
10001100.10110011.11011111.11111111      140.179.223.255   Broadcast Address

In this example a 3 bit subnet mask was used. There are 6 (23-2) subnets available with this size mask (remember that subnets with all 0's and all 1's are not allowed). Each subnet has 8190 (213-2) nodes. Each subnet can have nodes assigned to any address between the Subnet address and the Broadcast address. This gives a total of 49,140 nodes for the entire class B address subnetted this way. Notice that this is less than the 65,534 nodes an unsubnetted class B address would have.

You can calculate the Subnet Address by performing a bitwise logical AND operation between the IP address and the subnet mask, then setting all the host bits to 0s. Similarly, you can calculate the Broadcast Address for a subnet by performing the same logical AND between the IP address and the subnet mask, then setting all the host bits to 1s. That is how these numbers are derived in the example above.

Subnetting always reduces the number of possible nodes for a given network. There are complete subnet tables available here for Class A, Class B and Class C. These tables list all the possible subnet masks for each class, along with calculations of the number of networks, nodes and total hosts for each subnet.

An Example

Here is another, more detailed, example. Say you are assigned a Class C network number of 200.133.175.0 (apologies to anyone who may actually own this domain address). You want to utilize this network across multiple small groups within an organization. You can do this by subnetting that network with a subnet address.

We will break this network into 14 subnets of 14 nodes each. This will limit us to 196 nodes on the network instead of the 254 we would have without subnetting, but gives us the advantages of traffic isolation and security. To accomplish this, we need to use a subnet mask 4 bits long.
Recall that the default Class C subnet mask is 

255.255.255.0 (11111111.11111111.11111111.00000000 binary)

Extending this by 4 bits yields a mask of 

255.255.255.240 (11111111.11111111.11111111.11110000 binary)

This gives us 16 possible network numbers, 2 of which cannot be used:

Subnet bits

Network Number

Node Addresses

Broadcast Address

0000

200.133.175.0

Reserved

None

0001

200.133.175.16

.17 thru .30

200.133.175.31

0010

200.133.175.32

.33 thru .46

200.133.175.47

0011

200.133.175.48

.49 thru .62

200.133.175.63

0100

200.133.175.64

.65 thru .78

200.133.175.79

0101

200.133.175.80

.81 thru .94

200.133.175.95

0110

200.133.175.96

.97 thru .110

200.133.175.111

0111

200.133.175.112

.113 thru .126

200.133.175.127

1000

200.133.175.128

.129 thru .142

200.133.175.143

1001

200.133.175.144

.145 thru .158

200.133.175.159

1010

200.133.175.160

.161 thru .174

200.133.175.175

1011

200.133.175.176

.177 thru .190

200.133.175.191

1100

200.133.175.192

.193 thru .206

200.133.175.207

1101

200.133.175.208

.209 thru .222

200.133.175.223

1110

200.133.175.224

.225 thru .238

200.133.175.239

1111

200.133.175.240

Reserved

None

CIDR -- Classless InterDomain Routing

Now that you understand "classful" IP Subnetting principals, you can forget them ;). The reason is CIDR -- Classless InterDomain Routing. CIDR was invented several years ago to keep the internet from running out of IP addresses. The "classful" system of allocating IP addresses can be very wasteful; anyone who could reasonably show a need for more that 254 host addresses was given a Class B address block of 65533 host addresses. Even more wasteful were companies and organizations that were allocated Class A address blocks, which contain over 16 Million host addresses! Only a tiny percentage of the allocated Class A and Class B address space has ever been actually assigned to a host computer on the Internet.

People realized that addresses could be conserved if the class system was eliminated. By accurately allocating only the amount of address space that was actually needed, the address space crisis could be avoided for many years. This was first proposed in 1992 as a scheme called Supernetting. Under supernetting, the classful subnet masks are extended so that a network address and subnet mask could, for example, specify multiple Class C subnets with one address. For example, If I needed about 1000 addresses, I could supernet 4 Class C networks together: 

192.60.128.0   (11000000.00111100.10000000.00000000)  Class C subnet address
192.60.129.0   (11000000.00111100.10000001.00000000)  Class C subnet address
192.60.130.0   (11000000.00111100.10000010.00000000)  Class C subnet address
192.60.131.0   (11000000.00111100.10000011.00000000)  Class C subnet address
--------------------------------------------------------
192.60.128.0   (11000000.00111100.10000000.00000000)  Supernetted Subnet address
255.255.252.0  (11111111.11111111.11111100.00000000)  Subnet Mask
192.60.131.255 (11000000.00111100.10000011.11111111)  Broadcast address

In this example, the subnet 192.60.128.0 includes all the addresses from 192.60.128.0 to 192.60.131.255. As you can see in the binary representation of the subnet mask, the Network portion of the address is 22 bits long, and the host portion is 10 bits long.

Under CIDR, the subnet mask notation is reduced to a simplified shorthand. Instead of spelling out the bits of the subnet mask, it is simply listed as the number of 1s bits that start the mask. In the above example, instead of writing the address and subnet mask as 

192.60.128.0, Subnet Mask 255.255.252.0

the network address would be written simply as: 

192.60.128.0/22

which indicates starting address of the network, and number of 1s bits (22) in the network portion of the address. If you look at the subnet mask in binary (11111111.11111111.11111100.00000000), you can easily see how this notation works.

The use of a CIDR notated address is the same as for a Classful address. Classful addresses can easily be written in CIDR notation (Class A = /8, Class B = /16, and Class C = /24)

It is currently almost impossible for an individual or company to be allocated their own IP address blocks. You will simply be told to get them from your ISP. The reason for this is the ever-growing size of the internet routing table. Just 10 years ago, there were less than 5000 network routes in the entire Internet. Today, there are over 100,000. Using CIDR, the biggest ISPs are allocated large chunks of address space (usually with a subnet mask of /19 or even smaller); the ISP's customers (often other, smaller ISPs) are then allocated networks from the big ISP's pool. That way, all the big ISP's customers (and their customers, and so on) are accessible via 1 network route on the Internet. But I digress.

It is expected that CIDR will keep the Internet happily in IP addresses for the next few years at least. After that, IPv6, with 128 bit addresses, will be needed. Under IPv6, even sloppy address allocation would comfortably allow a billion unique IP addresses for every person on earth! The complete and gory details of CIDR are documented in RFC1519, which was released in September of 1993.

Logical Operations

This page will provide a brief review and explanation of the common logical bitwise operations AND, OR, XOR (Exclusive OR) and NOT. Logical operations are performed between two data bits (except for NOT). Bits can be either "1" or "0", and these operations are essential to performing digital math operations.
In the "truth tables" below, the input bits are in bold, and the results are plain.

AND

The logical AND operation compares 2 bits and if they are both "1", then the result is "1", otherwise, the result is "0".

 

0

1

0

0

0

1

0

1

OR

The logical OR operation compares 2 bits and if either or both bits are "1", then the result is "1", otherwise, the result is "0".

 

0

1

0

0

1

1

1

1

XOR

The logical XOR (Exclusive OR) operation compares 2 bits and if exactly one of them is "1" (i.e., if they are different values), then the result is "1"; otherwise (if the bits are the same), the result is "0".

 

0

1

0

0

1

1

1

0

NOT

The logical NOT operation simply changes the value of a single bit. If it is a "1", the result is "0"; if it is a "0", the result is "1". Note that this operation is different in that instead of comparing two bits, it is acting on a single bit.

0

1

1

0

 

IP Subnetting, Variable Subnetting, and CIDR (Supernetting)

  1. Who is this for?

    People who will be building networks. If you're a manager you can go to sleep now; if you know this stuff already, take a pizza break; if you want to actually build networks some day and are not already comfortable working out appropriate sizes of subnets, please come to the front of the lecture hall - I have a few copies of this lesson but not enough for everyone in the room.
  2. Purpose of this lesson

    Some day you may be responsible for designing a network that connects several locations together with routers. You'll have been given a certain number of IP addresses you can use, and you have to allocate them in chunks to each site without running out!

    The reason we are going to learn subnetting is simple: there are not enough IP addresses free for you to give a whole Class C network to every site you manage. Some upstream providers charge you for each Class C you allocate. Others force you to justify your use of space in detail, showing that each network you allocated was fully populated.

    Before we go into details, there are two things you might be able to use which will avoid the need to learn any of this stuff:
    1. NAT - network address translation
      If it is available to you, NAT often lets you create any size of network you want, without worrying about how much IP space you have been officially allocated. I'm not going to explain what NAT is in detail, because it will be covered in someone else's lesson. In short, it's a way to map large numbers of IPs on to a single IP (or to take a large sparse range such as a Class B and map each address that is actually used on to a small number of Class C's). NAT is worth taking the time to learn, because it can save you a whole lot of effort!
    2. Online tools to calculate subnets
      There are many web pages available that will calculate netmasks for given sizes of subnets. These are useful as long as you understand the basics of what you're trying to do. If you don't have 'the big picture', these tools won't help. You can listen to this lecture to get 'the big picture' without getting distracted by the details, then use one of the online tools when you need actual numbers.

 

  1. IP address space in general - inference of Class A/B/C

    Before we start - a quick and very basic recap on IP addressing in general.
    Every machine on the net has an address. Addresses are 32 bits. These 32 bits are split into two parts - a network number followed by a host address. The 'host address' part is for a number of machines on one physical network - say a bunch of machines connected with a hub or on a single thin ether wire. The network number represents this group of hosts as a single unit, and routers need to know these network numbers to send data from one net to another.
    Just where the network/host split is made is arbitrary. There's no real reason why 10.1.2.3 should be part of a class A network and 220.1.2.3 is part of a class C network - it just is. The address space was split up as shown below, and any addresses in these ranges are deemed to be in the appropriate Class. Why does this matter? Well, some software will ask for an IP address but NOT a netmask - and it will infer a netmask from the address. This is OK as long as you are staying within the class system, but if you are subnetting or supernetting, it can cause you a lot of trouble.

    There's actually very little difference between a Class C network, and a Class B network with a 255.255.255.0 netmask applied. (The only time they're different is if the network address is of the form X.X.0.X or X.X.255.X)

    Before you start designing your subnets, you should know what it is that you've been given. Here are three ways of finding out what class your allocation is in. Use whichever you find easiest.

 

 

First Byte

Class

Network Mask (explained later)

1-126

"A"

255.0.0.0

128-191

"B"

255.255.0.0

192-223

"C"

255.255.255.0


In all the examples below we will assume we have been allocated a Class C network to work with: 192.168.1.0

192.168.1.0 is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet. So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up. It's amazing the number of people who create internal networks using real IP addresses chosen at random. If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else. If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses.

Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover. If you can do a Class C from first principles, you'll be able to do Class B's in your sleep. Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing.

  1. What is Broadcast?

    I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses 192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be sent to *every* station on that network. Later we'll discover that sending to 192.168.1.0 is sort of something similar. Or was once, anyway.

    In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet host part set to all ones means broadcast. Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only.
  2. Don't I need to know how to do binary arithmetic?

    Forgetaboutit. If you can't do binary math in your head, just use the data in these tables below. (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.)
  3. Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded. Mask is 11110000

    This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full.

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

0000xxxx

192.168.1.1 to 192.168.1.14

192.168.1.15 - UNUSABLE - NETMASK ALL 0000's

192.168.1.16

0001xxxx

192.168.1.17 to 192.168.1.30

192.168.1.31

192.168.1.32

0010xxxx

192.168.1.33 to 192.168.1.46

192.168.1.47

192.168.1.48

0011xxxx

192.168.1.49 to 192.168.1.62

192.168.1.63

192.168.1.64

0100xxxx

192.168.1.65 to 192.168.1.78

192.168.1.79

192.168.1.80

0101xxxx

192.168.1.81 to 192.168.1.94

192.168.1.95

192.168.1.96

0110xxxx

192.168.1.97 to 192.168.1.110

192.168.1.111

192.168.1.112

0111xxxx

192.168.1.113 to 192.168.1.126

192.168.1.127

192.168.1.128

1000xxxx

192.168.1.129 to 192.168.1.142

192.168.1.143

192.168.1.144

1001xxxx

192.168.1.145 to 192.168.1.158

192.168.1.159

192.168.1.160

1010xxxx

192.168.1.161 to 192.168.1.174

192.168.1.175

192.168.1.176

1011xxxx

192.168.1.177 to 192.168.1.190

192.168.1.191

192.168.1.192

1100xxxx

192.168.1.193 to 192.168.1.206

192.168.1.207

192.168.1.208

1101xxxx

192.168.1.209 to 192.168.1.222

192.168.1.223

192.168.1.224

1110xxxx

192.168.1.225 to 192.168.1.238

192.168.1.239

192.168.1.240

1111xxxx

192.168.1.241 to 192.168.1.254

192.168.1.255 - UNUSABLE - NETMASK ALL 1111's
  1.  
  2. 0's/1's restriction on host part: let's take one subnet from the table above:

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.32

0010xxxx

192.168.1.33 to 192.168.1.46

192.168.1.47

  1. Now, let's look at the individual hosts within that subnet:

Network part

Subnet . Host part

Host Address

192.168.1.32

0010.0000

UNUSABLE - HOST PART IS ALL 0's

192.168.1.33

0010.0001

 

192.168.1.34

0010.0010

 

192.168.1.35

0010.0011

 

192.168.1.36

0010.0100

 

192.168.1.37

0010.0101

 

192.168.1.38

0010.0110

 

192.168.1.39

0010.0111

 

192.168.1.40

0010.1000

 

192.168.1.41

0010.1001

 

192.168.1.42

0010.1010

 

192.168.1.43

0010.1011

 

192.168.1.44

0010.1100

 

192.168.1.45

0010.1101

 

192.168.1.46

0010.1110

 

192.168.1.47

0010.1111

UNUSABLE - HOST PART IS ALL 1's

  1. Although you may be familiar with the all ones broadcast addresses (typically x.x.x.255 for a Class C network) you may not realise that at some time in the past x.x.x.0 was also used as a broadcast address. Although this seldom is done nowadays, for historical reasons we still obey this convention. (The last machine I owned that actually used the .0 address for broadcast was a Sun from the late 1980's)

    Note what happens as the room for hosts gets smaller:

    This is the host table for a /30:

Network part

Subnet . Host part

Host Address

192.168.1.32

001000.00

UNUSABLE - HOST PART IS ALL 0's

192.168.1.33

001001.01

 

192.168.1.34

001010.10

 

192.168.1.35

001011.11

UNUSABLE - HOST PART IS ALL 1's
  1. A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26 is pretty bad, because 50% of the nets are unusable. a /28 is best because it lets you have (16 - 2) * (16 - 2) = 192 hosts.


    This would be the host table if a /31, if it existed:

Network part

Subnet . Host part

Host Address

192.168.1.32

0010000.0

UNUSABLE - HOST PART IS ALL 0's

192.168.1.33

0010000.1

UNUSABLE - HOST PART IS ALL 1's

  1. What's wrong with this picture??? Well, you can't have a /31. Here's why...
  2. We can have subnets of /26,/27,/28,/29,/30 - BUT NOT /25 or /31!

    This is a /30 (with sections removed for brevity):
    Mask is 11111100

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

000000xx

192.168.1.1 to 192.168.1.2

192.168.1.3 - UNUSABLE - NETMASK ALL 000000's

192.168.1.4

000001xx

192.168.1.5 to 192.168.1.6

192.168.1.7

192.168.1.8

000010xx

192.168.1.9 to 192.168.1.10

192.168.1.11

192.168.1.12

000011xx

192.168.1.13 to 192.168.1.14

192.168.1.15

192.168.1.16

000100xx

192.168.1.17 to 192.168.1.18

192.168.1.19

192.168.1.20

000101xx

192.168.1.21 to 192.168.1.22

192.168.1.23

192.168.1.24 - 244

...

..............................

.............

192.168.1.248

111110xx

192.168.1.249 to 192.168.1.250

192.168.1.251

192.168.1.252

111111xx

192.168.1.253 to 192.168.1.254

192.168.1.255 - UNUSABLE - NETMASK ALL 111111's
  1.  
  2. So why not a /25????

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

0xxxxxxx

192.168.1.1 to 192.168.1.126

192.168.1.127 - UNUSABLE - NETMASK ALL 0's

192.168.1.128

1xxxxxxx

192.168.1.129 to 192.168.1.254

192.168.1.255 - UNUSABLE - NETMASK ALL 1's
  1. When the netmask is only one bit, it can't help but being all zeroes or all ones.
  2. And why not a /31?

Network part

Subnet.host

Host addresses

Broadcast Addresses (0's and 1's)

192.168.1.0

0000000x

192.168.1.0? to 192.168.1.1?

192.168.1.0 - UNUSABLE - NETMASK 000000's
192.168.1.1 - UNUSABLE - NETMASK 000000's

192.168.1.2

0000001x

192.168.1.2? to 192.168.1.3?

192.168.1.2 - UNUSABLE - Broadcast 0's
192.168.1.3 - UNUSABLE - Broadcast 1's

192.168.1.4 - 250

...

..............................

.............
.............

192.168.1.252

1111110x

192.168.1.252 to 192.168.1.253

192.168.1.252 - UNUSABLE - Broadcast 0's
192.168.1.253 - UNUSABLE - Broadcast 1's

192.168.1.254

1111111x

192.168.1.254 to 192.168.1.255

192.168.1.254 UNUSABLE - NETMASK 111111's
192.168.1.255 UNUSABLE - NETMASK 111111's
  1.  
  2. Variable subnetting example 1 (insert /30 into /28 from above)

    Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each.

    Is there any way we can get back some of those addresses? Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries:

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

000000xx

192.168.1.1 to 192.168.1.2

192.168.1.3 - UNUSABLE - NETMASK ALL 000000's

192.168.1.4

000001xx

192.168.1.5 to 192.168.1.6

192.168.1.7

192.168.1.8

000010xx

192.168.1.9 to 192.168.1.10

192.168.1.11

192.168.1.12

000011xx

192.168.1.13 to 192.168.1.14

192.168.1.15

192.168.1.16 - 252

...

..............................

.............

  1. Apart from the first one, these are all perfectly valid subnets, and if we were to configure machines using them, they will look just like normal addresses in a /30 subnet. We can do exactly the same thing for the 192.168.1.240-255 addresses.

    These small subnets - they only have 2 IP addresses that are usable - are actually just what you need when you are setting up a point to point link between different subnets (in different locations). So by using the 'slop' at the end of the range, you can get your point to point links for free.
  2. Variable subnetting example 2 (insert /28 from above into /26)

    Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations.

    The following table tells you how many workstations and how many offices you can have for each size of subnet mask:

Bit Split

Subnet Mask

Block Size

Max Useable Subnets
(number of offices)

# C IPs/Subnet
(number of workstations)

2/6

192 (/26)

64

2

62

3/5

224 (/27)

32

6

30

4/4

240 (/28)

16

14

14

5/3

248 (/29)

8

30

6

6/2

252 (/30)

4

62

2


  1. You see, with one office of size 50, we're forced with a simple subnet scheme to use a /26 (2 bits subnet, 6 bits host). However, we have three offices, so this won't work.
    With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28 (16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station office.

    Well, the solution is simple: Treat it as a /26, allocate the large office, then extract from a table of /28's enough smaller subnets to fit in the one remaining /26 slot. Like this:

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

00xxxxxx

192.168.1.1 to 192.168.1.62

192.168.1.63 UNUSABLE - NETMASK ALL 00's

192.168.1.64

01xxxxxx

192.168.1.65 to 192.168.1.126

192.168.1.127 ALLOCATE THIS TO BE FURTHER SUBNETTED

192.168.1.128

10xxxxxx

192.168.1.129 to 192.168.1.190

192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE

192.168.1.192

11xxxxxx

192.168.1.193 to 192.168.1.254

192.168.1.255 UNUSABLE - NETMASK ALL 11's
  1. (note: with a simple /26, you lose HALF of your potential IP addresses to the broadcast network addresses)

    And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here:

Network part

Subnet.host

Host addresses

Broadcast Address192.168.1.63

192.168.1.64

0100xxxx

192.168.1.65 to 192.168.1.78

192.168.1.79

192.168.1.80

0101xxxx

192.168.1.81 to 192.168.1.94

192.168.1.95

192.168.1.96

0110xxxx

192.168.1.97 to 192.168.1.110

192.168.1.111

192.168.1.112

0111xxxx

192.168.1.113 to 192.168.1.126

192.168.1.127


  1. Now we simply put the two tables together, and we have a variable subnet solution for our three offices. Plus some spares!

Network part

Subnet.host

Host addresses

Broadcast Address

192.168.1.0

00xxxxxx

192.168.1.1 to 192.168.1.62

192.168.1.63 UNUSABLE - NETMASK ALL 00's

192.168.1.64

0100xxxx

192.168.1.65 to 192.168.1.78

192.168.1.79 ALLOCATE THIS TO THE 10-PC OFFICE

192.168.1.80

0101xxxx

192.168.1.81 to 192.168.1.94

192.168.1.95 ALLOCATE THIS TO THE 9-PC OFFICE

192.168.1.96

0110xxxx

192.168.1.97 to 192.168.1.110

192.168.1.111 SPARE

192.168.1.112

0111xxxx

192.168.1.113 to 192.168.1.126

192.168.1.127 SPARE

192.168.1.128

10xxxxxx

192.168.1.129 to 192.168.1.190

192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE

192.168.1.192

11xxxxxx

192.168.1.193 to 192.168.1.254

192.168.1.255 UNUSABLE - NETMASK ALL 11's

  1. and don't forget the trick of grabbing the end IP's for the point to point networks to link these offices together.
  2. Preference to finer resolution routes - don't need to fully enumerate

    Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other. To route this properly you would issue 29 routing commands to one address and 1 to the other. This is wasteful of router table space. The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere. More specific routes take precedence in most routers. Occasionally you will find some brand of router which does require non-overlapping routes, and if this happens to you, just issue all 30 explicit commands.
  3. "Supernetting", aka CIDR (Classless InterDomain Routing)

    The world has a big problem with too many route table entries in the big backbone routers. To solve that problem, people realised they could aggregate network routing commands, eg a network 192.168.2.0/24 and a neighboring network 192.168.3.0/24 could be represented by merging them like this: 192.168.2.0/23

    This would be fine, except we know the problems of subnetting and all-zeroes and all-ones masks. The same problems would start showing up here. The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless"
    When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing.

    That's really all you need to know about CIDR. It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down.
  4. Calculators

    Once you understand subnetting as described above, you'll probably be able to do it in your head. However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s.
    Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet. The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark.
  5. Final test :-)

    You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation (equivalent to 32 Class C networks). You were given the following: 167.114.209.0 through 167.114.240.0.

    Will these do what you want?

    (If we have time left, we'll work this example on paper)
  6. References

    Some of the info above was cribbed from: 
31.      IP Address Subnetting Tutorial
32.       http://www.ralphb.net/IPSubnet/
33.    
34.      Daryl's TCP/IP Primer
35.       http://ipprimer.windsorcs.com/addressing.cfm
36.       http://ipprimer.windsorcs.com/bitbybit.cfm
37.    
38.      IP Subnet Calculations  (Check here for a quick refresher in binary arithmetic)
39.       http://www.swcp.com/~jgentry/topo/unit3.htm
40.    
41.      Subnet masking, definition and summary
42.       http://www.exabyte.net/lambert/subnet/subnet_masking_definition.htm
43.       http://www.exabyte.net/lambert/subnet/subnet_masking_summary.htm
44.    
45.      A reasonable subnet calculator that makes some attempt to warn about unusable subnets
46.       http://www.agt.net/public/sparkman/netcalc.htm
47.    

 

 

 

 

 

 

 

 

 

Classless Inter-Domain Routing (CIDR) Overview

What Is CIDR?

CIDR is a new addressing scheme for the Internet which allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme.

Why Do We Need CIDR?

With a new network being connected to the Internet every 30 minutes the Internet was faced with two critical problems:

Running Out of IP Addresses
There is a maximum number of networks and hosts that can be assigned unique addresses using the Internet's 32-bit long addresses. Traditionally, the Internet assigned "classes" of addresses: Class A, Class B and Class C were the most common. Each address had two parts: one part to identify a unique network and the second part to identify a unique host in that network. Another way the old Class A, B, and C addresses were identified was by looking at the first 8 bits of the address and converting it to its decimal equivalent.

Address Class

# Network Bits

# Hosts Bits

Decimal Address Range

Class A

8 bits

24 bits

1-126

Class B

16 bits

16 bits

128-191

Class C

24 bits

8 bits

192-223

Using the old Class A, B, and C addressing scheme the Internet could support the following:

(Some addresses are reserved for broadcast messages, etc.). Because Internet addresses were generally only assigned in these three sizes, there was a lot of wasted addresses. For example, if you needed 100 addresses you would be assigned the smallest address (Class C), but that still meant 154 unused addresses. The overall result was that while the Internet was running out of unassigned addresses, only 3% of the assigned addresses were actually being used. CIDR was developed to be a much more efficient method of assigning addresses.

Global Routing Tables At Capacity

A related problem was the sheer size of the Internet global routing tables. As the number of networks on the Internet increased, so did the number of routes. A few years back it was forecasted that the global backbone Internet routers were fast approaching their limit on the number of routes they could support.

Even using the latest router technology, the maximum theoretical routing table size is approximately 60,000 routing table entries. If nothing was done the global routing tables would have reached capacity by mid-1994 and all Internet growth would be halted.

How Were These Problems Solved?

Two solutions were developed and adopted by the global Internet community:

Restructuring IP Address Assignments

Classless Inter-Domain Routing (CIDR) is a replacement for the old process of assigning Class A, B and C addresses with a generalized network "prefix". Instead of being limited to network identifiers (or "prefixes") of 8, 16 or 24 bits, CIDR currently uses prefixes anywhere from 13 to 27 bits. Thus, blocks of addresses can be assigned to networks as small as 32 hosts or to those with over 500,000 hosts. This allows for address assignments that much more closely fit an organization's specific needs.

A CIDR address includes the standard 32-bit IP address and also information on how many bits are used for the network prefix. For example, in the CIDR address 206.13.01.48/25, the "/25" indicates the first 25 bits are used to identify the unique network leaving the remaining bits to identify the specific host.

CIDR Block Prefix

# Equivalent Class C

# of Host Addresses

/27

1/8th of a Class C

32 hosts

/26

1/4th of a Class C

64 hosts

/25

1/2 of a Class C

128 hosts

/24

1 Class C

256 hosts

/23

2 Class C

512 hosts

/22

4 Class C

1,024 hosts

/21

8 Class C

2,048 hosts

/20

16 Class C

4,096 hosts

/19

32 Class C

8,192 hosts

/18

64 Class C

16,384 hosts

/17

128 Class C

32,768 hosts

/16

256 Class C

65,536 hosts

 

(= 1 Class B)

 

/15

512 Class C

131,072 hosts

/14

1,024 Class C

262,144 hosts

/13

2,048 Class C

524,288 hosts

Hierarchical Routing Aggregation To Minimize Routing Table Entries

The CIDR addressing scheme also enables "route aggregation" in which a single high-level route entry can represent many lower-level routes in the global routing tables.

The scheme is similar to the telephone network where the network is setup in a hierarchical structure. A high level, backbone network node only looks at the area code information and then routes the call to the specific backbone node responsible for that area code. The receiving node then looks at the phone number prefix and routes the call to its subtending network node responsible for that prefix and so on. The backbone network nodes only need routing table entries for area codes, each representing huge blocks of individual telephone numbers, not for every unique telephone number.

Currently, big blocks of addresses are assigned to the large Internet Service Providers (ISPs) who then re-allocate portions of their address blocks to their customers. For example, Pacific Bell Internet has been assigned a CIDR address block with a prefix of /15 (equivalent to 512 Class C addresses or 131,072 host addresses) and typically assigns its customers CIDR addresses with prefixes ranging from /27 to /19. These customers, who may be smaller ISPs themselves, in turn re-allocate portions of their address block to their users and/or customers. However, in the global routing tables all these different networks and hosts can be represented by the single Pacific Bell Internet route entry. In this way, the growth in the number of routing table entries at each level in the network hierarchy has been significantly reduced. Currently, the global routing tables have approximately 35,000 entries.

User Impacts

The Internet is currently a mixture of both "CIDR-ized" addresses and old Class A, B and C addresses. Almost all new routers support CIDR and the Internet authorities strongly encourage all users to implement the CIDR addressing scheme. (We recommend that any new router you purchase should support CIDR).

The conversion to the CIDR addressing scheme and route aggregation has two major user impacts:

Justifying IP Address Assignments

Even with the introduction of CIDR, the Internet is growing so fast that address assignments must continue to be treated as a scarce resource. As such, customers will be required to document, in detail, their projected needs. Users may be required from time to time to document their internal address assignments, particularly when requesting additional addresses. The current Internet guideline is to assign addresses based on an organization's projected three month requirement with additional addresses assigned as needed.

Where To Get Address Assignments

In the past, you would get a Class A, B or C address assignments directly from the appropriate Internet Registry (i.e., the InterNIC). Under this scenario, you "owned" the address and could take it with you even if you changed Internet Service Providers (ISPs). With the introduction of CIDR address assignments and route aggregation, with a few exceptions, the recommended source for address assignments is your ISP. Under this scenario, you are only "renting" the address and if you change ISPs it is strongly recommended that you get a new address from your new ISP and re-number all of your network devices.

While this can be a time-consuming task, it is critical for your address to be aggregated into your ISP's larger address block and routed under their network address. There are still significant global routing table issues and the smaller your network is, the greater your risk of being dropped from the global routing tables. In fact, networks smaller than 8,192 devices will very likely be dropped. Neither the InterNIC nor other ISPs have control over an individual ISP's decisions on how to manage their routing tables.

As an option to physically re-numbering each network device, some organizations are using proxy servers to translate old network addresses to their new addresses. Users should be cautioned to carefully consider all the potential impacts before using this type of solution.

Need More Information?

For more detailed technical information on CIDR, go to http://www.rfc-editor.org/rfcsearch.html and type in the number of the CIDR RFC you are interested in:

As mentioned before, there are a few exceptions where an organization would not use an ISP assigned address block.

Conclusion

The implementation of CIDR has been critical to the continued growth of the Internet, allowing more organizations and users to take advantage of this increasingly vital global networking and information resource.

 

 

 

IP Subnet Calculations

 

1. IP Addressing

At this point you should know that IP, the Internet Protocol, is a network layer (OSI layer 3) protocol, used to route packets between hosts on different networks. To suit this purpose, IP must define an addressing scheme, so that a packet's intended destination can be indicated.

An IP address is composed of 32 bits. These 32 bits are divided into 4 octets of 8 bits each. You may have seen an IP address represented like this: 172.68.15.24. We must remember, however, that the computer understands this number only in binary, so we must often deal with them in binary. Many people are intimidated by this initially, but soon find that it is not difficult. If you do not allow yourself to be flustered, you can master this topic.

IP addresses are assigned to orginazations in blocks. Each block belongs to one of three classes: class A, class B, or class C. You can tell what class an IP address is by the value in its first octet.

Class A

1-126

Class B

128-191

Class C

192 -->

An IP address consists of two fields. The first field identifies the network, and the second field identifies the node on the network. Which bits of the address are in the network field and which bits are in the host field is determined by the subnet mask.

When a class A IP license is granted, you are assigned something like this: 99.0.0.0. Only the value of the bits in the first octet are assigned. This means you are free to assign any values you wish in the second, third and fourth octets.

The defualt subnet mask for a class A network is 255.0.0.0. High bits, ones, indicate the bits that are part of the network field of the IP address. The default subnet mask does not create subnets. Therefor, a class A network with the default subnet mask is one network. The three octets that are unassigned and unmasked are part of the host field of the address. There is a total of 24 bits in those three octets. Each bit can be in one of two states. Therefor, 2^24 is the number of host addresses that can be assigned on that network, almost. Two addresses are reserved on every network, x.x.x.0 and x.x.x.255. So the total number of hosts possible on this network is 2^24. 2^24-2=16,777,214 hosts for a class A IP network.

When a class B license is granted, the first two octets are assigned. For example, 172.198.x.x. The default subnet mask for a class B is 255.255.0.0. One network, two octets free, 16 bits for the host address field. 2^16-2=65,534 possible host addresses on a class B IP network.

When a class C license is granted, the first three octets are assigned, for example: 193.52.16.0. The default subnet mask for a class C is 255.255.255.0. Once octet makes up the host address field. 2^8-2=254 host addresses possible on a class C network.

2. Reason for Subnetting

We said that the default subnet mask for a class A IP network is 255.0.0.0. Once octet only of a class A network address identifies the network, with this subnet mask. This leaves three octets of 8 bits each, or 24 bits, to identify the host on that one network. 2^24=16,777,216 addresses. Two addresses are reserved, x.x.x.0 and x.x.x.255. 16,777,214 nodes can be assigned an IP address on this network.

It is highly unlikely that any organization would want one network of 16,777,214 nodes. They might want that many devices connected in a wide area network (WAN), thus capablee of communicating when neccessary, but they will want to subdivide this huge network into mostly self-contained subnetworks of nodes that communicate with each other often. This is called subnetting.

To understand why, consider what would happen in either a broadcast or a token passing network that consisted of over 16,000,000 nodes. Nothing would happen. It simply would not work. Though the problem is not as drastic, class B and class C IP networks are often subnetted, also.

The subnet mask is used to subdivide an IP network into subnets. This is a division that takes place in OSI layer 3, so it is a logical division that is created by the addressing scheme. This logical division is usually combined with a physical division. Many subnets are physically isolated from the rest of the network by a device such as a router or a switch. This aspect of subnetting is discussed in Unit 3--Data Link Layer.

3. How Subnetting Works

The bits of an address that are masked by the subnet mask are the bits that make up the network field of the address. To subnet, the default subnet mask for a network is extended to cover bits of the address that would otherwise be part of the host field. Once these bits are masked, they become part of the network field, and are used to identify subnets of the larger network.

Here is where we begin dealing with both addresses and subnetmasks in binary. Get yourself a cold beverage, stretch, take a deep breath and don't worry. Once you get your brain around the concepts, it is not difficult. You just have to keep trying until the light goes on.

3.1 Translating Binary to Decimal

Both IP addresses and subnet masks are composed of 32 bits divided into 4 octets of 8 bits each. Here is how a single octet translates from binary to decimal. Consider an octet of all ones: 11111111.

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    1   1   1   1   1 
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

Here's another: 10111001

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     0    1    1   1   0   0   1
128 +  0 + 32  +16 + 8 + 0 + 0 + 1 = 185

and 00000000

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 0     0    0    0   0   0   0   0
 0  +  0 +  0 +  0 + 0 + 0 + 0 + 0 = 0

3.2 Converting Decimal to Binary

Converting decimal to binary is similar. Consider 175:

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     0    1    0   1   1   1   1
128 +  0 + 32 +  0 + 8 + 4 + 2 + 1 = 175

175=10101111

3.3 Simple Subnetting

The simpliest way to subnet is to take the octet in the subnet mask that covers the first unassigned octet in the IP address block, and make all its bits high. Remember, a high bit, a 1, in the subnet mask indicates that that corresponding bit in the IP address is part of the network field. So, if you have a class B network 172.160.0.0, with the subnet mask 255.255.0.0, you have one network with 65, 534 possible addresses. If you take that subnet mask and make all the bits in the third octet high

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    1   1   1   1   1
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

you get the subnet mask 255.255.255.0.

172.60.  0. 0
255.255.255.0

Now the third octet of all the addresses on this network are part of the network field instead of the host field. That is one octet, or eight bits, that can be manipulated to create subnets. 2^8-2=254 possible subnets now on this class B network.

One octet is left for the host field. 2^8-2=254 possible host addressed on each subnet.

3.4 Advanced Subnetting

That is the simplist way to subnet, but it may not be the most desirable. You might not want 254 subnets on your class B network. Instead, you might use a subnet mask like 255.255.224.0. How many subnets would this give you? The first step is to see how many bits are allocated to the network by this mask. 

128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    0   0   0   0   0
128 + 64 + 32 +  0 + 0 + 0 + 0 + 0 = 224

3 bits are allocated. 2^3-2=6 subnets.

How many hosts on each subnet? Well, 5 bits from this octet are left for the host field, and 8 bits in the fourth octet, for a total of 13 bits in the host field. 2^13-2=8190 possible hosts on each subnet.

The subnet mask is always extended by masking off the next bit in the address, from left to right. Thus, the last octet in the subnet mask will always be one of these: 128, 192, 224, 240, 248, 252, 254 or 255.

Given the IP address of a host and the subnet address for the network, you need to be able to calculate which subnet that host is on. To do this we compare the binary representation of the pertinent octet of the subnet mask witht he binary representation of the corresponding octet in the IP address. Example:

IP address=172.60.50.2
subnet mask=255.255.224.0
 
50= 00110010
224=11100000

We perform a logical on these two numbers. We will be left with only the bits where there is a one in both octets.

00110010
11100000
--------
00100000=32

This host is on subnet 172.60.32.0.

We also need to be able to find the range of assignable IP addresses on this subnet. To do this, we take the binary that tells us the subnet address, in this case 00100000, and compare it with the subnet mask.

00100000
11100000

The bits convered by the mask we will leave as they are. The rest of the bits we make high. So 

00100000
11100000
--------
0011111=63

The range of assignable IP addresses on the subnet 172.60.32.0 is 172.60.32.1-172.60.63.254.

On every network and subnet, two addresses are reserved. At the low end of the range of addresses for the network or subnet, in this case 172.60.64.0, is the address for the network or subnet itself. The address at the high end of the range of addresses, in this case 172.60.95.255, is the broadcast address. Any message sent to the broadcast address will be received by every host on the network.

4. Sample Problem

Here is a sample problem for you to calculate. When you are done, you can check your answers using an online subnet calcualtor at Tactix Engineering.

IP address:  154.16.52.16
subnet mask:  255.255.240.0
 
Find:
Number of subnets possible on this network:
Number of hosts possible on each subnet:
Which subnet this address is on:
Range of addresses on that subnet:

 

 

 
 
 
What is CIDR?

CIDR stands for Classless Inter-Domain Routing. CIDR was developed in the 1990s as a standard scheme for routing IP addresses.

Before CIDR, Internet routers managed IP traffic based solely on the class of IP addresses and their associated subnet masks. This scheme utilized IP address space inefficiently as explained earlier. CIDR allows a more flexible way to associate groups of IP addresses without relying on the original class system. CIDR is also known as supernetting.

CIDR Notation

CIDR specifies an IP address range by the combination of an IP address and its associated network mask. CIDR notation uses the following format -

xxx.xxx.xxx.xxx/n

where n is the number of (leftmost) '1' bits in the mask. For example,

192.168.12.0/23

applies the network mask 255.255.254.0 to the 192.168 network, starting at 192.168.12.0. This notation represents the address range 192.168.12.0 - 192.168.13.255. Compared to traditional class-based networking, 192.168.12.0/23 represents an aggregation of the two Class C networks 192.168.12.0 and 192.168.13.0 each using the default network mask 255.255.255.0.

CIDR supports Internet address allocation and message routing independent of the traditional class of a given IP address range. For example,

10.4.12.0/22

represents the address range 10.4.12.0 - 10.4.15.255 by employing the network mask 255.255.252.0. This effectively represents an apportioning of four Class C networks within the much larger Class A space.

CIDR notation is sometimes adopted even on non-CIDR networks. In non-CIDR IP subnetting, however, the value of n is restricted to either 8 (Class A), 16 (Class B) or 24 (Class C) from the Internet address allocation and routing perspective.

How CIDR Works

The flexibility of CIDR derives from the ability of routers to work with subnet masks other than the traditional Class A, B, or C masks (values of n other than 8, 16, or 24). For CIDR to work, Internet routing protocols must be implemented that support the CIDR conventions. Popular routing protocols like BGP (Border Gateway Protocol) and OSPF (Open Shortest Path First) were updated to support CIDR years ago, but some less popular protocols still do not support CIDR today.

Routers on the Internet backbone (WAN network between ISPs) all generally support CIDR. Backbone support of CIDR is essential to achieve conservation of IP address space. Private networks and small public LANs have much less need to conserve addresses, however, and therefore may not utilize CIDR.

For aggregation to work, the subnets involved must be contiguous (numerically adjacent) in the address space. CIDR cannot, for example, aggregate 192.168.12.0 and 192.168.15.0 into a single route unless the intermediate .13 and .14 address ranges are included. The 192.168.12.0/24 route does exactly this.

CIDR and IPv6
IPv6 utilizes CIDR routing technology and CIDR notation in the same way as IPv4. IPv6 is designed for fully classless addressing.