No Title[an error occurred while processing this directive]
Reference: Cisco: Internetworking Basics
An IP subnet is simply a collection of network addresses which can communicate with each other "without" having to refer to a router to accomplish the communication. In other words, the media-protocol drivers support direct communication between all nodes in the same subnet. Transmitting data between two separate subnets requires the use of a router, often called a gateway in this context. To determine wheter or not two systems are in teh same subnet, you can perform the following:
An IP address is a collection of 32 bits, divided into four groups of 8 bits for convenient presentation in the form of 4 unsigned integers (decimals). Each grouping of 8 bits can be expressed as a value between 0 and 255. Take the following example:
Here is an example IP address (as you see it in base-10)
The computer reads the IP address in base-2 (also known as binary):
Split the IP address into 4 groups of 8 bits:
Each bit in the address represents a successively greater power of two as you move from right to left. Note that the powers of two, listed below, start at 20.
A "1" in a given bit position indicates that the corresponding power of two counts towards the final value. A "0" in a given bit position means to ignore that position and not count anything towards the final value. If we label the bit position b7-b0 (moving from left to right), we can write out the following formula for our binary-to-decimal conversion:
We can now use the above binary-to-decimal formula to convert 11000000 as follows:
By observing the above example, you can see that the bit positions where there was a "1" contributed to the final value; the position containing "0" did not. Converting the other three values in our initial IP address yields:
A subnet mask is nothing more than a 32 bit number used to divide the 32 IP address into two parts:
The subnet mask simply tells the computer how many bits (from left to right) are in the network address. The remaining bits comprise the host address. See the following example:
Figure 1: Subnet Mask Influence
In the early days of IP networking, there were only three types of networks: class A, class B, and class C, each with its own fixed subnet mask. This means that there were only three ways to divide the 32 bits in an IP address into a network and a host address. This type of subnetting was extremely limited. To get around this limitation, the "Classless Inter-Domain Routing" (CIDR) was born. With CIDR, you can divide the IP address almost anywhere wihtin its 32 bits. You can think of it as drawing a line in the same and proclaiming: "All bits to the left of this line comprise the network address, and all bits to the right of this line comprise the host address."
The delineation between the two fields of the IP address is presented with the subnet mask. The computer performs a binary-AND operation of the IP address and the subnet mask. Here is a quick example:
From the example above, you can see where there is a "1" in the subnet mask, the bit in the IP address is copied into the network address. Where there is a "0" in the subnet mask, a "0" is copied into the network address. This is what is called masking, and it is something that can be performed very quickly by computer hardware. Dealing with "1"s and "0"s is great for a computer, but a different representation is required for human use. The following are three popular representations:
The first is just like a dotted IP address. For example, /255.255.252.0. This is easy for humans, and it is the most common format used when specifying the subnet mask in commands and configuration files.
Example: 192.168.1.101 /255.255.252.0
The second is the format used in the example - i.e., all bits written out as four groups of eight bits (/11111111.11111111.11111100.00000000). It is rarely written out except when you need to calculate network addresses by hand.
Example: 192.168.1.101 /11111111.11111111.11111100.00000000
The third representation counts the number of "1"s before the "0"s start, which we can call maskbits notation. The subnet mask in our example has 22 "1"s, and would be simply written as /22.
Example: 192.168.1.101 /22
Given an IP address and its assocaited subnet mask, it is possible to calculate other properties. In addition to calculating the network address (like in the examples above), the following parameters can also be calculated:
host address - This is the portion of the IP address that does not correspond to the network address. If you were to invert the subnet mask (exchanging "0"s with "1"s and "1"s and "0"s - this is known as the 1's complement), and calculate the bitwise-AND of this with the IP address, the result would be the host portion. There is no point in calculating this parameter, because people never use it.
broadcast address - The broadcast address is a reserved address in each IP subnet which can be used to speak to all of the IP hosts via a single packet (called a broadcast). For a given subnet, it is the network address together with the bits in the host portion of the address all set to "1". Put another way, it is the highest (or last) host address in the subnet. It is easiest calculated by performing a bitwise-OR of the IP address and the 1s complement of the subnet mask.
number of host addresses in this IP subnet - This quantity is used for planning deployment of address space. The value is calculated by raising two to the power of the number of "0"s in the subnet mask. But because the first address in the subnet is always reserved for the network address, and the last address for the broadcast address, you should subtract two from this value to find the maximum number of host addresses. You can use the following:
# of host addresses = 2(32 - maskbits)
max # of hosts = 2(32 - maskbits) - 2
Given a full explanation of how to think about subnets, it is safe to introduce the traditional "classed" subnet definitions. In the early days, these conventions dictated the values of the first four bits in the address (known as the prefix), which, in turn implied how the 32 bit address space was separated into network and host portions. This way, routers could share network route information with each other without including the subnet mask.
The different designations split the address on octet boundaries, which lessened the need for base-2 math skills on the part of the network administrator. The designations are listed below:
|Prefix||Bits in Subnet Mask|
Thus, a class A address must have the first bit set to zero, and it uses the first 8 bits for the network address and the remaining 24 bits for the host address. Classes B and C each set another bit in the prefix and shift the subnet mask over by 8 bits. Class D is used for multicast addresses (11100000 in binary equals 224 in decimal). Class E is reserved for future use.
Because the prefix places certain limitations on the network address, you can easily identify which class an address is in by looking at the first octet. So if you see 18.104.22.168 and you know that your network is following the class conventions, you instantly know that this is a class B network and that the subnet mask is /16. The ranges are listed below:
|Class||Network Address Range||Host Sddress Range|
|class A||0 - 126||0.0.1 - 255.255.254|
|class B||128.0 - 191.255||0.1 - 255.254|
|class C||192.0.0 - 223.255.255||1 - 254|
Of the three "classes", class C would be the most frequently used. People often use this to refer to any network with a 24-bit subnet mask and 8-bit host address, although properly, it includes only those network addresses that begin with 110.
The last section in this document, deals with how to take an address space allocated to you and divvy it up into several IP subnets. You have to choose either the number of separate subnets you want to create, or how many hosts should be in each subnet. To divide the original subnet, you add bits to the network address (thereby removing bits from the host portion of the address) until you have the desired number of subdivisions in the original address space.
If you choose to create N subnets, you need an additional m = log2N 1's in the subnet mask. An easier way to think about the math is to realize that adding m bits to the subnet mask will result in 2m additional subnets. Take the following example:
Take the address space 192.168.18.0/24 and carve it up into 8 subnets. N = 8, so m = log28 = 3, which is the number of bits to add to the subnet mask. The result is 8 subnets with network addresses of 192.168.18.x/27.
Now we need the 8 values for x: x1, x2, x3, x4, x5, x6, x7, x8, to that we can write out the network address for each subnet. The first one always starts where the original address space started, in this case 0. The subsequent values for xn are found by adding the number of hosts in each subnet to the proceding value of x. In this example, the number of host addresses is 2(32-27) = 25, = 32, and we can write out our network addresses accordingly:
The number of usable host addresses in each subnet is 30. You could calculate the broadcast address for each of these, although they can be written down by inspection. Since the broadcast address is the last address in the subnet, it must be one lower than the next network address as shown in the example list below:
You won't be able to use the maskbits representation of the subnet mask for most networking commands, so you should go ahead and convert it back to decimal. Remember that the 27 bits must be contiguous, from left to right, so they must be 11111111.11111111.11111111.11100000, which is 255.255.255.224. You don't really have to write out the full 32 bits each time, just start subtracting 8 from the maskbits. Each time you can substract 8, copy down 255. When you are left with a number less than 8, look it up in the table and copy down the decimal representation. If you have not yet written down 4 decimal values, then write down "0"s for the rest.
Before we move on to the next example, let's look at one more property of the subnet mask and the network address that you can use to double-check your work.
Notice, when you line up the network address and the subnet mask, that the network address is all "0"s to the right of the subnet mask's last "1". This will always be the case. If it's not, then you have made a mistake. Simply put, you are in a completely different subnet. Recall that the purpose of the subnet mask is to divide the IP address into network and host fields. The bits in the host field are reserved for hosts.
You could also pick the number of hosts you would like in the subnet and use this to calculate the subnet mask and network address. Let's assume that you need a subnet with at least 1400 addresses. Since we have to pick a power of two, and 1024 is not large enough, we have to take 2048. A subnet that has 2048 host addresses in it needs to have log22048 = 11 bits to hold the address. There are 32 bits total, so this leaves 21 bits for the network address.
Now that you know the subnet mask, chances are good that you'll need to carve it out of some private address space. If you want to take this space from the RFC-1918 allocation for private class A (10.x.x.x) or class B (172.16-31.x.x) networks, you have no worries. The class A network space as 24 bits of host address - more than plenty. The same is true for any of the 16 different private class B networks. They each have 16 bits of host address. (Remember that we need only 11). Just choose an unused one, slap on the /21, and start CIDRing.
However, if you want to use an aggregate of private class Cs (the 192.168.x.x address space), things can get a little sticky. The last example included a prologue which showed that the network bits cannot run over into the host portion of the IP address. That wasn't so tough when we had a network and wanted to carve out addresses. But now we have addresses and want to fit them into a network. The first thing to do is to write out the subnet mask in binary:
Now we find a network address that does not have a "1" in any of the last 3 bits of the third octet. (If a "1" appears here, the network address is spilling into the host portion.) This is not as difficult as it should once you write out the subnet mask in binary. Using 0 (binary 00000000) for the third octet will meet the criterion. If this address space is not available, then the next choice is to copy down the octet with the right-most "1" in the subnet mask intact, and everything else "0" - so in this case 00001000 (8). Any multiple of this value will also meet the requirements, up to copying down the octet from the subnet mask itself (11111000). So we are free to choose from:
Each of these has room for 2046 hosts and will have its own broadcase address. If you are still unclear on calculating the broadcast address, try calculating it for 192.168.64.0/21. You should come up with 192.168.71.255.
If you try to start anywhere in the address space, e.g., at 192.168.2.0/21, you'll have problems. Let's write this network address out in binary and alilgn it with the subnet mask:
|network address||11000000 . 10101000 . 00000010 . 00000000|
|subnet mask||11111111 . 11111111 . 11111000 . 00000000|
As you can see, the network address spills over into the host portion of the address (to the right of the last "1" inthe netmask). By doing this, you specified a host within the subnet, and not a network address. If you ever try something like this within the OS, it will let you know:
Here are a few more notes on subnet terminology:
The term supernet can be used to refer to subnets containing more addresses than a normal class C. Sometimes this helps to remind people that 255.255.255.0 is not always the subnet mask.
The term subnet mask, however, is equivalent to netmask (as it appears in most command names), network mask, and sometimes even just mask. In the routing table, it appears as Genmask.
An IP subnet and a network are the same thing, unless there is some special distinction made about the type of network.
A workstation is a generic term for any node on a network that is not part of the routing infrastructure. It sounds better than saying PC, and node is being saved for Frame Relay routers.
Routers and gateways are equivalent. Typically, users configure their workstations with a gateway, whereas a router talks to another router.
Forwarding and routing, are, in most cases the same thing.
Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.
Copyright (c) 1998-2018 Jeffrey M. Hunter. All rights reserved.
All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at firstname.lastname@example.org.
I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.
Last modified on
Wednesday, 28-Dec-2011 14:13:52 EST
Page Count: 17973