Documente Academic
Documente Profesional
Documente Cultură
Guide to
Subnetting!
NAT Primer
Unique CCNA Study Guide
Table of Contents
Introduction ........................................................................................................................................4
Chapter 1 A Review Of IP Addressing ..........................................................................................6
Overview......................................................................................................................................7
IP Addressing Basics ...................................................................................................................7
Working With Binary Numbers ..................................................................................................8
Classful Addressing ....................................................................................................................9
Public Vs. Private IP Addressing ................................................................................................12
Classless Addressing ...................................................................................................................13
The Manifestations of Classless Addressing: Subnetting, Supernetting, CIDR, VLSM .............16
Chapter 2 Why Classless Addressing Works .................................................................................19
Overview......................................................................................................................................20
Its All About Determining Where To Forward Packets ............................................................20
Determining The Network Number of A Destination IP Address ..............................................21
Chapter Summary ........................................................................................................................26
Chapter 3 Subnetting Explained .....................................................................................................27
Overview......................................................................................................................................28
How To Subnet ............................................................................................................................28
Subnetting a Class C Network Address .......................................................................................28
The Proof Is In The Anding .....................................................................................................33
Subnetting Summed Up ...............................................................................................................33
Chapter Summary ........................................................................................................................35
Chapter 4 Supernetting Explained ..................................................................................................36
Overview......................................................................................................................................37
Why Supernetting Is Dead ........................................................................................................37
How To Supernet ........................................................................................................................37
Chapter Summary .......................................................................................................................40
Chapter 5 CIDR And VLSMs Explained .......................................................................................41
Overview......................................................................................................................................42
CIDR............................................................................................................................................42
Problems Solved By CIDR .........................................................................................................43
VLSMs ........................................................................................................................................46
VLSMs Applied Before Allocating A CIDR Address ................................................................46
VLSMs Applied After Allocating A CIDR Address ..................................................................48
Summing up CIDR and VLSMs .................................................................................................51
Riding The Hierarchical Highway ..............................................................................................51
Ipv6 To The Rescue? ..................................................................................................................52
Chapter Summary ........................................................................................................................53
Appendixes ........................................................................................................................................54
Appendix A Subnetting Exercises ..................................................................................................55
Appendix B Quick And Dirty Subnetting .......................................................................................76
Appendix C Real Life Classlful Subnetting Examples ...................................................................79
Appendix D Real Life Classless Subnetting Examples...................................................................84
Appendix E Subnetting Tables........................................................................................................88
Appendix F A Note About Cisco Routers .......................................................................................90
Introduction
Introduction
It is generally agreed that one the most difficult aspect of TCP/IP to master is subnetting and its
closely related cousins, supernetting, Variable Length Subnets Masks (VLSMs) and Classless
Inter-Domain Routing (CIDR). As a group, all these technologies can generally be referred to as
classless addressing. When teaching TCP/IP classes I have watched students fly through core
TCP/IP concepts, only to stumble when classless addressing was introduced. After reflecting on
this dilemma for a while, I worked with a few advanced students to fashion a way to make the
topic of classless addressing easily understandable. We apparently were successful, because
students time after time tell me they really truly get classless addressing when this approach is
used! That is gratifying.
This book was written so that you too, once-and-for-all, can understand all aspects of classless
addressing. You will be able to address your own network with a logical, organized, hierarchical
numbering scheme, and understand the existing IP numbering scheme on any network you come
into contact with. Whether you are in a position where you need to understand classless
addressing to pass a certification test, design an addressing scheme at your place of work, or
simply need to understand the IP address space assigned by your ISP, this book will help with
clear explanations, and lots of examples.
So, on with the show . . .
Chapter 1 A Review of IP
Addressing
Overview
In this chapter the basics of IP addressing are explored. In the first part of the chapter traditional
classful addressing is explained, followed by a brief, but important introduction to classless
addressing and its various manifestations; subnetting, variable subnetting, supernetting, and
Classless Inter-Domain Routing. Subsequent chapters will examine classless addressing in depth.
Here, the following topics will be covered:
IP addressing basics
Classful IP addressing
Public and private addresses
Introduction to classless IP addressing
IP Addressing Basics
An IP address is the number assigned to a host that uniquely identifies the host on both the local
network and all IP networks. IP addresses relate to the networking layer of the OSI model (layer
3). The networking layer handles network (logical) addressing and routing of packets.
IP addresses must be globally unique. No two hosts on any public IP network can have the same
address. The only exception to this rule is when one network is isolated from other networks
either because it is a stand-alone network, or because the network is hidden from other connected
networks via a NAT box, gateway, or proxy server. In the latter case, a globally unique IP address
is substituted for the host addresses sourcing packets bound for another network (see the
subsequent section on public and private addressing).
DEFINING A HOST
A host is any device with a network interface assigned an IP address. We often think of a
device with an IP address as a workstation or a server but a number of devices firewalls,
printers, NAT devices, and especially routers have interfaces with an IP address assigned to
each interface. Even layer 2 switches, which mostly deal with physical (MAC) addresses, may
have an IP address assigned to an interface for management purposes.
A term sometimes used interchangeably with host is node. The two terms are very similar in
that they both point to addressable devices connected to a network. However, a host is
specifically related to a device with an IP address, whereas a node may or may not be configured
with an IP address (it might be accessed only by its MAC address or it may also have a differing
type of network address such as an IPX address). The term node therefore is a more generic than
the term host.
In the current widely deployed version of IP, IPv4, an IP address is a 32 bit binary number. For
ease of readability it is often expressed in decimal format. To make it even easier to discern an IP
address, it is usually represented in dotted decimal format, meaning a period is inserted every 8
bits (1 byte). This results in a 4-part number expressed in decimal form as shown in the table
below.
Each of the four portions of the decimal number is known as an octet. This term is derived from
the fact that each octet is 8 bits in size. This means that each octet can vary in value from 0-255,
for a total of 256 possibilities (28 = 256). Which brings us to the next logical question: How many
unique addresses can an IP address represent? Calculating the answer in decimal, we get the
following:
256*256*256*256 = 4,294,967,296
Yep, thats over 4 billion possibilities. However, the next thing to understand about an IP address
is that it represents not one, but two elements. An IP address represents not only a particular host,
but also the network the host is a part of. The host portion of the address must be unique within a
given network, whereas the network portion of the address must be globally unique among all
possible connected networks.
bit
bits
bits
bits
bits
bits
bits
bits
=
=
=
=
=
=
=
=
2 possibilities
4 possibilities
8 possibilities
16 possibilities
32 possibilities
64 possibilities
128 possibilities
256 possibilities
0, 1
00, 01, 10, 11
000, 001, 010, 011, 100, 101, 110, 111
0000, 0001, 0010, 0011, . . . 1111
00000, 00001, 00010, 00011, . . . 11111
000000, 000001, 000010, 000011, . . . 111111
0000000, 0000001, 00000010, . . . 1111111
00000000, 00000001, 00000010, . . . 11111111
That is why an octet (8 bits) represents 256 possible numbers (0-255). 2*2*2*2*2*2*2*2 = 256.
A way to express the same thing in less space is 28, or 2 raised to the 8th power.
It is not necessary to perform any math by hand when working with IP addresses expressed in
binary format. Any calculator that can convert between decimal and binary numbers, like the
Windows calculator, will handle it for you. All that is necessary is to switch the calculator to
scientific mode. Simply start the calculator program (Start / Programs / Accessories / Calculator),
then click on View / Scientific.
To convert a decimal number to binary, click the Dec button, type in the number, and then click
the Bin button. To convert a binary number to decimal, click the Bin button, type in the number,
and then click the Dec button. For example, to convert the address 200.200.200.1 to binary, enter
each octet one at a time with the calculator set for Dec and convert to binary. The result should be
Classful Addressing
The original, and now mostly obsolete system for denoting the network/host represented by an IP
address was the classful system. You will see shortly why the system is no longer used for
allocating addresses. The classful system mandates three different types (classes) of IP addresses,
whereby entire octets are tasked with representing either the network portion or the host portion
of the address. This is illustrated in the below table.
ADDRESS
CLASS
DIVISION BETWEEN
NETWORK AND HOST
PORTION OF ADDRESS
EXAMPLES
Network.host.host.host
10.10.10.0
Network.Network.host.host
128.50.0.0
Network.Network.Network.host
Classful addressing chart
190.0.0.0
Network Numbering
In a classful addressing system, a class A network reserves the first octet for network numbering,
while leaving the remaining three octets for host numbering. A class B address reserves the first
two octets for network numbering and the remaining two octets for host numbering. A class C
address reserves the first three octets for network numbers and only one octet for host numbering.
How does this all work out? Have a look at the following table.
CLASS
FIRST OCTET
IN BINARY
DECIMAL
EQUIVALENT
RANGE OF
ADDRESSEES
# OF
POTENTIAL
NETWORKS
00000000 to 01111111
0 to 127
0.0.0.0 to
127.0.0.0
27 or 128
10000000 to 10111111
128 to 191
128.0.0.0 to
191.255.0.0
214 or 16,384
11000000 to 11011111
192 to 223
192.0.0.0 to
223.255.255.0
221 or
2,097,152
11100000 to 11101111
224 to 239
Multicast addresses
11110000 to 11111111
240 to 255
Experimental
Number of networks for each class
In the classful system, certain bits in the first octet are frozen they form a set pattern and are
never altered. A class A address is defined by the first bit being frozen at 0. Since the network
portion of a class A network ID is confined to the first octet, that leaves 7 bits that can be
manipulated to create network IDs. 27 equates to 128 potential class A networks. Thats not very
many networks, but with three remaining octets tasked to host numbers, each network had a huge
number of potential host addresses.
Class B networks have the first two bits of the first octet frozen at 10. Since the first two octets of
a class B address form the range of network IDs, 14 bits are therefore available. 214 equates to
16,384 potential class B networks.
Class C networks have the first three bits of the first octet frozen at 110. Since the first three
octets of a class C address form the range of network IDs, 21 bits are available. 221 equates to
2,097,152 potential class C networks.
In point of fact, not every potential network address translates into a valid, usable network
address. Certain addresses are considered reserved for other uses, as shown in the table below.
NETWORK ID
COMMENT
0.0.0.0
127.0.0.0
128.0.0.0
191.255.0.0
192.0.0.0
223.255.255.0
10
CLASS
FIRST OCTET
IN DECIMAL
RANGE OF
ADDRESSEES
# OF USABLE
NETWORKS
1 to 126
1.0.0.0 to 126.0.0.0
27 - 2 or 126
128 to 191
128.1.0.0 to 191.254.0.0
214 - 2 or 16,382
192 to 223
192.0.1.0 to 223.255.254.0
Number of useable network IDs
221 -2 or 2,097,150
Host Numbering
The number of hosts per network varies according to the network class. Class A networks leave a
whopping three full octets for the range of host IDs for each network. Thats well over 16 million
hosts per network! Class B and C networks leave two octets and one octet, respectively, for host
addresses. The following table illustrates the number of hosts per network for each network class.
CLASS
HOST
ADDRESS
RANGE
IN DECIMAL
BINARY EQUIVALENT
# OF HOSTS
PER
NETWORK
x.0.0.1 to
x.255.255.254
x.00000000.00000000.00000001 to
x.11111111.11111111.11111110
224 -2 or
16,777,214
x.x.0.1 to
x.x.255.254
x.x.00000000.00000001 to
x.x.11111111.11111110
216 -2 or 65,534
x.x.x.1 to x.x.x.254
x.x.x.00000001 to x.x.x.11111110
Hosts per network
28 -2 or 254
As with network addresses, not all potential host addresses are valid. The rule is that a host
address of all binary zeros or binary ones cannot be assigned. A host address of all binary zeros
represents the network number itself (i.e. 1.0.0.0), and a host address of all binary ones represents
the broadcast address for the network. The above table accounts for that rule with the formula 2n
2, where n = number of host bits.
Enumerating an IP Address
The following table illustrates the range of host addresses and the broadcast address for each of
the three network classes.
11
CLASS
EXAMPLE
NETWORK
BEGINNING
HOST
ADDRESS
ENDING HOST
ADDRESS
BROADCAST
ADDRESS
1.0.0.0
1.0.0.1
1.255.255.254
1.255.255.255
128.0.0.0
128.0.0.1
128.0.255.254
128.0.255.255
192.0.0.0
192.0.0.1
192.0.0.254
Enumerating the host IDs for an example network
192.0.0.255
WHATS AN RFC?
An RFC, or Request For Comment, is the method used to define standards for the Internet. An
RFC starts life as a public document in draft form that is circulated in the Internet community.
12
The implementation of privately addressed networks is what caused the proliferation of proxy
servers, NAT boxes, and gateways. These devices substitute a public address for a private address
when access to the Internet is required. A small pool of public addresses can serve the needs of
dozens or even hundreds of privately addressed hosts.
Class B
Class C
Class A
Class B
Class C
Classless Addressing
With classless addressing the traditional dividing line between the network and host portion of the
address is blurred. While classful addressing draws the dividing line only at octet borders,
classless addressing draws the network/host line at any bit boundary. This allows for a highly
flexible addressing scheme that does not unnecessarily waste IP addresses.
Distinguishing the Network ID
The first step in understanding classless addressing is to understand how the IP stack running on a
host determines the network portion of an IP address. This is a critical step in determining which
network a destination address belongs to.
How does a host determine which network it is a part of? How does a source host determine the
network number of a destination IP address? The traditional method for making that
determination has been via a technique known as the First Octet Rule. However, as you will see,
the First Octet Rule only works in a classful environment, not in this modern world of classless
addressing. That is why the industry has shifted to using something known as a subnet mask or
prefix number to identify the network portion of an IP address. Both methods are explained
below.
The First Octet Rule
The first octet rule was the original mechanism a host employed to determine the address class of
an IP address. It was noted earlier that the value of the first few high order bits (starting left to
13
ADDRESS
CLASS
BIT PATTERN OF
FIRST OCTET
00000000 = 0
10000000 = 128
11000000 = 192
D (multi-casting)
11100000 = 224
E (Experimental)
11110000 = 240
High order bits determine the class
Human beings usually recognize address class by memorizing the decimal number 128, which
demarcate the beginning of the class B address range (anything under 128 is therefore class A),
and the decimal numbers 192 and 223, which demarcate the class C range.
The problem with either system however, is a built-in assumption that the value of the first octet
will always dictate the network number. Unfortunately, with classless addressing re-drawing the
network/host dividing line within an octet, as opposed to between octets, that assumption is no
longer true. The address 10.4.1.1 typically represented host address 4.1.1. on network 10.0.0.0.
But with classless addressing, the address 10.4.1.1 could represent host 1.1 on network 10.4.0.0 ,
or host .1 on network 10.4.1.0 (you will see why later). The First Octet Rule fails in a classless
environment because IP will fail to understand that a packet with a destination address of say,
10.4.1.1 may need to be routed to a different network. This is why no modern networking devices
use the First Octet Rule for determining the network portion of an address.
The Subnet Mask
The contemporary method for determining the network address is the subnet mask. A subnet
mask does just what it implies; it masks (blocks out) out the host portion of the address, thereby
revealing just the network number. Why is it called a subnet mask and not a network mask?
Actually, sometimes it is. Its also referred to as the net mask, the subnet address, or simply the
mask.
The subnet mask, like an IP address, is a 32 bit number expressed in dotted decimal format. For
classful networks, it takes the form shown below.
ADDRESS
CLASS
DEFAULT
SUBNET MASK
255.0.0.0
255.255.0.0
C
255.255.255.0
Subnet mask used for each network class
14
IP uses a simple mathematical process called ANDing in conjunction with the subnet mask to
actually derive the network number from an IP address. ANDing is a Boolean logic process that
says that at least two things must be true before an action is taken. People actually use this type of
logic in everyday life; If you take the car to work and you have time, stop by the store for
groceries on your way home. The recipient of the message will only bring home groceries if
he/she has both time and a vehicle (or get groceries regardless, to avoid getting into trouble with
their mate, but thats a different branch of logic). Its called Boolean logic because a
mathematician named George Boole popularized it in the 19th century. The ANDing process is
performed on the IP address and the subnet mask to extract the network. It is explained in detail
in the chapter 2.
Prefix Notation
Prefix notation is simply an alternate method of expressing a networks mask. Prefixes are cool
because they express the address mask in less space. In prefix notation, a single number preceded
by a / is used instead in the usual dotted decimal format. As you may deduce from Table 1.13,
prefix notation simply reflects the number of bits turned on in the mask. Notice the default mask
in the table expressed in binary form. The first three octets of 255 each represent all binary bits
turned on; 24 bits turned on. Thus the prefix of /24.
EXPRESSED IN DECIMAL
255.255.255.0
EXPRESSED IN BINARY
11111111.11111111.11111111.00000000
/24
EXPRESSED IN PREFIX
NOTATION
Three ways to express the same a network mask
15
16
17
18
Overview
This short but important chapter helps you understanding just why classless addressing works.
You dont need to remember what you read here in order to subnet a network. Its just that
classless addressing is . . . well . . . weird. It doesnt look like it should work yet it does.
Understanding the mechanism that allows the IP stack running on a host to forward packets
correctly is the key to feeling comfortable with all aspects of classless addressing. It will also help
you understand why certain legacy networking equipment and routing protocols dont support
classless addressing.
WHAT IS A HOST?
A host is any device with an interface that requires a TCP/IP address. Such devices include
workstations, servers, routers, firewalls, printers, NAT devices and more. Every device on an IP
network must have at least one interface connecting it to the network, and each interface must
be assigned an IP address. The generic term host is used to refer to any such device.
The use of the term host in this book is mostly in the context of workstations and servers.
So in this case, host is just a short hand way of saying workstations or servers.
Take a look at the following two simplified scenarios. In the first scenario, communications are
taking place between two hosts on the same network. In the second scenario, the hosts are on two
different networks.
Scenario 1
Both hosts on the same network
Source host (A)
190.1.1.1
1.
2.
3.
4.
5.
20
Notice the difference in the two scenarios. If the destination host is on the same network, it is
only necessary to learn its MAC address and then communications can commence. If however the
destination host is not on the same network, things are different. In that case the packet must be
forwarded to a router. The router then handles the job of getting the packet to its destination.
Depending on the location of the target network, this may involve other routers as well. All of
this, though, depends on accurate determination of the destination packets network ID.
21
Subnet mask
Binary equivalent
ANDing
190
.1
.1
.1
10111110
00000001
00000001
00000001
255
.255
.255
.0
11111111
11111111
11111111
00000000
==============================================
10111110
00000001
00000001
00000000
.1
.1
.0
_________________________________________________________________
Subnet mask
Binary equivalent
ANDing
190
.1
.1
.2
10111110
00000001
00000001
00000010
255
.255
.255
.0
11111111
11111111
11111111
00000000
==============================================
10111110
00000001
00000001
00000000
22
.1
.1
.0
Subnet mask
Binary equivalent
ANDing
190
.1
.1
.1
10111110
00000001
00000001
00000001
255
.255
.255
.0
11111111
11111111
11111111
00000000
==============================================
10111110
00000001
00000001
00000000
.1
.1
.0
_________________________________________________________________
23
Subnet mask
Binary equivalent
ANDing
200
11001000
.1
.1
.1
00000001
00000001
00000001
255
.255
.255
.0
11111111
11111111
11111111
00000000
==============================================
11001000
00000001
00000001
00000000
.1
.1
.0
IP performs a comparison of the ANDing results and determines that address 200.1.1.1 is on a
different network than 190.1.1.1. The packet is therefore forwarded to another network.
Note: TCP/IP in fact does not know the subnet mask value of the destination address. It only knows the mask of the
source address. IP applies the sources subnet mask to the target IP address when ANDing. Even though IP does not
know if the target address uses a differing mask, the process can be trusted, because ANDing tells enough to know
whether the target address belongs to the current network or not. Exactly which network the address in fact belongs to
will be left to the routing process.
Subnet mask
Binary equivalent
ANDing
42
.2
.0
.1
00101010
00000010
00000000
00000001
255
.255
.0
.0
11111111
11111111
10000000
00000000
==============================================
00101010
00000010
00000000
00000000
Network address 42
.2
.0
.0
_________________________________________________________________
24
Subnet mask
Binary equivalent
ANDing
42
.3
.0
.1
00101010
00000010
10000000
00000001
255
.255
.0
.0
11111111
11111111
10000000
00000000
==============================================
00101010
00000010
10000000
00000000
Network address 42
.3
.128
.0
Indeed, it is determined that the addresses belong to differing networks. ANDing gave no regard
to classful boundaries. If the 42.0.0.0 had been assigned a traditional class A prefix of /8, the
source and destination addresses would have considered part of the same network. Regardless of
where the network/host dividing line is set for an address, ANDing will always extract the correct
network ID.
With an understanding of the contemporary process for determining the network portion of an
address, you are now prepared to step into the world of subnetting, variable subnetting,
supernetting, and CIDR in the following chapters.
25
Chapter 2 Summary
26
When a host starts a communication session with another host, the first thing it must
check is whether the target host is on the same network as the source.
Although humans tend to use the value of the first octet to determine the network portion
of an IP address, TCP/IP uses the subnet mask (i.e. prefix). The subnet mask marks the
dividing line between the network and host portion of an IP address.
The ANDing process uses the subnet mask of the source and destination addresses of a
packet to extract the network number. IP then knows whether to deliver the packet locally
or route it.
Chapter 3 Subnetting
Explained
Overview
This chapter explains subnetting A-Z. Recall that the basic purpose of subnetting is to derive
additional networks from a single network address. Classful examples are used for clarity, but the
drill is the same for classless network IDs that will be subnetted. Furthermore, subnetting
techniques are the same for private or public addresses.
How to Subnet
Subnetting is accomplished by altering the originally assigned subnet mask for the network ID. A
custom subnet mask creates additional networks (subnets) within an organization by borrowing
bits from the host portion of the address to create additional network IDs. The result is that you
end up with fewer host addresses.
The following items must be taken into consideration when subnetting:
Determine the total number of subnets needed. This includes planning for future networks
Determine the total number of hosts that each subnet must support now and in the future
Define a custom subnet mask that will support the required number of hosts for that subnet
Derive the subnet IDs
Derive the host IDs for each subnet
2nd octet
3rd octet
4th octet
192
.168
.50
.0
255.
.255
.255
.0
11111111
11111111
11111111
00000000
NETWORK
Default network/host dividing line for a class C address
HOST
Note the dividing line separating the network portion of the address from the host portion of the
address. This is the default dividing point for a class C address.
28
Default mask
Borrowing
Turn bits on
1st octet
11111111
11111111
2nd octet
11111111
11111111
3rd octet
11111111
11111111
4th octet
00
00000000
000000
11111111
11111111
11111111
11
000000
NETWORK ID
Subnet ID
Borrowing bits causes the network/host dividing line to be redrawn
HOST ID
The first row shows the original dividing line of the address. In the second row, the bits have been
borrowed from the 4th octet, moving them into a new field called the Subnet ID. In the third row
the borrowed bits have been turned on (set to 1). This last step is critical. This is how IP knows
the dividing line has been moved to the right. IP always identifies ON bits in the mask (1) as
network bits and OFF bits (0) as host bits. Note that the new subnet ID field is made up solely
of borrowed bits. Well figure out how many networks the subnet ID represents in a moment, but
first lets derive the new mask.
Determining the custom subnet mask
The custom subnet mask is determined by simply converting the modified fourth octet back to
decimal, which is always comprised of 8 bits, regardless of their purpose.
Altered
Subnet mask
1st octet
Decimal
From 3rd row of
previous table
255
11111111
2nd octet
3rd octet
.255
11111111
.255
11111111
4th octet
.192
11
NETWORK ID
Subnet ID
Altered subnet mask converted back to a decimal number
000000
HOST ID
Note the above table. Nothing has changed in the first three octets. In the fourth octet, the binary
number 11000000 converts to 192. Thus 255.255.255.192 is the new subnet mask for this
network, replacing the default mask. The new mask will be used by ALL hosts on ALL newly
formed subnets. Now you know why its easier to understand this in binary. Its hard to draw a
dividing line on the decimal number 192! But in fact .192 now partially represents the network ID
and partially represents the host IDs. Its weird, but it works.
29
As you can see, the mechanics of creating a custom subnet mask are relatively easy. Just
remember that you always borrow from the host portion of the address.
Step 2 - Determine the subnet IDs
Now that the new subnet mask has been determined its time to derive the subnet IDs. We are
interested in how many subnets have been created, as well as each subnets ID.
The total number of subnets created is based on the possible combinations of the borrowed bits.
Binary numbering only allows for two possible values for each digit; 0 or 1. In our example with
2 borrowed bits, there are four possible combinations. Both bits can be turned OFF (00), both bits
can be turned ON (11), or one bit can be OFF and one ON (01), and vice-versa (10).
Note: You can also do the math with the calculator by setting it to binary mode, start with 00, add 1, and continuously
add 1 to the result (just remember that the calculator wont display leading zeros).
00
01
10
11
As shown above, two binary bits can form a maximum of four combinations. That is the
maximum number of subnets in this example. However, there is a catch. Its the first gotcha.
Any combination of all binary 0s or all binary 1s is an illegal network number1. The number 0 is
an invalid network ID, and all binary 1s represent a broadcast address, which allows a host to
send a message to everyone on the network. Therefore, you always lose two potential network
IDs when you subnet (and all the host addresses associated with them!). Therefore in this
example we are left with two valid network numbers to work with (now you know why we
started by borrowing two bits).
00
01
10
11
30
4th octet
Borrowed bits
Remainder of host ID
Combine and
Convert to Decimal
00
01
10
11
000000
000000
000000
000000
Invalid
01000000 = 64
10000000 = 128
Invalid
Subnets
Resulting network numbers
192.100.50.0
192.100.50.64 /26
192.100.50.128 /26
192.100.50.192
The first column of this table reflects the possible combinations of the 2 bits borrowed from the
host portion of the address. The second column simply lists the remaining bits of the Host ID.
The third column of the table combines the borrowed bits back with the remaining host bits, and
converts the resulting number to decimal. The fourth column reflects the newly created subnet
IDs. It takes longer to explain than to do it.
If you were not familiar with subnetting you could easily mistake those subnet numbers for host
addresses. To the naked eye those addresses looks like a reference to host 64 and host 128 on
the 192.100.50.0 network. However, they are NOT host addresses anymore. They are subnet
addresses. The .64 marks the beginning of the 192.100.50.64 network. The .128 marks the
beginning of the 192.100.50.128 network. The .64 and .128 will never again be host addresses on
this subnetted network.
Note: Remember the cardinal rule of subnetting when converting binary numbers to decimal: Always convert the entire
octet. Even if bits have been borrowed from an octet to create subnet IDs, you ALWAYS treat the octet as a whole when
converting to decimal!
2n 2
Note: This is the same formula used to determine the number of valid network numbers for a given subnet mask.
In this case the formula plays out like this: 2*2*2*2*2*2 - 2 = 62. The reason that two is
subtracted from the total is because, like a network address, a host address of all binary 0s or all
binary 1s is invalid. All host bits set to 0 always represent the Subnet itself. For instance, all
bits set to 0 equate to .64, the ID of this subnet. All host bits set to 1 represent the broadcast
address for the subnet.
31
Binary format
Covert to decimal
.65
.66
.67
.68
192.100.50.65
192.100.50.66
192.100.50.67
192.100.50.68
Subnet ID Host ID
01
01
01
01
000001
000010
000011
000100
And so on . . .
61st host ID
62nd host ID
01
111101
.125
192.100.50.125
01
111110
.126
192.100.50.126
Note: 192.100.50.127 is the broadcast address for the subnet (all host bits turned on)
Enumerating the host IDs for the .64 subnet
The first host ID is just the subnet number plus one, and the last host ID is just two shy of the
next subnet, the .128. More specifically, all host bit OFF except the low order bit equates to
the first host ID. All host bit ON except the low order bit equates to the first host ID. Now
lets calculate the host IDs for the .128 subnet:
192.100.50.128 /26 subnet
Host ID
1st host ID
2nd host ID
3rd host ID
4th host ID
Binary format
Covert to decimal
10 000001
10 000010
10 000011
10 000100
.129
.130
.131
.132
192.100.50.129
192.100.50.130
192.100.50.131
192.100.50.132
And so on . . .
61st host ID
62nd host ID
10 111101
.189
192.100.50.189
10 111110
.190
192.100.50.190
Note: 192.100.50.191 is the broadcast address for the subnet (all host bits turned on)
Enumerating the host IDs for the .128 subnet
192.100.50.0
255.255.255.192
192.100.50.64
192.100.100.65
192.100.100.126
62
192.100.100.127
SUBNET 2
Original Network Address
Custom subnet mask
Derived Network Address 2
Begin host address
Ending Host address
Total valid hosts
Broadcast address
192.100.50.0
255.255.255.192
192.100.50.128
192.100.100.129
192.100.100.190
62
192.100.100.191
The host IDs .1-.63 and .193-.254 are gone. They are rendered useless because they are
now owned by invalid network IDs 192.100.50.0 (invalid because the subnet ID is all binary 0s), and
192.100.50.192 (invalid because the subnet ID is all binary 1s).
The new 192.168.50.0
32
Subnet mask
Binary equivalent
ANDing
190
.100
.50
.65
11000000
01100100
00110010
01000001
255
.255
.255
.192
11111111
11111111
11111111
11000000
==============================================
11000000
01100100
00110010
01000000
.100
.50
.64
_________________________________________________________________
Target address
Binary equivalent
Subnet mask
Binary equivalent
ANDing
190
.100
.50
.129
11000000
01100100
00110010
10000001
255
.255
.255
.192
11111111
11111111
11111111
11000000
==============================================
11000000
01100100
00110010
10000000
.100
.50
.128
Remember that the ANDing process masks out the host portion of the address, leaving just the
network portion. Before subnetting, ANDing would have determined that the target host was on
the same network. After subnetting, the ANDing process shows the target address as being part of
a different network and forwards the packet to a router.
Subnetting Summed Up
Determine the total number of subnets needed. This includes planning for future networks.
Determine the total number of hosts that each subnet must support now and in the future.
Define a custom subnet mask that will support the required number of hosts for that subnet.
Derive the subnet IDs.
Derive the host IDs for each subnet.
33
Unless you are a hotshot brainy type it might take a couple of passes for all this subnetting stuff
to sink in. Dont hesitate to go through this chapter more than once, and when you feel ready you
can move on to the subnetting exercise in the next chapter.
34
Chapter 3 Summary
35
Chapter 4 Supernetting
Explained
Overview
Supernetting is the reverse of subnetting. With supernetting, rather than dividing one network
number into multiple routed subnets, you instead combine several network numbers into one
larger network hence negating the need for a router between subnets.
How to Supernet
Supernetting is far easier than subnetting. Its only a one step process. In supernetting, instead of
borrowing bits from the host portion of the address to create additional network IDs, you instead
borrow bits from the network portion of the address to reduce the number of networks. To
illustrate, look at the following table showing four contiguous network IDs and their binary
equivalent:
Network ID 198.53.212.0
Network ID 198.53.213.0
Network ID 198.53.214.0
Network ID 198.53.215.0
11000110.00110101.11010100.00000000
11000110.00110101.11010101.00000000
11000110.00110101.11010110.00000000
11000110.00110101.11010111.00000000
Note that when the addresses are converted to binary, the only difference is in the last two digits
of the 3rd octet in other words at the end of the network portion of the address. What would be
the effect of creating a custom subnet mask mask by donating those last two bits to the host ID
portion of the address?
37
Original mask
11111111
255.
11111111
255.
11111111|
255.
00000000
0
Custom mask
11111111
255.
11111111
255.
111111 | 00
252.
00000000
0
Following standard conventions for creating custom subnet masks, the two bits in question are
turned off to represent that they are now part of the host ID. The bits left on are considered part of
the network ID.
The result of this is that the entire range of the four class C addresses can now be addressed as a
single network address! The resulting range of host IDs from the original four addresses are
grouped together in one big pool and can be allocated as needed. No subnetting of the network is
required!
The table below enumerates how altering the subnet mask in this manner pans out.
Network addresses to supernet:
Default subnet mask:
# of networks required:
# of hosts per network:
# of bits lent to network octet:
Custom subnet mask:
11000000.00110101.110101 00.00000001
198
.53
.212
.1
Broadcast Address
11000000.00110101.110101 11.11111110
198
.53
.215
.255
Note that the new network ID is simply the first class C address in the range.
Why were two bits donated? That is how many digits were unique in the network portion of the address. You always
donate whatever number of bits create unique addresses.
38
53.
212.
25
00110101
11010100
00011001
255.
255.
252.
11111111
11111111
11111100
00000000
11000000
190.
00110101
53.
11010100
212.
00000000
0
53.
213.
98
00110101
11010101
1100010
255.
255.
252.
11111111
11111111
11111100
00000000
11000000
190.
00110101
53.
11010100
212.
00000000
0
Receiving computer
IP address
190.
binary equiv. 11000000
Subnet mask
binary equiv.
ANDing
Subnet ID
Viola! The ANDing process always has the last word. Both IP addresses appear to TCP/IP that
they are on the same network.
39
Chapter 4 Summary
40
Overview
Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masks (VLSMs) are closely
related manifestations of classless addressing, so they are dealt with together in a single chapter.
CIDR is a standard defined in RFCs 1517-1520 that allow an assigning authority to allocate an
address space closely matching the number of addresses required by a customer. This is made
possible by setting the prefix of a 32 bit IP address at a specific bit boundary, ignoring any sense
of class A, B and C distinctions. By carefully setting both the prefix (subnet mask), and the
starting point of the address range being assigned, various portions of the entire 32 bit address
space can be allocated to different customers.
Since different customers require differing amounts of address space, CIDR allows for setting
different prefixes for different portions of the same address. In other words, the mask is varied,
thus you have varying masks applied to the same 32 bit address at the assignment level.
Moreover, since initial allocation of address space is usually to very large ISPs, it is expected that
such ISPs will break up the address space into various sized chunks according to the needs of
its customers. The ISP will therefore apply varying prefixes to the allocated address as well, in
order to squeeze out the largest number of useable addresses.
This chapter shows exactly how all this wonderfulness happens. To begin, lets walk through
some details about how CIDR and VLSMs work, then go through an example of a sample IP
address being initially allocated then track how the address is continually broken up all the way
down the ladder until it an address is allocated to an end user. This is where the rubber meets the
road in real world classless addressing, and its where all the concepts of variable masks, address
aggregation, hierarchical addressing, and route summarization come to life.
CIDR
CIDR is the contemporary standard for assigning network numbers on the Internet. The
Classless in Classless Inter-Domain Routing means that the traditional class A B or C
distinctions of the network/host boundaries of a network address are cast aside in favor of a
system with far more granular control over address assignment.
The Internet agency responsible for assigning network addresses is called the NIC (Network
Information Center) or InterNIC. Traditionally the NIC worked through it subsidy, IANA
(Internet Assigned Numbers Authority) to administer the addresses. As the Internet has
grown larger and larger, private regional entities have taken on the responsibility of assigning
addresses. In America the local agency allocating network addresses is ARIN (American
Registry for Internet Numbers). Ok, is that confusing enough? We will mostly use the
generic term assigning authority when referring to the agency that assigns network addresses.
CIDR supports the concept of classless networking between networks, or more accurately,
between routing domains thus the moniker Inter-Domain Routing. A domain is defined as a
network or networks under a single administrative control. For example, CIDR allows
organization A and organization B to be assigned classless IP addresses and successfully
route packets between the two organizations (domains). The Border Gateway Protocol
(BGP), which was enhanced to support classless addressing in version 4, handles the routing
of such traffic.
42
CIDR addresses the problem of bloated route tables as well. Traditionally, the powerful routers
that form the core of the Internet needed to know the route to every possible network. As the
Internet has grown, so has the size of the routing tables. This inhibits performance. CIDR deals
with this issue by aggregating multiple network addresses into a single entry in the routing table.
The process, known as route aggregation or route summarization, reduces the size and
complexity of the routing tables.
To illustrate an example of a CIDR assigned address, lets assume a large ISP has a requirement
for 4,000 addresses. The assigning authority chooses to allocate the 155.0.0.0 address space. The
challenge is to allocate as close as possible to 4,000 addresses, which the ISP will rework into
various sized subnets based on its needs.
Since it takes 12 bits to allocate 4,000 addresses (212-2 = 4,094), the prefix of the address is set to
/20. This means that the assigning authority owns the first 20 bits of the address, but the
remaining 12 bits are completely controlled by the ISP.
The initial allocation of the 155.0.0.0 with a /20 means the ISP will start off with a single network
ID of 155.0.0.0/20, supporting 4,094 hosts. See the following table.
43
ASSIGNMENT
CUSTOMER
ADDRESS RANGE
155
.0
TOTAL
ADDRESSES
.16
.1
10011011.00000000.00010000.00000001
155.0.16.0 /20
Large ISP
through . . .
155
.0
4,094
.31
.254
10011011.00000000.00011111.11111110
ARIN Allocation of the 155.0.0.0 network bits are in bold
The above table enumerates the range of host addresses for this assignment as 155.0.0.1 through
155.0.15.254. Its easy to figure the first possible host ID is for the assignment, but its a little
tricky to calculate the last address. That is why its expressed in binary. Recall from the chapter
on subnetting that the first host ID of any address is always all host bits OFF except the low order
bit, and the last host ID is all host bits ON except the low order bit. Now its not so hard to see, is
it?
Note: If there is one single thing we want you remember after reading this book, it is that converting an address to
binary will always help understand whats going on! The above example should clearly illustrate this point.
With CIDR notation, any allocated address would have worked out the same way. For example
12.0.0.0 or 196.0.0.0, although formerly class A and Class C network IDs respectfully, are treated
exactly the same as the 155.0.0.0 under CIDR. There is no difference, because the default
network / host dividing line is no longer used.
We will get back to what the ISP will ultimately do with this assignment, but in the meantime
what about the remaining address space in the 155.0.0.0? Only 4,000 addresses have been
allocated, leaving millions of unused addresses. For CIDR notation to live up to its reputation for
efficiency, those addresses must be allocated. They will, starting at 155.0.32.0, and continuing
until all the space of the 155.0.0.0 has been exhausted. The following table illustrates one way
allocation of the 155.0.0.0 might be completed.
44
ASSIGNMENT
CUSTOMER
TOTAL
ADDRESSES
10011011.00000000.00000000.00000000
2
155.0.0.0 /20
10011011.00000000.00010000.00000000
Large ISP
155.0.16.0 /20
10011011.00000000.00010000.00000001
155.0.16.1 start
4,094
10011011.00000000.00011111.11111110
155.0.31.254 end
10011011.00000000.00100000.00000000
Customer 2
155.0.32.0 /20
10011011.00000000.00100000.00000001
155.0.32.1 start
4,094
10011011.00000000.00101111.11111110
155.0.63.254 end
Etc. . . .
10011011.00000000.11100000.00000000
155.255.224.0 /20
Customer
4094
10011011.11111111.11100000.00000001
155.255.224.1 start
4,094
10011011.11111111.11101111.11111110
155.255.239.254 end
10011011.00000000.11110000.00000000
155.255.240.0 /20
155.0.0.0 /20
Ho hum. As always, rendering the addresses in binary makes visualizing the allocation a snap.
Subnet bits are incremented one at a time until all bits are on, and the entire address space has
been allocated.
See appendix F
Copyright 2001-06 by New Frontier Training
45
VLSMs
Like we said, the above example shows one way to allocate the 155.0.0.0. The assigning authority
however is not limited to allocating the address space proportionally. To maximize efficiency,
Variable Length Subnet Masks are used frequently when allocating the space.
VLSMs are an extension to standard subnetting. Rather than apply the same mask to all subnets,
differing masks can be applied to differing portion of the assigned address space. VLSMs can be
applied to CIDR addresses before they are ever allocated, allowing granular control over the
assignment of public addresses. VLSMs can also be applied by an organization when first
allocating an assigned CIDR address. And the mask can be varied again when the organization
wishes to reallocate already assigned address space. As long as the networking equipment
supports variable masks (mainly the routing protocol in use), there is no end to how many times
the mask of a given scope of address space can be varied that is until the space is exhausted.
46
ASSIGNMENT
CUSTOMER
10011011.00000000.00010000.00000000
Large ISP
10011011.00000000.00010000.00000001
155.0.16.0 /20
155.0.16.1 start
TOTAL
ADDRESSES
4,094
10011011.00000000.00011111.11111110
155.0.31.254 end
Customer 2
New subnets
10011011.00000000.00100000.00000001
155.0.32.1
10011011.00000000.00100000.00000000
155.0.32.0 /21
2,046
10011011.00000000.00101111.11111110
155.0.47.254
10011011.00000000.00111000.00000001
10011011.00000000.00110000.00000000
Customer 3
155.0.48.1
2,046
155.0.48.0 /21
10011011.00000000.00111111.11111110
155.0.63.254
10011011.00000000.01000000.00000000
Customer 4
155.0.64.0 /20
10011011.00000000.01000000.00000001
155.0.64.1 start
4,094
10011011.00000000.01111111.11111110
155.0.127.254 end
Etc. . . .
10011011.00000000.11100000.00000000
155.255.224.0 /20
Customer x
10011011.11111111.11100000.00000001
4,094
155.255.224.1 start
10011011.11111111.11101111.11111110
155.255.239.254 end
By varying the mask to include one more bit, a single subnet ID has been created allowing only
two subnets. Notice that this procedure mimics the one used in standard subnetting in that a new
subnet field is created. Also notice that both created subnets are valid. The rule of not allowing all
0s or all 1s in the subnet field must only be obeyed once.
47
1st octet
11111111
2nd octet
11111111
3rd octet
11111
1
000
4th octet
00000000
NETWORK ID
| Subnet ID | HOST IDs
Altering the mask from /20 to /21 creates one subnet bit
Subnet IDs
Host ID range
155.0.16.0 /23
155.0.16.0 /23
155.0.18.0 /23
155.0.20.0 /23
155.0.22.0 /23
155.0.24.0 /23
155.0.26.0 /23
155.0.28.0 /24
155.0.29.0 /24
155.0.16.1 155.0.17.254
155.0.18.1 155.0.19.254
155.0.20.1 155.0.21.254
155.0.22.1 155.0.23.254
155.0.24.1 155.0.25.254
155.0.26.1 155.0.27.254
155.0.28.1 155.0.28.254
155.0.29.1 155.0.29.254
155.0.30.0 /30
155.0.30.4 /30
155.0.30.8 /30
155.0.30.12 /30
155.0.30.16 /30
...
155.0.31.252 /30
155.0.30.1 155.0.30.2
155.0.30.5 155.0.30.6
155.0.30.9 155.0.30.10
155.0.30.13 155.0.30.14
155.0.30.17 155.0.30.18
...
155.0.31.253 155.0.31.254
155.0.28.0 /24
155.0.30.0 /30
Total # of
subnets
6
128
Hosts per
subnet
510
510
510
510
510
510
254
254
2
2
2
2
2
...
2
Varying the applied mask to create the right balance of networks and hosts
By varying the mask applied to different portions of the address space, the ISP has efficiently
administered its CIDR block. This is the essence of VLSMs. Lets walk through the table and
clarify how everything works out.
48
1st octet
11111111
2nd octet
11111111
3rd octet
1111 111
4th octet
00000000
NETWORK ID
| Subnet ID | HOST IDs
Altering the mask from /20 to /23 creates three subnet bits
Three subnet bits allows for 8 subnets (23 = 8). Note that the value 2 was not subtracted from the
number of subnets. The no all 0s or all 1s rule has already been obeyed. The table below
enumerates each /23 subnet.
3rd octet
Frozen bits
Borrowed bits
for subnet IDs
Remainder
of host bits
0001
0001
0001
0001
0001
0001
0001
0001
000
001
010
011
100
101
110
111
0
0
0
0
0
0
0
0
00010000 = .16
00010010 = .18
00010100 = .20
00010110 = .22
00011000 = .24
00011010 = .26
00011100 = .28
00011110 = .30
Subnets
Resulting network IDs
155.0.16.0 /23
155.0.18.0 /23
155.0.20.0 /23
155.0.22.0 /23
155.0.24.0 /23
155.0.26.0 /23
155.0.28.0 /23
155.0.30.0 /23
Binary format
00010010.00000001
00010010.00000010
00010010.00000011
00010010.00000100
And so on . . .
Last host
00010011.11111110
ID
Covert to decimal
.18.1
.18.2
.18.3
.18.4
155.0.18.1
155.0.18.2
155.0.18.3
155.0.18.4
.19.254
155.0.19.254
Subnet ID Host ID
Row 2
To satisfy the requirements of the two customers needing an address space of 200 hosts, the ISP
simply takes the next unassigned range of addresses starting at 150.0.28.0, and applies a mask of
49
1st octet
11111111
2nd octet
11111111
3rd octet
1111
1111
4th octet
00000000
NETWORK ID
| Subnet IDs | HOST IDs
Applying a /24 prefix to the next range of the address to create 254 host subnets
Just as applying the /23 prefix would have created eight 500-host subnets if the mask was not
varied again, here the /24 applied to the starting range 155.0.28.0 would create sixteen 254-host
subnets. However, only two of those 254 host subnets are needed, and so in a moment the mask
will again be varied at the address following the first two of the sixteen subnets. First lets
enumerate those two subnets before moving on to the 2-host subnets.
3rd octet
Frozen bits
Borrowed bit
for subnet IDs
Remainder
of host bits
0001
0001
1100
n/a
n/a
00011100 = .28
00011101 = .29
111
Subnets
Subnet ID
155.0.28.0 /24
155.0.29.0 /24
As always, the customer receiving the assignment of either subnet would be free to vary the mask
again and create additional subnets as long as the customer does not touch the frozen bits, which
for it are the first 24 bits.
Row 3
The ISP wants to allocate the balance of the address space as a bunch of 2-host subnets. The next
unallocated portion of the address space is 155.0.30.0. Two bits must be left for host IDs, so a /30
mask is applied to the address.
1st octet
11111111
2nd octet
11111111
3rd octet
4th octet
1111 1111 111111
00
NETWORK ID
| Subnet IDs
| HOST IDs
Applying a /30 prefix to the next range of the address to create 2 host subnets
50
Borrowed bits
for subnet IDs
1110.000000
1110.000001
1110.000010
1110.000011
0001
1111.111110
Remainder
host bits
00
00
00
00
00
00011111.11111100 = .31.252
Enumerating the subnet IDs for the 155.0.30.0 /30
Subnets
Subnet ID
155.0.30.0 /30
155.0.30.4 /30
155.0.30.8 /30
155.0.30.12 /30
155.0.31.252 /30
51
52
53
Appendixes
Appendix A Subnetting
Exercises
Overview
This appendix gives you an opportunity to hone your subnetting skills. Examples using private, classful
IP addresses will be presented for simplicity. The same procedures shown here are applied to classless
addresses however. You can work through each exercise on your own and check the answers on the page
following the exercise. Or if you get stuck you can jump forward and get a hint.
As you go through the exercises keep an eye out for patterns and shortcuts. After you subnet a few times
you will start to see patterns for how subnet and host IDs are created. Through experience you will also
start to see obvious shortcuts that can be taken when subnetting. When that happens you are well on your
way to becoming a subnetting master!
Exercise #1
Scenario:
An organization has chosen to deploy a private Class C address 192.168.45.0.
The organizations network is in one building on two separate floors. There are 50 computers on one
floor, and 40 computers on the other floor. A router connects the two segments of the network.
Configure a subnetting scheme for this network that assumes that there will never be more than 2 subnets
and allows for the maximum number of hosts. List just the first and last host ID for each subnet.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Solution to exercise #1
Original IP address: 192.168.45.0
1) Determine the number of subnets needed
a) Two subnets are specifically asked for. Borrowing two bits results in two subnets; (22) 2 = 2.
2) Determine the number of host IDs needed per network
a) The largest number of hosts either subnet must support is 50. 2 bits have been borrowed from the
host ID, leaving 6 bits, which is 62 hosts per network; (26) 2 = 62. Therefore, the two bits
borrowed for the subnet ID will still allow for a sufficient number of hosts.
3) Define a custom subnet mask
a) Convert the default subnet mask to binary (255.255.255.0).
11111111.11111111.11111111.000000000
b) Turn on the first two bits in the host octet of the mask to indicate these are now subnet bits:
11111111.11111111.11111111.110000000
c) Convert the subnet mask back to decimal
255.255.255.192
4) Define the subnet IDs to be used
a) List all the possible combinations of the borrowed bits
00
01
10
11
b) Combine each valid combination with the remainder of the octet and convert to decimal
01 000000 = 64
10 000000 = 128
Note: Remember the cardinal rule of subnetting when converting binary numbers to decimal: Always convert the entire octet.
Even if bits have been borrowed from an octet to create subnet IDs, you ALWAYS treat the octet as a whole when converting to
decimal.
c) Reunite the octet with rest of the IP address and you have your subnet IDs.
192.168.45.64
192.168.45.128
10 000001 = 129
10 111110 = 190
d) Combine with remainder of address and you have your beginning/ending host IDs.
Subnet #1 192.168.45.65 to 201.67.45.126
Subnet #2
192.168.45.129 to 201.67.45.190
1
2
3
4
5
6
7
8
9
10
255.255.255.0
2
62
2
255.255.255.192 or /26
1st Host ID:
Broadcast Address:
192.168.45.64
192.168.45.128
192.168.45.65
192.168.45.129
192.168.45.126
192.168.45.190
192.168.45.127
192.168.45.191
192.168.45.0
Exercise #2
Scenario:
An organization has chosen to deploy the private Class C address 192.168.11.0.
The organizations network has four buildings located 250 apart. There are 12 computers in each
building. A router connects the segments of each network.
Configure a subnetting scheme for this network that allows for the growth of two additional subnets and
accommodates up to 25 hosts per network.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Solution to exercise #2
Original IP address: 192.168.11.0
1) Determine the number of subnets needed
a) Four subnets are needed plus planning for two additional subnets makes six. Borrowing three bits
will be just enough; (23) 2 = 6.
2) Determine the number of host IDs needed per network
a) The largest number of hosts any subnet must support is 25. 3 bits were borrowed from the host ID
leaving 5 bits, which is 30 hosts per network; (25) 2 = 30. Plenty for this job.
3) Define a custom subnet mask mask
a) Convert the default subnet mask to binary (255.255.255.0).
11111111.11111111.11111111.000000000
b) Turn on the first three bits in the host octet of the subnet mask to indicate these are now network
bits:
11111111.11111111.11111111.1110000
c) Convert the subnet mask back to decimal
255.255.255.224
4) Define the network subnet IDs to be used
a) List all the possible combinations of the borrowed bits
000
100
001
101
010
110
011
111
b) Combine each valid combination with the remainder of the octet and convert to decimal
100 00000 = 128
001 00000 = 32 101 00000 = 160
010 00000 = 64 110 00000 = 192
011 00000 = 96
c) Reunite the octet with rest of the IP address and you have your subnet IDs.
193.1.11.128
193.1.11.32
193.1.11.160
193.1.11.64
193.1.11.192
193.1.11.96
5) Determine the beginning and ending host ID for each subnet
a) The 1st host ID is all bits turned OFF except one (all 0s would be the network number)
00001
b) The last host ID is all bits turned ON except one (all 1s would be the broadcast address)
11110
c) Combine each subnet ID with the beginning and ending host IDs and convert to decimal
Subnet #1
001 00001 = 33
001 11110 = 62
Subnet #2
010 00001 = 65
011 00001 = 97
011 11110 = 126
Subnet #4
Subnet #5
Subnet #6
d) Combine with remainder of address and you have your beginning/ending host IDs
Subnet #1 192.168.11.33 to 192.168.11.62
Subnet #2 192.168.11.65 to 192.168.11.94
Subnet #3 192.168.11.97 to 192.168.11.126
Subnet #4 192.168.11.129 to 192.168.11.158
Subnet #5 192.168.11.160 to 192.168.11.190
Subnet #6 192.168.11.193 to 192.168.11.222
Subnet IDs:
1
2
3
4
5
6
7
8
9
10
192.168.11.32
192.168.11.64
192.168.11.96
192.168.11.128
192.168.11.160
192.168.11.192
192.168.11.0
255.255.255.0
6
25
3 (renders 6 networks with 30 hosts per network)
255.255.255.224 or /27
Last Host ID:
1st Host ID:
192.168.11.33
192.168.11.62
192.168.11.65
192.168.11.94
192.168.11.97
192.168.11.126
192.168.11.129
192.168.11.158
192.168.11.161
192.168.11.190
192.168.11.193
192.168.11.222
Broadcast Address:
192.168.11.63
192.168.11.95
192.168.11.127
192.168.11.159
192.168.11.191
192.168.11.223
Exercise #3
Scenario:
An organization is deploying private Class C address 192.168.254.0.
The organizations network has eight departments and wants to put all departments on separate networks
to avoid broadcast storms (routers dont usually pass broadcast packets). There are no more than 10
people per department.
Configure a subnetting scheme that allows for eight networks now, and leaves room for additional
subnets only as long as the subnetting scheme accommodates at least 12 hosts per network.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Solution to exercise #3
Original IP address: 192.168.254.0
1) Determine the number of subnets needed
a) A minimum of eight subnets are needed and only more can be created if there are at least 12 host
addresses to go around. Borrowing 3 bits yields 8 potential networks, but when the 2 invalid
networks are removed you come up short. Therefore 4 bits must be borrowed; (24) 2 = 14. That
allows for 6 spare networks. You could not borrow anymore than 4 bits because at least 12 hosts
are required per subnet. If 5 bits were borrowed for network IDs, the remaining 3 bits of the octet
would only allow 6 hosts per subnet; (23) 2 = 6.
2) Determine the number of host IDs needed per network
a) Borrowing 4 bits from the host ID leaves 4 bits remaining, which is 14 hosts per network. (24)
2.
3) Define a custom subnet mask mask
a) Convert the default subnet mask to binary (255.255.255.0).
11111111.11111111.11111111.000000000
b) Turn on the first 4 bits in the host octet of the subnet mask to indicate these are now network bits:
11111111.11111111.11111111.111100000
c) Convert the subnet mask back to decimal
255.255.255.240
4) Define the network (subnet) IDs to be used
a) List all the possible combinations of the borrowed bits
0000
0100
1000
1100
0001
0101
1001
1101
0010
0110
1010
1110
0011
0111
1011
1111
Combine each valid combination with the remainder of the octet and convert to decimal
0100 0000 = 64 1000 0000 = 128 1100 0000 = 192
0001 0000 = 16 0101 0000 = 80 1001 0000 = 144 1101 0000 = 208
0010 0000 = 32 0110 0000 = 96 1010 0000 = 160 1110 0000 = 224
0011 0000 = 48 0111 0000 = 112 1011 0000 = 176
b) Reunite the octet with rest of the IP address and you have your subnet IDs.
201.255.254.64
201.255.254.128 201.255.254.192
201.255.254.16 201.255.254.80
201.255.254.144 201.255.254.208
201.255.254.32 201.255.254.96
201.255.254.160 201.255.254.224
201.255.254.48 201.255.254.112 201.255.254.176
5) Determine the beginning and ending host ID for each subnet
a) The 1st host ID is all bits turned OFF except one (all 0s would be the network number)
00001
b) The last host ID is all bits turned ON except one (all 1s would be the broadcast address)
11110
0010 0001 = 33
0010 1110 = 46
Subnet #3
0011 0001 = 65
0011 1110 = 78
etc. . .
Subnet #14
d) Combine with remainder of address and you have your beginning/ending host IDs
Subnet #1 192.168.254.17 to 192.168.254.30
Subnet #2 192.168.254.33 to 192.168.254.46
Subnet #3 192.168.254.65 to 192.168.254.78
etc. . . .
Subnet #14 192.168.254.225 to 192.168.254.238
1
2
3
4
5
6
7
8
9
10
11
12
13
14
192.168.254.16
192.168.254.32
192.168.254.48
192.168.254.64
192.168.254.80
192.168.254.96
192.168.254.112
192.168.254.128
192.168.254.144
192.168.254.160
192.168.254.176
192.168.254.192
192.168.254.208
192.168.254.224
192.168.254.0
255.255.255.0
8
12
4 (renders 14 networks with 14 hosts per network)
255.255.255.240 or /28
1st Host ID:
192.168.254.17
192.168.254.33
192.168.254.49
192.168.254.65
192.168.254.81
192.168.254.97
192.168.254.113
192.168.254.129
192.168.254.145
192.168.254.161
192.168.254.177
192.168.254.193
192.168.254.209
192.168.254.225
Broadcast Address:
192.168.254.30
192.168.254.46
192.168.254.62
192.168.254.78
192.168.254.94
192.168.254.110
192.168.254.126
192.168.254.142
192.168.254.158
192.168.254.174
192.168.254.190
192.168.254.206
192.168.254.242
192.168.254.238
192.168.254.31
192.168.254.47
192.168.254.63
192.168.254.79
192.168.254.95
192.168.254.111
192.168.254.127
192.168.254.143
192.168.254.159
192.168.254.175
192.168.254.191
192.168.254.207
192.168.254.243
192.168.254.239
You could allocate any 10 of these 14 subnets to satisfy the organizations initial need.
Exercise #4
Scenario:
An organization is deploying private Class C address 92.168.222.0.
The organizations only needs two hosts attached to each network but it needs the maximum number of
subnets possible while still allowing for the two hosts.
Configure a subnetting scheme that accommodates the objective.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
000010
000110
111110
000011
000111
111111
b) Combine each valid combination with the remainder of the octet and convert to decimal
000100 00 = 16
001000 00 = 32
000001 00 = 4
000101 00 = 20
...
000010 00 = 8
000110 00 = 24
111110 00 = 248
000011 00 = 12
000111 00 = 28
c) Reunite the octet with rest of the IP address and you have your subnet IDs.
192.168.222.16
192.168.222.32
192.168.222.4
192.168.222.20
...
192.168.222.8
192.168.222.24
192.168.222.248
192.168.222.12
192.168.222.28
5) Determine the beginning and ending host ID for each subnet
a) The 1st host ID is all bits turned OFF except one (all 0s would be the network number)
01
b) The last host ID is all bits turned ON except one (all 1s would be the broadcast address)
10
000010 01 = 9
000010 10 = 10
Subnet #3
000011 01 = 13
000011 10 = 14
...
Subnet #62
111110 01 = 249
111110 10 = 250
d) Combine with remainder of address and you have your beginning/ending host IDs
Subnet #1 192.168.222.5 to 192.168.222.6
Subnet #2 192.168.222.9 to 192.168.222.10
Subnet #3 192.168.222.13 to 192.168.222.14
...
Subnet #62 192.168.222.249 to 192.168.222.250
1
2
3
4
5
6
7
8
..
62
192.168.222.4
192.168.222.8
192.168.222.12
192.168.222.16
192.168.222.20
192.168.222.24
192.168.222.28
192.168.222.32
...
192.168.222.248
192.168.222.0
255.255.255.0
Maximum
2
6 (renders 62 networks with 2 hosts per network)
255.255.255.252 or /30
1st Host ID:
Broadcast Address:
192.168.222.5
192.168.222.9
192.168.222.13
192.168.222.17
192.168.222.21
192.168.222.25
192.168.222.29
192.168.222.33
192.168.222.6
192.168.222.10
192.168.222.14
192.168.222.18
192.168.222.22
192.168.222.26
192.168.222.30
192.168.222.34
192.168.222.7
192.168.222.11
192.168.222.15
192.168.222.19
192.168.222.23
192.168.222.27
192.168.222.31
192.168.222.35
192.168.222.249
192.168.222.250 192.168.222.251
Exercise #5
Scenario:
An organization is deploying private Class B address 172.16.0.0.
The organizations network is in one building on two separate floors. There are 250 computers on one
floor, and 200 computers on the other floor. A router connects the two segments of the network.
Configure a subnetting scheme for this network that assumes that there will never be more than 2 subnets
and allows for the maximum number of hosts. Just list the first and last host ID for each subnet.
Configure a subnetting scheme that accommodates the objective.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Solution to exercise #5
Original IP address: 172.16.0.0
1) Determine the number of subnets needed
a) Remember that class B host addresses occupy two octets, for a total of 65,534 possible hosts.
(216)-2. When borrowing bits to create additional networks you always start from the left most
octet, which for a class B addresses is the 3rd octet.
Two networks are whats required, so borrowing two bits should be adequate (22)-2 = 2.
2) Determine the number of host IDs needed per network
a) The scenario specifies a maximum of 250 hosts per subnet. Borrowing 2 bits for the subnet IDs
leaves 14 bits remaining for host IDs; (214) 2 = 16,382.
3) Define a custom subnet mask mask
a) Convert the default subnet mask to binary (255.255.0.0).
11111111.11111111.00000000.000000000
b) Turn on the first three bits in the host octet of the subnet mask to indicate these are now network
bits:
11111111.11111111.11000000.00000000
c) Convert the subnet mask back to decimal
255.255.192.0
4) Define the network (subnet) IDs to be used
a) List all the possible combinations of the borrowed bits
00
01
10
11
b) Combine each valid combination with the remainder of the octets and convert to decimal
01 000000.00000000 = 64.0
10 000000.00000000 = 128.0
Reunite the octets with rest of the IP address and you have your subnet IDs.
172.16.64.0
172.16.128.0
Note: As with class C addresses, the original network number (172.16.0.0) is rendered invalid.
5) Determine the beginning and ending host IDs for each subnet
a) The 1st host ID is all bits turned OFF except one (all 0s would be the network number)
000000.00000001
(when calculating host IDs always add from the far right)
b) The last host ID is all bits turned ON except one (all 1s would be the broadcast address)
111111.11111110
10 000000.00000001 = 172.16
10 111111.11111110 = 191.254
d) Combine with remainder of address and you have your beginning/ending host IDs
Subnet #1
172.16.64.1 to 172.16.127.254
Subnet #2
172.16.172.16 to 172.16.191.254
1
2
172.16.64.0
172.16.128.0
172.16.0.0
255.255.0.0
2
Max
2 (renders 2 networks with 16,382 hosts per network)
255.255.192.0 /18
1st Host ID:
172.16.64.1
172.16.172.16
Broadcast Address:
172.16.127.254
172.16.191.254
172.16.127.255
172.16.191.255
Perplexed?
Keep in mind that class B host addresses increment like this:
172.16.64.1, 172.16.64.2, . . . 172.16.64.254, 172.16.64.255, 172.16.65.1, 172.16.65.2, . . .
172.16.65.254, 172.16.65.255, 172.16.66.1 . . . . . . . 172.16.191.252, 172.16.191.253,
172.16.191.254
Why is 172.16.191.254 the last host address? That is the decimal equivalent of all bits but one
being turned on (10 111111.11111110 = 191.254). The 10 of course is the network ID, not a host
ID. Even though it is part of the octet it is not part of the host ID.
Exercise #6
Scenario:
An organization is deploying private Class B address 172.23.0.0.
The organizations network has ten buildings located 250 apart. There are 500 computers in each
building. A router connects the segments of each network.
Configure a subnetting scheme for this network that allows for the growth of five additional subnets and
accommodates up to 1000 hosts per network.
Broadcast Address:
1
2
3
4
5
6
7
8
9
10
Workspace:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Solution to exercise #6
Original IP address: 172.23.0.0
1) Determine the number of subnets needed
a) 10 networks are in place now but there may be up to 15. Borrowing 4 bits is not quite enough (24)
2 = 14 subnets. Therefore 5 bits must be borrowed to accommodate the planned growth.
Borrowing 5 bits allows for up to 30 subnets (25) 2 = 30.
2) Determine the number of host IDs needed per network
a) The scenario specifies at least 1000 hosts per subnet. Borrowing 5 bits for the subnet IDs leaves
11 bits remaining. (211) 2 = 2,046.
3) Define a custom subnet mask mask
a) Convert the default subnet mask to binary (255.255.0.0).
11111111.11111111.00000000.000000000
b) Turn on the first three bits in the host octet of the subnet mask to indicate these are now network
bits:
11111111.11111111.11111000.00000000
c) Convert the default subnet mask back to decimal
255.255.248.0
4) Define the network (subnet) IDs to be used
a) List all the possible combinations of the borrowed bits
00000
00100
00001
00101
00010
00110
00011
00111
01000
...
11110
11111
b) Combine each valid combination with the remainder of the octets and convert to decimal
00100 000.00000000 = 32.0
01000 000.00000000 = 64.0
00001 000.00000000 = 8.0
00101 000.00000000 = 40.0
...
00010 000.00000000 = 16.0 00110 000.00000000 = 48.0
11110 000.00000000 = 240.0
00011 000.00000000 = 24.0 00111 000.00000000 = 56.0
c) Reunite the octets with rest of the IP address and you have your subnet IDs.
172.23.32.0
172.23.64.0
172.23.8.0
172.23.40.0
...
172.23.16.0
172.23.48.0
172.23.240.0
172.23.24.0
172.23.56.0
Subnet 3
...
Subnet 14
d) Combine with remainder of address and you have your beginning/ending host IDs for each
subnet.
Subnet 1
172.23.8.1 to 172.23.15.254
Subnet 2
172.23.16.1 to 172.23.23.254
Subnet 3
172.23.24.1 to 172.23.31.254
...
Subnet 14 172.23.240.1 to 172.23.247.254
1
2
3
4
5
6
7
8
..
30
170.239.8.0
170.239.16.0
170.239.24.0
170.239.32.0
170.239.40.0
170.239.48.0
170.239.56.0
170.239.64.0
...
170.239.240.0
170.239.0.0
255.255.0.0
15
1,000
5 (renders 30 networks with 2,046 hosts per network)
255.255.248.0 or /21
1st Host ID:
Last Host ID:
Broadcast Address:
170.239.8.1
170.239.16.1
170.239.24.1
170.239.32.1
170.239.40.1
170.239.48.1
170.239.56.1
170.239.64.1
170.239.15.254
170.239.23.254
170.239.31.254
170.239.39.254
170.239.47.254
170.239.55.254
170.239.63.254
170.239.71.254
170.239.15.255
170.239.23.255
170.239.31.255
170.239.39.255
170.239.47.255
170.239.55.255
170.239.63.255
170.239.71.255
170.239.240.1
170.239.247.254 170.239.247.255
How do you easily know what the last network number is without incrementing through every
single network number? Simply turn on all the network address bits except one and convert to
binary!
In this example since we borrowed 5 bits the network portion of the IP address is:
00000 000.00000000
network host
Turning on all network bits except one is: 11110 000.00000000
Convert to decimal and the answer is 240.0
The weird thing about subnetting is that the octet value of 240 represents both the network number
and the host IDs. But the ANDing process always reveals the truth of the matter.
Overview
Youve sweated and toiled, and you finally have a good grasp of subnetting. Now you will learn
how to subnet the Quick and Dirty style. Quick and dirty means NO BINARY and NO
CALCULATOR.
The key to subnetting Quick and Dirty style is via something known as the magic number. You
have worked with the magic number already though you may not have realized it. Once you
determine the magic number in a subnetting problem, everything else is childs play. You can use
this method for any classful or classless address, as long as you are only borrowing from one
octet.
Note: This method works only if you are borrowing from a single octet. If borrowing beyond one octet, do not use this
method.
77
Now the questions about this network can be answered. The host is part of subnet 192.168.1.64.
There are 62 hosts per subnet. There are two subnets.
Example #2
Given the following IP address, answer the questions below:
172.16.2.232
255.255.255.0
1. What subnet number is the IP address part of?
2. How many host IDs for this subnet?
3. How many subnets are there?
Here we have a private class B address with the mask of a class C address. Quite common.
1. Eight borrowed bits in the 3rd octet means 254 possible subnets; 28-2 = 254.
2. The first subnet is all subnet bits turned OFF except the low order bit, then recombine the
result with the rest of the bits in the octet; 00000001 = .1.
3. The last subnet is all subnet bits turned ON except the low order bit, then recombine the
result with the rest of the bits in the octet; 11111110 = .255.
4. There are 8 bits for host IDs; 28 -2 = 254.
The host is part of subnet 172.16.2.0. There are 254 hosts per subnet. There are 254 subnets.
Example #3
Given the following IP address, answer the questions below:
172.16.2.233
255.255.255.192
1. What subnet number is the IP address part of?
2. How many host IDs for this subnet?
3. How many subnets are there?
Here we have a private class B address with bits borrowed from two octets to create the subnet
field. No need to panic however. The same procedure as the two previous examples applies. Eight
bits have been borrowed from the 3rd octet , and two bits more from the 4th octet (192 =
11000000), for a total of 10 bits in the subnet field.
4. 10 borrowed bits means 254 possible subnets; 210-2 = 1022.
5. The first subnet is all subnet bits turned OFF except the low order bit, then recombine the
result with the rest of the bits in the octet; 00000000.000001 00 = .0.4.
6. The last subnet is all subnet bits turned ON except the low order bit, then recombine the
result with the rest of the bits in the octet; 11111111.111110 00 = 255.248.
7. There are 6 bits for host IDs; 26 -2 = 62.
By enumerating the subnets (0.4, 0.8, 0.12, etc.), you will eventually reach the 2.232, (note that
232 is a multiple of 4). The host is part of subnet 172.16.2.232. There are 62 hosts per subnet.
There are 1,022 subnets. See example 2 in appendix D for a shortcut to quickly determine the
subnet a host belongs to.
1. The subnet ID is 24.11.203.0 /24, and provides host addresses in the range 24.11.203.1 to
24.11.203.254. This is a simple calculation based on the /24 prefix, which allows 8 bits to form 254
host addresses.
2. IP address 24.11.203.84 is assigned to the cable modem at the customers premises, probably
automatically through DHCP. The default gateway of 24.11.203.1 is the ISPs router for this subnet.
The gateway address must be on the same subnet. The cable provider is usually running Ethernet as
the layer 2 protocol even over what must be a significant distance. In other words, this is a LAN not
a WAN (a WAN would require a WAN layer 2 protocol such as SLIP or PPP, and likely use a twohost subnet address).
3. The customer is not necessarily entitled to use any other addresses on the subnet. The customer is in
fact sharing the address range (as well as the bandwidth!) of this network with the neighbors. They
are all on one LAN that extends throughout the neighborhood. With likely only one IP address, the
customer is relegated to using Network Address Translation or a proxy server in order to share the
connection. Of course, virtually all home Internet routers have NAT capability, and the Windows
based Internet Connection Sharing facility provides software based NAT.
4,194,302 (222-2)
2,097,150 (221-2)
1,048,574 (220-2)
524,286 (219-2)
262,142 (218-2)
131,070 (217-2)
65,534 (216-2)
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
Class A subnetting could continue past this table by borrowing bits from the 3rd and 4th octet.
Class B network subnetting possibilities (default subnet mask = 255.255.0.0.)
Number of bits borrowed
for subnet mask
2
3
4
5
6
7
8
16,382 (214-2)
8,190 (213-2)
4,094 (212-2)
2,046 (211-2)
1,022 (210-2)
510 (29-2)
254 (28-2)
255.255.192.0
255.255.224.0
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
Class B subnetting could continue past this table by borrowing bits from the 4th octet.
Class C network subnetting possibilities (default subnet mask = 255.255.255.0.)
62 (26-2)
30 (25-2)
14 (24-2)
6 (23-2)
2 (22-2)
0 (21-2) Invalid
-1 (20-2) Invalid
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
255.255.255.254
255.255.255.255
90
91