1

Introduction
This talk will cover the basics of IP addressing and subnetting.
Topics covered will include:

• What is an IP Address?
• What are Classes?
• What is a Network Address?
• What are Subnet Masks and Subnet Addresses?
• How are Subnet Masks defined and used?
• How can all this be applied?
• What is CIDR?
• How can I get more information?

IP Addressing
An IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP
network. An IP address is a 32 bit binary number usually represented as 4 decimal values,
each representing 8 bits, in the range 0 to 255 (known as octets) separated by decimal points.
This is known as "dotted decimal" notation.

Example: 140.179.220.200

It is sometimes useful to view the values in their binary form.

140 .179 .220 .200

10001100.10110011.11011100.11001000

Every IP address consists of two parts, one identifying the network and one identifying the
node. The Class of the address and the subnet mask determine which part belongs to the
network address and which part belongs to the node address.

Address Classes
There are 5 different address classes. You can determine which class any IP address is in by
examining the first 4 bits of the IP address.

• Class A addresses begin with 0xxx, or 1 to 126 decimal.

• Class B addresses begin with 10xx, or 128 to 191 decimal.
• Class C addresses begin with 110x, or 192 to 223 decimal.
• Class D addresses begin with 1110, or 224 to 239 decimal.
• Class E addresses begin with 1111, or 240 to 254 decimal.

Addresses beginning with 01111111, or 127 decimal, are reserved for loopback and for
internal testing on a local machine. [You can test this: you should always be able to ping
127.0.0.1, which points to yourself] Class D addresses are reserved for multicasting. Class E
addresses are reserved for future use. They should not be used for host addresses.
 2

Now we can see how the Class determines, by default, which part of the IP address belongs to
the network (N) and which part belongs to the node (n).

• Class A -- NNNNNNNN.nnnnnnnn.nnnnnnn.nnnnnnn
• Class B -- NNNNNNNN.NNNNNNNN.nnnnnnnn.nnnnnnnn
• Class C -- NNNNNNNN.NNNNNNNN.NNNNNNNN.nnnnnnnn

In the example, 140.179.220.200 is a Class B address so by default the Network part of the
address (also known as the Network Address) is defined by the first two octets (140.179.x.x)
and the node part is defined by the last 2 octets (x.x.220.200).

In order to specify the network address for a given IP address, the node section is set to all
"0"s. In our example, 140.179.0.0 specifies the network address for 140.179.220.200. When
the node section is set to all "1"s, it specifies a broadcast that is sent to all hosts on the
network. 140.179.255.255 specifies the example broadcast address. Note that this is true
regardless of the length of the node section.

Private Subnets

There are three IP network addresses reserved for private networks. The addresses are
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They can be used by anyone setting up internal
IP networks, such as a lab or home LAN behind a NAT or proxy server or a router. It is
always safe to use these because routers on the Internet will never forward packets coming
from these addresses. These addresses are defined in RFC 1918.

Subnetting
Subnetting an IP Network can be done for a variety of reasons, including organization, use of
different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space,
and security. The most common reason is to control network traffic. In an Ethernet network,
all nodes on a segment see all the packets transmitted by all the other nodes on that segment.
Performance can be adversely affected under heavy traffic loads, due to collisions and the
resulting retransmissions. A router is used to connect IP networks to minimize the amount of
traffic each segment must receive.

Subnet Masking

Applying a subnet mask to an IP address allows you to identify the network and node parts of
the address. The network bits are represented by the 1s in the mask, and the node bits are
represented by the 0s. Performing a bitwise logical AND operation between the IP address
and the subnet mask results in the Network Address or Number.
For example, using our test IP address and the default Class B subnet mask, we get:

10001100.10110011.11110000.11001000 140.179.240.200 Class B IP

Address
11111111.11111111.00000000.00000000 255.255.000.000 Default Class B
Subnet Mask
--------------------------------------------------------
10001100.10110011.00000000.00000000 140.179.000.000 Network Address

Default subnet masks:

 3

• Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000

• Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000
• Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000

More Restrictive Subnet Masks

Additional bits can be added to the default subnet mask for a given Class to further subnet, or
break down, a network. When a bitwise logical AND operation is performed between the
subnet mask and IP address, the result defines the Subnet Address (also called the Network
Address or Network Number). There are some restrictions on the subnet address. Node
addresses of all "0"s and all "1"s are reserved for specifying the local network (when a host
does not know it's network address) and all hosts on the network (broadcast address),
respectively. This also applies to subnets. A subnet address cannot be all "0"s or all "1"s. This
also implies that a 1 bit subnet mask is not allowed. This restriction is required because older
standards enforced this restriction. Recent standards that allow use of these subnets have
superceded these standards, but many "legacy" devices do not support the newer standards. If
you are operating in a controlled environment, such as a lab, you can safely use these
restricted subnets.

To calculate the number of subnets or nodes, use the formula (2n-2) where n = number of bits
in either field, and 2n represents 2 raised to the nth power. Multiplying the number of subnets
by the number of nodes available per subnet gives you the total number of nodes available for
your class and subnet mask. Also, note that although subnet masks with non-contiguous mask
bits are allowed, they are not recommended.

Example:

10001100.10110011.11011100.11001000 140.179.220.200 IP Address

11111111.11111111.11100000.00000000 255.255.224.000 Subnet Mask
--------------------------------------------------------
10001100.10110011.11000000.00000000 140.179.192.000 Subnet Address
10001100.10110011.11011111.11111111 140.179.223.255 Broadcast
Address

In this example a 3 bit subnet mask was used. There are 6 (23-2) subnets available with this
size mask (remember that subnets with all 0's and all 1's are not allowed). Each subnet has
8190 (213-2) nodes. Each subnet can have nodes assigned to any address between the Subnet
address and the Broadcast address. This gives a total of 49,140 nodes for the entire class B
address subnetted this way. Notice that this is less than the 65,534 nodes an unsubnetted class
B address would have.

You can calculate the Subnet Address by performing a bitwise logical AND operation
between the IP address and the subnet mask, then setting all the host bits to 0s. Similarly, you
can calculate the Broadcast Address for a subnet by performing the same logical AND
between the IP address and the subnet mask, then setting all the host bits to 1s. That is how
these numbers are derived in the example above.

Subnetting always reduces the number of possible nodes for a given network. There are
complete subnet tables available here for Class A, Class B and Class C. These tables list all
the possible subnet masks for each class, along with calculations of the number of networks,
nodes and total hosts for each subnet.
 4

An Example
Here is another, more detailed, example. Say you are assigned a Class C network number of
200.133.175.0 (apologies to anyone who may actually own this domain address). You want to
utilize this network across multiple small groups within an organization. You can do this by
subnetting that network with a subnet address.

We will break this network into 14 subnets of 14 nodes each. This will limit us to 196 nodes
on the network instead of the 254 we would have without subnetting, but gives us the
advantages of traffic isolation and security. To accomplish this, we need to use a subnet mask
4 bits long.
Recall that the default Class C subnet mask is

255.255.255.0 (11111111.11111111.11111111.00000000 binary)

Extending this by 4 bits yields a mask of
255.255.255.240 (11111111.11111111.11111111.11110000 binary)
This gives us 16 possible network numbers, 2 of which cannot be used:
Subnet bits Network Number Node Addresses Broadcast Address
0000 200.133.175.0 Reserved None
0001 200.133.175.16 .17 thru .30 200.133.175.31
0010 200.133.175.32 .33 thru .46 200.133.175.47
0011 200.133.175.48 .49 thru .62 200.133.175.63
0100 200.133.175.64 .65 thru .78 200.133.175.79
0101 200.133.175.80 .81 thru .94 200.133.175.95
0110 200.133.175.96 .97 thru .110 200.133.175.111
0111 200.133.175.112 .113 thru .126 200.133.175.127
1000 200.133.175.128 .129 thru .142 200.133.175.143
1001 200.133.175.144 .145 thru .158 200.133.175.159
1010 200.133.175.160 .161 thru .174 200.133.175.175
1011 200.133.175.176 .177 thru .190 200.133.175.191
1100 200.133.175.192 .193 thru .206 200.133.175.207
1101 200.133.175.208 .209 thru .222 200.133.175.223
1110 200.133.175.224 .225 thru .238 200.133.175.239
1111 200.133.175.240 Reserved None

CIDR -- Classless InterDomain Routing

Now that you understand "classful" IP Subnetting principals, you can forget them ;). The
reason is CIDR -- Classless InterDomain Routing. CIDR was invented several years ago to
keep the internet from running out of IP addresses. The "classful" system of allocating IP
addresses can be very wasteful; anyone who could reasonably show a need for more that 254
host addresses was given a Class B address block of 65533 host addresses. Even more
wasteful were companies and organizations that were allocated Class A address blocks, which
 5

contain over 16 Million host addresses! Only a tiny percentage of the allocated Class A and
Class B address space has ever been actually assigned to a host computer on the Internet.

People realized that addresses could be conserved if the class system was eliminated. By
accurately allocating only the amount of address space that was actually needed, the address
space crisis could be avoided for many years. This was first proposed in 1992 as a scheme
called Supernetting. Under supernetting, the classful subnet masks are extended so that a
network address and subnet mask could, for example, specify multiple Class C subnets with
one address. For example, If I needed about 1000 addresses, I could supernet 4 Class C
networks together:

192.60.128.0 (11000000.00111100.10000000.00000000) Class C subnet

address
192.60.129.0 (11000000.00111100.10000001.00000000) Class C subnet
address
192.60.130.0 (11000000.00111100.10000010.00000000) Class C subnet
address
192.60.131.0 (11000000.00111100.10000011.00000000) Class C subnet
address
--------------------------------------------------------
192.60.128.0 (11000000.00111100.10000000.00000000) Supernetted Subnet
address
255.255.252.0 (11111111.11111111.11111100.00000000) Subnet Mask
192.60.131.255 (11000000.00111100.10000011.11111111) Broadcast address
In this example, the subnet 192.60.128.0 includes all the addresses from 192.60.128.0 to
192.60.131.255. As you can see in the binary representation of the subnet mask, the Network
portion of the address is 22 bits long, and the host portion is 10 bits long.

Under CIDR, the subnet mask notation is reduced to a simplified shorthand. Instead of
spelling out the bits of the subnet mask, it is simply listed as the number of 1s bits that start
the mask. In the above example, instead of writing the address and subnet mask as

192.60.128.0, Subnet Mask 255.255.252.0

the network address would be written simply as:
192.60.128.0/22
which indicates starting address of the network, and number of 1s bits (22) in the network
portion of the address. If you look at the subnet mask in binary
(11111111.11111111.11111100.00000000), you can easily see how this notation works.

The use of a CIDR notated address is the same as for a Classful address. Classful addresses
can easily be written in CIDR notation (Class A = /8, Class B = /16, and Class C = /24)

It is currently almost impossible for an individual or company to be allocated their own IP

address blocks. You will simply be told to get them from your ISP. The reason for this is the
ever-growing size of the internet routing table. Just 10 years ago, there were less than 5000
network routes in the entire Internet. Today, there are over 100,000. Using CIDR, the biggest
ISPs are allocated large chunks of address space (usually with a subnet mask of /19 or even
smaller); the ISP's customers (often other, smaller ISPs) are then allocated networks from the
big ISP's pool. That way, all the big ISP's customers (and their customers, and so on) are
accessible via 1 network route on the Internet. But I digress.

It is expected that CIDR will keep the Internet happily in IP addresses for the next few years
at least. After that, IPv6, with 128 bit addresses, will be needed. Under IPv6, even sloppy
 6

address allocation would comfortably allow a billion unique IP addresses for every person on
earth! The complete and gory details of CIDR are documented in RFC1519, which was
released in September of 1993.

Logical Operations
This page will provide a brief review and explanation of the common logical bitwise
operations AND, OR, XOR (Exclusive OR) and NOT. Logical operations are performed
between two data bits (except for NOT). Bits can be either "1" or "0", and these operations are
essential to performing digital math operations.
In the "truth tables" below, the input bits are in bold, and the results are plain.

AND
The logical AND operation compares 2 bits and if they are both "1", then the result is "1",
otherwise, the result is "0".
0 1
0 0 0
1 0 1

OR
The logical OR operation compares 2 bits and if either or both bits are "1", then the result is
"1", otherwise, the result is "0".
0 1
0 0 1
1 1 1

XOR
The logical XOR (Exclusive OR) operation compares 2 bits and if exactly one of them is "1"
(i.e., if they are different values), then the result is "1"; otherwise (if the bits are the same), the
result is "0".
0 1
0 0 1
1 1 0

NOT
The logical NOT operation simply changes the value of a single bit. If it is a "1", the result is
"0"; if it is a "0", the result is "1". Note that this operation is different in that instead of
comparing two bits, it is acting on a single bit.
0 1
1 0
 7

IP Subnetting, Variable Subnetting, and CIDR

(Supernetting)
1. Who is this for?

People who will be building networks. If you're a manager you can go to sleep now; if
you know this stuff already, take a pizza break; if you want to actually build networks
some day and are not already comfortable working out appropriate sizes of subnets,
please come to the front of the lecture hall - I have a few copies of this lesson but not
enough for everyone in the room.

2. Purpose of this lesson

Some day you may be responsible for designing a network that connects several
locations together with routers. You'll have been given a certain number of IP
addresses you can use, and you have to allocate them in chunks to each site without
running out!

The reason we are going to learn subnetting is simple: there are not enough IP
addresses free for you to give a whole Class C network to every site you manage.
Some upstream providers charge you for each Class C you allocate. Others force you
to justify your use of space in detail, showing that each network you allocated was
fully populated.

Before we go into details, there are two things you might be able to use which will
avoid the need to learn any of this stuff:

1. NAT - network address translation

If it is available to you, NAT often lets you create any size of network you
want, without worrying about how much IP space you have been officially
allocated. I'm not going to explain what NAT is in detail, because it will be
covered in someone else's lesson. In short, it's a way to map large numbers of
IPs on to a single IP (or to take a large sparse range such as a Class B and map
each address that is actually used on to a small number of Class C's). NAT is
worth taking the time to learn, because it can save you a whole lot of effort!
2. Online tools to calculate subnets
There are many web pages available that will calculate netmasks for given
sizes of subnets. These are useful as long as you understand the basics of what
you're trying to do. If you don't have 'the big picture', these tools won't help.
You can listen to this lecture to get 'the big picture' without getting distracted
by the details, then use one of the online tools when you need actual numbers.

3. IP address space in general - inference of Class A/B/C

Before we start - a quick and very basic recap on IP addressing in general.

 8

Every machine on the net has an address. Addresses are 32 bits. These 32 bits are split
into two parts - a network number followed by a host address. The 'host address' part
is for a number of machines on one physical network - say a bunch of machines
connected with a hub or on a single thin ether wire. The network number represents
this group of hosts as a single unit, and routers need to know these network numbers
to send data from one net to another.
Just where the network/host split is made is arbitrary. There's no real reason why
10.1.2.3 should be part of a class A network and 220.1.2.3 is part of a class C network
- it just is. The address space was split up as shown below, and any addresses in these
ranges are deemed to be in the appropriate Class. Why does this matter? Well, some
software will ask for an IP address but NOT a netmask - and it will infer a netmask
from the address. This is OK as long as you are staying within the class system, but if
you are subnetting or supernetting, it can cause you a lot of trouble.

There's actually very little difference between a Class C network, and a Class B
network with a 255.255.255.0 netmask applied. (The only time they're different is if
the network address is of the form X.X.0.X or X.X.255.X)

Before you start designing your subnets, you should know what it is that you've been
given. Here are three ways of finding out what class your allocation is in. Use
whichever you find easiest.

o Class A addresses begin with 0xxx, or 1 to 126 decimal. (127 is loopback)

o Class B addresses begin with 10xx, or 128 to 191 decimal.
o Class C addresses begin with 110x, or 192 to 223 decimal.
o Class D addresses begin with 1110, or 224 to 239 decimal. (a.k.a multicast -
you'll probably never see these)
o Class E addresses begin with 1111, or 240 to 254 decimal. (or these)

o If the first bit is 0 it is a Class A address

o If the first two bits are 10 it is a Class B address
o If the first three bits are 110 it is a Class C address
o If the first four bits are 1110 it is a Class D multicast address
o If the first four bits are 1111 it is a Class E experimental address

First Byte Class Network Mask (explained later)

1-126 "A" 255.0.0.0
128-191 "B" 255.255.0.0
192-223 "C" 255.255.255.0

In all the examples below we will assume we have been allocated a Class C network
to work with: 192.168.1.0

192.168.1.0 is actually a special type of Class C address - it's one that is reserved
 9

never to be allocated on the real Internet. So we'll use it in our examples because if
you do configure a network using these numbers, you won't mess anybody else up. It's
amazing the number of people who create internal networks using real IP addresses
chosen at random. If you ever connect one of these networks to the internet, you will
not be to route because the space belongs to someone else. If you disguise your
addresses using NAT, you'll still not be able to access those parts of the net that
legitimately use those addresses.

Doing subnet calculations for Class A and Class B networks works just the same way
as the Class C examples we are going to cover. If you can do a Class C from first
principles, you'll be able to do Class B's in your sleep. Very few people here will get
much opportunity to design Class A or Class B subnets, but you are quite likely to be
asked to work on existing Class A or B networks, so it's still worth knowing.

2. What is Broadcast?

I assume you know what a broadcast address is - the necessity to handle

broadcasts is actually what makes subnetting anything less than trivial: if you
have a Class C network such as 192.168.1.* (with station addresses
192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be
sent to *every* station on that network. Later we'll discover that sending to
192.168.1.0 is sort of something similar. Or was once, anyway.

In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet
host part set to all ones means broadcast. Eg in a /28, any addresses of the form
N.N.N.XXXX1111 are broadcast addresses for their subnets only.

3. Don't I need to know how to do binary arithmetic?

Forgetaboutit. If you can't do binary math in your head, just use the data in
these tables below. (On the other hand, if you can't do binary in your head by
now, you probably shouldn't be looking at a career in networking.)

4. Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded.
Mask is 11110000

This table may be all you ever need to know, for many installations. This is a
typical example and possibly the most common one. Because it is such a useful
table, this is the only large one we will list in full.

Network part Subnet.host Host addresses Broadcast Address

192.168.1.1 to 192.168.1.15 - UNUSABLE -
192.168.1.0 0000xxxx
192.168.1.14 NETMASK ALL 0000's
192.168.1.17 to
192.168.1.16 0001xxxx 192.168.1.31
192.168.1.30
192.168.1.33 to
192.168.1.32 0010xxxx 192.168.1.47
192.168.1.46
192.168.1.49 to
192.168.1.48 0011xxxx 192.168.1.63
192.168.1.62
 10

192.168.1.65 to
192.168.1.64 0100xxxx 192.168.1.79
192.168.1.78
192.168.1.81 to
192.168.1.80 0101xxxx 192.168.1.95
192.168.1.94
192.168.1.97 to
192.168.1.96 0110xxxx 192.168.1.111
192.168.1.110
192.168.1.113 to
192.168.1.112 0111xxxx 192.168.1.127
192.168.1.126
192.168.1.129 to
192.168.1.128 1000xxxx 192.168.1.143
192.168.1.142
192.168.1.145 to
192.168.1.144 1001xxxx 192.168.1.159
192.168.1.158
192.168.1.161 to
192.168.1.160 1010xxxx 192.168.1.175
192.168.1.174
192.168.1.177 to
192.168.1.176 1011xxxx 192.168.1.191
192.168.1.190
192.168.1.193 to
192.168.1.192 1100xxxx 192.168.1.207
192.168.1.206
192.168.1.209 to
192.168.1.208 1101xxxx 192.168.1.223
192.168.1.222
192.168.1.225 to
192.168.1.224 1110xxxx 192.168.1.239
192.168.1.238
192.168.1.241 to 192.168.1.255 - UNUSABLE -
192.168.1.240 1111xxxx
192.168.1.254 NETMASK ALL 1111's
5.
6. 0's/1's restriction on host part: let's take one subnet from the table above:

Network part Subnet.host Host addresses Broadcast Address

192.168.1.32 0010xxxx 192.168.1.33 to 192.168.1.46 192.168.1.47
7.
Now, let's look at the individual hosts within that subnet:

Network part Subnet . Host part Host Address

192.168.1.32 0010.0000 UNUSABLE - HOST PART IS ALL 0's
192.168.1.33 0010.0001
192.168.1.34 0010.0010
192.168.1.35 0010.0011
192.168.1.36 0010.0100
192.168.1.37 0010.0101
192.168.1.38 0010.0110
192.168.1.39 0010.0111
192.168.1.40 0010.1000
 11

192.168.1.41 0010.1001
192.168.1.42 0010.1010
192.168.1.43 0010.1011
192.168.1.44 0010.1100
192.168.1.45 0010.1101
192.168.1.46 0010.1110
192.168.1.47 0010.1111 UNUSABLE - HOST PART IS ALL 1's
8.
Although you may be familiar with the all ones broadcast addresses (typically
x.x.x.255 for a Class C network) you may not realise that at some time in the
past x.x.x.0 was also used as a broadcast address. Although this seldom is done
nowadays, for historical reasons we still obey this convention. (The last
machine I owned that actually used the .0 address for broadcast was a Sun
from the late 1980's)

Note what happens as the room for hosts gets smaller:

This is the host table for a /30:

Network part Subnet . Host part Host Address
192.168.1.32 001000.00 UNUSABLE - HOST PART IS ALL 0's
192.168.1.33 001001.01
192.168.1.34 001010.10
192.168.1.35 001011.11 UNUSABLE - HOST PART IS ALL 1's
9. A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26
is pretty bad, because 50% of the nets are unusable. a /28 is best because it lets
you have (16 - 2) * (16 - 2) = 192 hosts.

This would be the host table if a /31, if it existed:

Network part Subnet . Host part Host Address
192.168.1.32 0010000.0 UNUSABLE - HOST PART IS ALL 0's
192.168.1.33 0010000.1 UNUSABLE - HOST PART IS ALL 1's
10.
What's wrong with this picture??? Well, you can't have a /31. Here's why...

11.We can have subnets of /26,/27,/28,/29,/30 - BUT NOT /25 or /31!

This is a /30 (with sections removed for brevity):

Mask is 11111100
Network part Subnet.host Host addresses Broadcast Address
192.168.1.1 to 192.168.1.3 - UNUSABLE -
192.168.1.0 000000xx
192.168.1.2 NETMASK ALL 000000's
192.168.1.5 to
192.168.1.4 000001xx 192.168.1.7
192.168.1.6
 12

192.168.1.9 to
192.168.1.8 000010xx 192.168.1.11
192.168.1.10
192.168.1.13 to
192.168.1.12 000011xx 192.168.1.15
192.168.1.14
192.168.1.17 to
192.168.1.16 000100xx 192.168.1.19
192.168.1.18
192.168.1.21 to
192.168.1.20 000101xx 192.168.1.23
192.168.1.22
192.168.1.24 -
... .............................. .............
244
192.168.1.249 to
192.168.1.248 111110xx 192.168.1.251
192.168.1.250
192.168.1.253 to 192.168.1.255 - UNUSABLE -
192.168.1.252 111111xx
192.168.1.254 NETMASK ALL 111111's
12.
13.So why not a /25????

Network part Subnet.host Host addresses Broadcast Address

192.168.1.1 to 192.168.1.127 - UNUSABLE -
192.168.1.0 0xxxxxxx
192.168.1.126 NETMASK ALL 0's
192.168.1.129 to 192.168.1.255 - UNUSABLE -
192.168.1.128 1xxxxxxx
192.168.1.254 NETMASK ALL 1's
14.When the netmask is only one bit, it can't help but being all zeroes or all ones.

15.And why not a /31?

Broadcast Addresses (0's and
Network part Subnet.host Host addresses
1's)
192.168.1.0 - UNUSABLE -
192.168.1.0? to NETMASK 000000's
192.168.1.0 0000000x
192.168.1.1? 192.168.1.1 - UNUSABLE -
NETMASK 000000's
192.168.1.2 - UNUSABLE -
192.168.1.2? to Broadcast 0's
192.168.1.2 0000001x
192.168.1.3? 192.168.1.3 - UNUSABLE -
Broadcast 1's
192.168.1.4 - .............
... ..............................
250 .............
192.168.1.252 - UNUSABLE -
192.168.1.252 to Broadcast 0's
192.168.1.252 1111110x
192.168.1.253 192.168.1.253 - UNUSABLE -
Broadcast 1's
192.168.1.254 UNUSABLE -
192.168.1.254 to NETMASK 111111's
192.168.1.254 1111111x
192.168.1.255 192.168.1.255 UNUSABLE -
NETMASK 111111's
 13

16.
17.Variable subnetting example 1 (insert /30 into /28 from above)

Well, in the /28 example above, we've shown that the first and last subnets are
unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate
because each of those subnets is losing 16 (-2) IP addresses each.

Is there any way we can get back some of those addresses? Well, yes - there is.
If you look at the example of a /30 subnet, you'll see these entries:

Network part Subnet.host Host addresses Broadcast Address

192.168.1.1 to 192.168.1.3 - UNUSABLE -
192.168.1.0 000000xx
192.168.1.2 NETMASK ALL 000000's
192.168.1.5 to
192.168.1.4 000001xx 192.168.1.7
192.168.1.6
192.168.1.9 to
192.168.1.8 000010xx 192.168.1.11
192.168.1.10
192.168.1.13 to
192.168.1.12 000011xx 192.168.1.15
192.168.1.14
192.168.1.16 -
... .............................. .............
252
18.
Apart from the first one, these are all perfectly valid subnets, and if we were to
configure machines using them, they will look just like normal addresses in a
/30 subnet. We can do exactly the same thing for the 192.168.1.240-255
addresses.

These small subnets - they only have 2 IP addresses that are usable - are
actually just what you need when you are setting up a point to point link
between different subnets (in different locations). So by using the 'slop' at the
end of the range, you can get your point to point links for free.

19.Variable subnetting example 2 (insert /28 from above into /26)

Here we have a different and possibly more useful example of variable

subnetting. Let's say we have a central office with 50 workstations, one remote
office with 10, and another remote office with 9 workstations.

The following table tells you how many workstations and how many offices
you can have for each size of subnet mask:
Max Useable Subnets # C IPs/Subnet
Bit Split Subnet Mask Block Size
(number of offices) (number of workstatio
2/6 192 (/26) 64 2 62
3/5 224 (/27) 32 6 30
4/4 240 (/28) 16 14 14
 14

5/3 248 (/29) 8 30 6

6/2 252 (/30) 4 62 2
20.

You see, with one office of size 50, we're forced with a simple subnet scheme
to use a /26 (2 bits subnet, 6 bits host). However, we have three offices, so this
won't work.
With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28
(16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station
office.

Well, the solution is simple: Treat it as a /26, allocate the large office, then
extract from a table of /28's enough smaller subnets to fit in the one remaining
/26 slot. Like this:

Network part Subnet.host Host addresses Broadcast Address

192.168.1.1 to 192.168.1.63 UNUSABLE -
192.168.1.0 00xxxxxx
192.168.1.62 NETMASK ALL 00's
192.168.1.65 to 192.168.1.127 ALLOCATE THIS TO
192.168.1.64 01xxxxxx
192.168.1.126 BE FURTHER SUBNETTED
192.168.1.129 to 192.168.1.191 ALLOCATE THIS
192.168.1.128 10xxxxxx
192.168.1.190 ONE TO THE 50-STATION OFFICE
192.168.1.193 to 192.168.1.255 UNUSABLE -
192.168.1.192 11xxxxxx
192.168.1.254 NETMASK ALL 11's
21.(note: with a simple /26, you lose HALF of your potential IP addresses to the
broadcast network addresses)

And guess what ... if we look at the earlier table for a /28, you'll find exactly
the section we need to extract and fit in here:
Broadcast
Network part Subnet.host Host addresses
Address192.168.1.63
192.168.1.65 to
192.168.1.64 0100xxxx 192.168.1.79
192.168.1.78
192.168.1.81 to
192.168.1.80 0101xxxx 192.168.1.95
192.168.1.94
192.168.1.97 to
192.168.1.96 0110xxxx 192.168.1.111
192.168.1.110
192.168.1.113 to
192.168.1.112 0111xxxx 192.168.1.127
192.168.1.126
22.

Now we simply put the two tables together, and we have a variable subnet
solution for our three offices. Plus some spares!
Network part Subnet.host Host addresses Broadcast Address
 15

192.168.1.1 to 192.168.1.63 UNUSABLE -

192.168.1.0 00xxxxxx
192.168.1.62 NETMASK ALL 00's
192.168.1.65 to 192.168.1.79 ALLOCATE THIS TO
192.168.1.64 0100xxxx
192.168.1.78 THE 10-PC OFFICE
192.168.1.81 to 192.168.1.95 ALLOCATE THIS TO
192.168.1.80 0101xxxx
192.168.1.94 THE 9-PC OFFICE
192.168.1.97 to
192.168.1.96 0110xxxx 192.168.1.111 SPARE
192.168.1.110
192.168.1.113 to
192.168.1.112 0111xxxx 192.168.1.127 SPARE
192.168.1.126
192.168.1.129 to 192.168.1.191 ALLOCATE THIS
192.168.1.128 10xxxxxx
192.168.1.190 ONE TO THE 50-STATION OFFICE
192.168.1.193 to 192.168.1.255 UNUSABLE -
192.168.1.192 11xxxxxx
192.168.1.254 NETMASK ALL 11's
23.
and don't forget the trick of grabbing the end IP's for the point to point
networks to link these offices together.

24.Preference to finer resolution routes - don't need to fully enumerate

Let's say you have variably subnetted a network, and of the 30 subnets
available, 29 of them are in one office, but the 30th is in the other. To route this
properly you would issue 29 routing commands to one address and 1 to the
other. This is wasteful of router table space. The thing to do is to issue ONE
router command that covers all 30 subnets and send them to the one office, but
issue a second router command which is MORE SPECIFIC to extract that one
subnet from the block, and route it elsewhere. More specific routes take
precedence in most routers. Occasionally you will find some brand of router
which does require non-overlapping routes, and if this happens to you, just
issue all 30 explicit commands.

25."Supernetting", aka CIDR (Classless InterDomain Routing)

The world has a big problem with too many route table entries in the big
backbone routers. To solve that problem, people realised they could aggregate
network routing commands, eg a network 192.168.2.0/24 and a neighboring
network 192.168.3.0/24 could be represented by merging them like this:
192.168.2.0/23

This would be fine, except we know the problems of subnetting and all-zeroes
and all-ones masks. The same problems would start showing up here. The
solution is simple: someone just issued an edict saying "forget everything you
learned, we won't bother with those rules any more". There's even a command
to tell the routers themselves that they should ignore the rules - "ip
classless"
When you break the rules like this, and allow netmasks that end in all 0's or all
1's, it's called "CIDR" - Classless InterDomain Routing.
 16

That's really all you need to know about CIDR. It's trivial, it's easy, and the
details work just the same as subnetting but you merge up instead of splitting
down.

26.Calculators

Once you understand subnetting as described above, you'll probably be able to

do it in your head. However sometimes you want to check your work, or are in
a hurry, and if so, there are many web pages on the net which offer "subnet
calculator"s.
Just be warned - often they do not check for the special conditions such as all-
one's subnets, and will let you do something stupid like ask for a /25 subnet.
The one referred to below does appear to make an effort at checking for this
sort of thing, so it may be a good one to bookmark.

27.Final test :-)

You are a sys admin at a small ISP. You asked your upstream vendor for a /19
allocation (equivalent to 32 Class C networks). You were given the following:
167.114.209.0 through 167.114.240.0.

Will these do what you want?

(If we have time left, we'll work this example on paper)

28.References

Some of the info above was cribbed from:

29. IP Address Subnetting Tutorial
30. http://www.ralphb.net/IPSubnet/
31.
32. Daryl's TCP/IP Primer
33. http://ipprimer.windsorcs.com/addressing.cfm
34. http://ipprimer.windsorcs.com/bitbybit.cfm
35.
36. IP Subnet Calculations (Check here for a quick refresher in
binary arithmetic)
37. http://www.swcp.com/~jgentry/topo/unit3.htm
38.
39. Subnet masking, definition and summary
40. http://www.exabyte.net/lambert/subnet/subnet_masking_defini
tion.htm
41. http://www.exabyte.net/lambert/subnet/subnet_masking_summar
y.htm
42.
43. A reasonable subnet calculator that makes some attempt to
warn about unusable subnets
44. http://www.agt.net/public/sparkman/netcalc.htm
45.
 17

Classless Inter-Domain Routing (CIDR) Overview

What Is CIDR?

CIDR is a new addressing scheme for the Internet which allows for more efficient allocation
of IP addresses than the old Class A, B, and C address scheme.

Why Do We Need CIDR?

With a new network being connected to the Internet every 30 minutes the Internet was faced
with two critical problems:

• Running out of IP addresses

• Running out of capacity in the global routing tables

Running Out of IP Addresses

There is a maximum number of networks and hosts that can be assigned unique addresses
using the Internet's 32-bit long addresses. Traditionally, the Internet assigned "classes" of
addresses: Class A, Class B and Class C were the most common. Each address had two parts:
one part to identify a unique network and the second part to identify a unique host in that
network. Another way the old Class A, B, and C addresses were identified was by looking at
the first 8 bits of the address and converting it to its decimal equivalent.

Address Class # Network Bits # Hosts Bits Decimal Address Range

Class A 8 bits 24 bits 1-126
Class B 16 bits 16 bits 128-191
Class C 24 bits 8 bits 192-223

Using the old Class A, B, and C addressing scheme the Internet could support the following:

• 126 Class A networks that could include up to 16,777,214 hosts each

 18

• Plus 65,000 Class B networks that could include up to 65,534 hosts each
• Plus over 2 million Class C networks that could include up to 254 hosts each

(Some addresses are reserved for broadcast messages, etc.). Because Internet addresses were
generally only assigned in these three sizes, there was a lot of wasted addresses. For example,
if you needed 100 addresses you would be assigned the smallest address (Class C), but that
still meant 154 unused addresses. The overall result was that while the Internet was running
out of unassigned addresses, only 3% of the assigned addresses were actually being used.
CIDR was developed to be a much more efficient method of assigning addresses.

Global Routing Tables At Capacity

A related problem was the sheer size of the Internet global routing tables. As the number of
networks on the Internet increased, so did the number of routes. A few years back it was
forecasted that the global backbone Internet routers were fast approaching their limit on the
number of routes they could support.

Even using the latest router technology, the maximum theoretical routing table size is
approximately 60,000 routing table entries. If nothing was done the global routing tables
would have reached capacity by mid-1994 and all Internet growth would be halted.

How Were These Problems Solved?

Two solutions were developed and adopted by the global Internet community:

• Restructuring IP address assignments to increase efficiency

• Hierarchical routing aggregation to minimize route table entries

Restructuring IP Address Assignments

Classless Inter-Domain Routing (CIDR) is a replacement for the old process of assigning
Class A, B and C addresses with a generalized network "prefix". Instead of being limited to
network identifiers (or "prefixes") of 8, 16 or 24 bits, CIDR currently uses prefixes anywhere
from 13 to 27 bits. Thus, blocks of addresses can be assigned to networks as small as 32 hosts
or to those with over 500,000 hosts. This allows for address assignments that much more
closely fit an organization's specific needs.

A CIDR address includes the standard 32-bit IP address and also information on how many
bits are used for the network prefix. For example, in the CIDR address 206.13.01.48/25, the
"/25" indicates the first 25 bits are used to identify the unique network leaving the remaining
bits to identify the specific host.

CIDR Block Prefix # Equivalent Class C # of Host Addresses

/27 1/8th of a Class C 32 hosts
/26 1/4th of a Class C 64 hosts
/25 1/2 of a Class C 128 hosts
/24 1 Class C 256 hosts
 19

/23 2 Class C 512 hosts

/22 4 Class C 1,024 hosts
/21 8 Class C 2,048 hosts
/20 16 Class C 4,096 hosts
/19 32 Class C 8,192 hosts
/18 64 Class C 16,384 hosts
/17 128 Class C 32,768 hosts
/16 256 Class C 65,536 hosts
(= 1 Class B)
/15 512 Class C 131,072 hosts
/14 1,024 Class C 262,144 hosts
/13 2,048 Class C 524,288 hosts

Hierarchical Routing Aggregation To Minimize Routing Table Entries

The CIDR addressing scheme also enables "route aggregation" in which a single high-level
route entry can represent many lower-level routes in the global routing tables.

The scheme is similar to the telephone network where the network is setup in a hierarchical
structure. A high level, backbone network node only looks at the area code information and
then routes the call to the specific backbone node responsible for that area code. The receiving
node then looks at the phone number prefix and routes the call to its subtending network node
responsible for that prefix and so on. The backbone network nodes only need routing table
entries for area codes, each representing huge blocks of individual telephone numbers, not for
every unique telephone number.

Currently, big blocks of addresses are assigned to the large Internet Service Providers (ISPs)
who then re-allocate portions of their address blocks to their customers. For example, Pacific
Bell Internet has been assigned a CIDR address block with a prefix of /15 (equivalent to 512
Class C addresses or 131,072 host addresses) and typically assigns its customers CIDR
addresses with prefixes ranging from /27 to /19. These customers, who may be smaller ISPs
themselves, in turn re-allocate portions of their address block to their users and/or customers.
However, in the global routing tables all these different networks and hosts can be represented
by the single Pacific Bell Internet route entry. In this way, the growth in the number of routing
table entries at each level in the network hierarchy has been significantly reduced. Currently,
the global routing tables have approximately 35,000 entries.

User Impacts

The Internet is currently a mixture of both "CIDR-ized" addresses and old Class A, B and C
addresses. Almost all new routers support CIDR and the Internet authorities strongly
encourage all users to implement the CIDR addressing scheme. (We recommend that any new
router you purchase should support CIDR).
 20

The conversion to the CIDR addressing scheme and route aggregation has two major user
impacts:

• Justifying IP Address Assignments

• Where To Get Address Assignments

Justifying IP Address Assignments

Even with the introduction of CIDR, the Internet is growing so fast that address assignments
must continue to be treated as a scarce resource. As such, customers will be required to
document, in detail, their projected needs. Users may be required from time to time to
document their internal address assignments, particularly when requesting additional
addresses. The current Internet guideline is to assign addresses based on an organization's
projected three month requirement with additional addresses assigned as needed.

Where To Get Address Assignments

In the past, you would get a Class A, B or C address assignments directly from the appropriate
Internet Registry (i.e., the InterNIC). Under this scenario, you "owned" the address and could
take it with you even if you changed Internet Service Providers (ISPs). With the introduction
of CIDR address assignments and route aggregation, with a few exceptions, the recommended
source for address assignments is your ISP. Under this scenario, you are only "renting" the
address and if you change ISPs it is strongly recommended that you get a new address from
your new ISP and re-number all of your network devices.

While this can be a time-consuming task, it is critical for your address to be aggregated into
your ISP's larger address block and routed under their network address. There are still
significant global routing table issues and the smaller your network is, the greater your risk of
being dropped from the global routing tables. In fact, networks smaller than 8,192 devices
will very likely be dropped. Neither the InterNIC nor other ISPs have control over an
individual ISP's decisions on how to manage their routing tables.

As an option to physically re-numbering each network device, some organizations are using
proxy servers to translate old network addresses to their new addresses. Users should be
cautioned to carefully consider all the potential impacts before using this type of solution.

Need More Information?

For more detailed technical information on CIDR, go to http://www.rfc-

editor.org/rfcsearch.html and type in the number of the CIDR RFC you are interested in:

• RFC 1517: Applicability Statement for the Implementation of CIDR

• RFC 1518: An Architecture for IP Address Allocation with CIDR
• RFC 1519: CIDR: An Address Assignment and Aggregation Strategy
• RFC 1520: Exchanging Routing Information Across Provider Boundaries in the CIDR
Environment

As mentioned before, there are a few exceptions where an organization would not use an ISP
assigned address block.
 21

Conclusion

The implementation of CIDR has been critical to the continued growth of the Internet,
allowing more organizations and users to take advantage of this increasingly vital global
networking and information resource.

IP Subnet Calculations

1. IP Addressing

At this point you should know that IP, the Internet Protocol, is a network layer (OSI layer 3)
protocol, used to route packets between hosts on different networks. To suit this purpose, IP
must define an addressing scheme, so that a packet's intended destination can be indicated.

An IP address is composed of 32 bits. These 32 bits are divided into 4 octets of 8 bits each.
You may have seen an IP address represented like this: 172.68.15.24. We must remember,
however, that the computer understands this number only in binary, so we must often deal
with them in binary. Many people are intimidated by this initially, but soon find that it is not
difficult. If you do not allow yourself to be flustered, you can master this topic.

IP addresses are assigned to orginazations in blocks. Each block belongs to one of three
classes: class A, class B, or class C. You can tell what class an IP address is by the value in its
first octet.

Class A 1-126
Class B 128-191
Class C 192 -->

An IP address consists of two fields. The first field identifies the network, and the second field
identifies the node on the network. Which bits of the address are in the network field and
which bits are in the host field is determined by the subnet mask.

When a class A IP license is granted, you are assigned something like this: 99.0.0.0. Only the
value of the bits in the first octet are assigned. This means you are free to assign any values
you wish in the second, third and fourth octets.

The defualt subnet mask for a class A network is 255.0.0.0. High bits, ones, indicate the bits
that are part of the network field of the IP address. The default subnet mask does not create
subnets. Therefor, a class A network with the default subnet mask is one network. The three
octets that are unassigned and unmasked are part of the host field of the address. There is a
total of 24 bits in those three octets. Each bit can be in one of two states. Therefor, 2^24 is the
number of host addresses that can be assigned on that network, almost. Two addresses are
reserved on every network, x.x.x.0 and x.x.x.255. So the total number of hosts possible on
this network is 2^24. 2^24-2=16,777,214 hosts for a class A IP network.
 22

When a class B license is granted, the first two octets are assigned. For example, 172.198.x.x.
The default subnet mask for a class B is 255.255.0.0. One network, two octets free, 16 bits for
the host address field. 2^16-2=65,534 possible host addresses on a class B IP network.

When a class C license is granted, the first three octets are assigned, for example: 193.52.16.0.
The default subnet mask for a class C is 255.255.255.0. Once octet makes up the host address
field. 2^8-2=254 host addresses possible on a class C network.

2. Reason for Subnetting

We said that the default subnet mask for a class A IP network is 255.0.0.0. Once octet only of
a class A network address identifies the network, with this subnet mask. This leaves three
octets of 8 bits each, or 24 bits, to identify the host on that one network. 2^24=16,777,216
addresses. Two addresses are reserved, x.x.x.0 and x.x.x.255. 16,777,214 nodes can be
assigned an IP address on this network.

It is highly unlikely that any organization would want one network of 16,777,214 nodes. They
might want that many devices connected in a wide area network (WAN), thus capablee of
communicating when neccessary, but they will want to subdivide this huge network into
mostly self-contained subnetworks of nodes that communicate with each other often. This is
called subnetting.

To understand why, consider what would happen in either a broadcast or a token passing
network that consisted of over 16,000,000 nodes. Nothing would happen. It simply would not
work. Though the problem is not as drastic, class B and class C IP networks are often
subnetted, also.

The subnet mask is used to subdivide an IP network into subnets. This is a division that takes
place in OSI layer 3, so it is a logical division that is created by the addressing scheme. This
logical division is usually combined with a physical division. Many subnets are physically
isolated from the rest of the network by a device such as a router or a switch. This aspect of
subnetting is discussed in Unit 3--Data Link Layer.

3. How Subnetting Works

The bits of an address that are masked by the subnet mask are the bits that make up the
network field of the address. To subnet, the default subnet mask for a network is extended to
cover bits of the address that would otherwise be part of the host field. Once these bits are
masked, they become part of the network field, and are used to identify subnets of the larger
network.

Here is where we begin dealing with both addresses and subnetmasks in binary. Get yourself a
cold beverage, stretch, take a deep breath and don't worry. Once you get your brain around the
concepts, it is not difficult. You just have to keep trying until the light goes on.

3.1 Translating Binary to Decimal

Both IP addresses and subnet masks are composed of 32 bits divided into 4 octets of 8 bits
each. Here is how a single octet translates from binary to decimal. Consider an octet of all
ones: 11111111.
 23

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
1 1 1 1 1 1 1 1
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

Here's another: 10111001

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
1 0 1 1 1 0 0 1
128 + 0 + 32 +16 + 8 + 0 + 0 + 1 = 185

and 00000000

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
0 0 0 0 0 0 0 0
0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 = 0

3.2 Converting Decimal to Binary

Converting decimal to binary is similar. Consider 175:

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
1 0 1 0 1 1 1 1
128 + 0 + 32 + 0 + 8 + 4 + 2 + 1 = 175

175=10101111

3.3 Simple Subnetting

The simpliest way to subnet is to take the octet in the subnet mask that covers the first
unassigned octet in the IP address block, and make all its bits high. Remember, a high bit, a 1,
in the subnet mask indicates that that corresponding bit in the IP address is part of the network
field. So, if you have a class B network 172.160.0.0, with the subnet mask 255.255.0.0, you
have one network with 65, 534 possible addresses. If you take that subnet mask and make all
the bits in the third octet high

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
1 1 1 1 1 1 1 1
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

you get the subnet mask 255.255.255.0.

172.60. 0. 0
255.255.255.0

Now the third octet of all the addresses on this network are part of the network field instead of
the host field. That is one octet, or eight bits, that can be manipulated to create subnets. 2^8-
2=254 possible subnets now on this class B network.

One octet is left for the host field. 2^8-2=254 possible host addressed on each subnet.
 24

3.4 Advanced Subnetting

That is the simplist way to subnet, but it may not be the most desirable. You might not want
254 subnets on your class B network. Instead, you might use a subnet mask like
255.255.224.0. How many subnets would this give you? The first step is to see how many bits
are allocated to the network by this mask.

128 64 32 16 8 4 2 1
--- -- -- -- - - - -
1 1 1 0 0 0 0 0
128 + 64 + 32 + 0 + 0 + 0 + 0 + 0 = 224

3 bits are allocated. 2^3-2=6 subnets.

How many hosts on each subnet? Well, 5 bits from this octet are left for the host field, and 8
bits in the fourth octet, for a total of 13 bits in the host field. 2^13-2=8190 possible hosts on
each subnet.

The subnet mask is always extended by masking off the next bit in the address, from left to
right. Thus, the last octet in the subnet mask will always be one of these: 128, 192, 224, 240,
248, 252, 254 or 255.

Given the IP address of a host and the subnet address for the network, you need to be able to
calculate which subnet that host is on. To do this we compare the binary representation of the
pertinent octet of the subnet mask witht he binary representation of the corresponding octet in
the IP address. Example:

IP address=172.60.50.2
subnet mask=255.255.224.0

50= 00110010
224=11100000

We perform a logical on these two numbers. We will be left with only the bits where there is a
one in both octets.

00110010
11100000
--------
00100000=32

This host is on subnet 172.60.32.0.

We also need to be able to find the range of assignable IP addresses on this subnet. To do this,
we take the binary that tells us the subnet address, in this case 00100000, and compare it with
the subnet mask.

00100000
11100000

The bits convered by the mask we will leave as they are. The rest of the bits we make high. So

00100000
 25

11100000
--------
0011111=63

The range of assignable IP addresses on the subnet 172.60.32.0 is 172.60.32.1-172.60.63.254.

On every network and subnet, two addresses are reserved. At the low end of the range of
addresses for the network or subnet, in this case 172.60.64.0, is the address for the network or
subnet itself. The address at the high end of the range of addresses, in this case 172.60.95.255,
is the broadcast address. Any message sent to the broadcast address will be received by every
host on the network.

4. Sample Problem

Here is a sample problem for you to calculate. When you are done, you can check your
answers using an online subnet calcualtor at Tactix Engineering.

IP address: 154.16.52.16
subnet mask: 255.255.240.0

Find:
Number of subnets possible on this network:
Number of hosts possible on each subnet:
Which subnet this address is on:
Range of addresses on that subnet:

What is CIDR?
CIDR stands for Classless Inter-Domain Routing. CIDR was developed in the 1990s as a
standard scheme for routing IP addresses.

Before CIDR, Internet routers managed IP traffic based solely on the class of IP
addresses and their associated subnet masks. This scheme utilized IP address space
inefficiently as explained earlier. CIDR allows a more flexible way to associate groups of
IP addresses without relying on the original class system. CIDR is also known as
supernetting.

CIDR Notation
CIDR specifies an IP address range by the combination of an IP address and its
associated network mask. CIDR notation uses the following format -
xxx.xxx.xxx.xxx/n
where n is the number of (leftmost) '1' bits in the mask. For example,
192.168.12.0/23
applies the network mask 255.255.254.0 to the 192.168 network, starting at
192.168.12.0. This notation represents the address range 192.168.12.0 -
192.168.13.255. Compared to traditional class-based networking, 192.168.12.0/23
 26

represents an aggregation of the two Class C networks 192.168.12.0 and 192.168.13.0

each using the default network mask 255.255.255.0.

CIDR supports Internet address allocation and message routing independent of the
traditional class of a given IP address range. For example,

10.4.12.0/22
represents the address range 10.4.12.0 - 10.4.15.255 by employing the network mask
255.255.252.0. This effectively represents an apportioning of four Class C networks
within the much larger Class A space.

CIDR notation is sometimes adopted even on non-CIDR networks. In non-CIDR IP

subnetting, however, the value of n is restricted to either 8 (Class A), 16 (Class B) or 24
(Class C) from the Internet address allocation and routing perspective.

How CIDR Works

The flexibility of CIDR derives from the ability of routers to work with subnet masks other
than the traditional Class A, B, or C masks (values of n other than 8, 16, or 24). For CIDR
to work, Internet routing protocols must be implemented that support the CIDR
conventions. Popular routing protocols like BGP (Border Gateway Protocol) and OSPF
(Open Shortest Path First) were updated to support CIDR years ago, but some less
popular protocols still do not support CIDR today.

Routers on the Internet backbone (WAN network between ISPs) all generally support
CIDR. Backbone support of CIDR is essential to achieve conservation of IP address space.
Private networks and small public LANs have much less need to conserve addresses,
however, and therefore may not utilize CIDR.

For aggregation to work, the subnets involved must be contiguous (numerically adjacent)
in the address space. CIDR cannot, for example, aggregate 192.168.12.0 and
192.168.15.0 into a single route unless the intermediate .13 and .14 address ranges are
included. The 192.168.12.0/24 route does exactly this.

CIDR and IPv6

IPv6 utilizes CIDR routing technology and CIDR notation in the same way as IPv4. IPv6 is
designed for fully classless addressing.