IP
Subnetting, Variable Subnetting, and CIDR (Supernetting)
Before we go into details, there are two things you might be able to use which will avoid the need to learn any of this stuff:
- NAT - network address translation
If it is available to you, NAT often lets you create any size of network you want, without worrying about how much IP space you have been officially allocated. I'm not going to explain what NAT is in detail, because it will be covered in someone else's lesson. In short, it's a way to map large numbers of IPs on to a single IP (or to take a large sparse range such as a Class B and map each address that is actually used on to a small number of Class C's). NAT is worth taking the time to learn, because it can save you a whole lot of effort! - IP address space in general - inference of Class A/B/C
Before we start - a quick and very basic recap on IP addressing in general.
Every machine on the net has an address. Addresses are 32 bits. These 32 bits are split into two parts - a network number followed by a host address. The 'host address' part is for a number of machines on one physical network - say a bunch of machines connected with a hub or on a single thin ether wire. The network number represents this group of hosts as a single unit, and routers need to know these network numbers to send data from one net to another.
Just where the network/host split is made is arbitrary. There's no real reason why 10.1.2.3 should be part of a class A network and 220.1.2.3 is part of a class C network - it just is. The address space was split up as shown below, and any addresses in these ranges are deemed to be in the appropriate Class. Why does this matter? Well, some software will ask for an IP address but NOT a netmask - and it will infer a netmask from the address. This is OK as long as you are staying within the class system, but if you are subnetting or supernetting, it can cause you a lot of trouble.
There's actually very little difference between a Class C network, and a Class B network with a 255.255.255.0 netmask applied. (The only time they're different is if the network address is of the form X.X.0.X or X.X.255.X)
Before you start designing your subnets, you should know what it is that you've been given. Here are three ways of finding out what class your allocation is in. Use whichever you find easiest.
o
Class A addresses begin with 0xxx, or 1 to 126
decimal. (127 is loopback)
o
Class B addresses begin with 10xx, or 128 to 191
decimal.
o
Class C addresses begin with 110x, or 192 to 223
decimal.
o
Class D addresses begin with 1110, or 224 to 239
decimal. (a.k.a multicast - you'll probably never see these)
o
Class E addresses begin with 1111, or 240 to 254
decimal. (or these)
o
If the first bit is 0 it is a Class
A address
o
If the first two bits are 10 it is a
Class B address
o
If the first three bits are 110 it
is a Class C address
o
If the first four bits are 1110 it
is a Class D multicast address
o
If the first four bits are 1111 it
is a Class E experimental address
First Byte
|
Class
|
Network Mask (explained later)
|
1-126
|
"A"
|
255.0.0.0
|
128-191
|
"B"
|
255.255.0.0
|
192-223
|
"C"
|
255.255.255.0
|
In all the examples below we will assume we have been allocated a Class C network
to work
with: 192.168.1.0
192.168.1.0 is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet. So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up. It's amazing the number of people who create internal networks using real IP addresses chosen at random. If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else. If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses.
Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover. If you can do a Class C from first principles, you'll be able to do Class B's in your sleep. Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing.
192.168.1.0 is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet. So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up. It's amazing the number of people who create internal networks using real IP addresses chosen at random. If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else. If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses.
Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover. If you can do a Class C from first principles, you'll be able to do Class B's in your sleep. Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing.
What is Broadcast?
I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses 192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be sent to *every* station on that network. Later we'll discover that sending to 192.168.1.0 is sort of something similar. Or was once, anyway.
In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet host part set to all ones means broadcast. Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only.
I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses 192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be sent to *every* station on that network. Later we'll discover that sending to 192.168.1.0 is sort of something similar. Or was once, anyway.
In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet host part set to all ones means broadcast. Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only.
Don't I need to know how to do
binary arithmetic?
Forgetaboutit. If you can't do binary math in your head, just use the data in these tables below. (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.)
Forgetaboutit. If you can't do binary math in your head, just use the data in these tables below. (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.)
Subnetting Class C - most typical
example: /28 "all zeroes, all ones" excluded. Mask is 11110000
This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full.
This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full.
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
0000xxxx
|
192.168.1.1 to 192.168.1.14
|
192.168.1.15 - UNUSABLE - NETMASK
ALL 0000's
|
192.168.1.16
|
0001xxxx
|
192.168.1.17 to 192.168.1.30
|
192.168.1.31
|
192.168.1.32
|
0010xxxx
|
192.168.1.33 to 192.168.1.46
|
192.168.1.47
|
192.168.1.48
|
0011xxxx
|
192.168.1.49 to 192.168.1.62
|
192.168.1.63
|
192.168.1.64
|
0100xxxx
|
192.168.1.65 to 192.168.1.78
|
192.168.1.79
|
192.168.1.80
|
0101xxxx
|
192.168.1.81 to 192.168.1.94
|
192.168.1.95
|
192.168.1.96
|
0110xxxx
|
192.168.1.97 to 192.168.1.110
|
192.168.1.111
|
192.168.1.112
|
0111xxxx
|
192.168.1.113 to 192.168.1.126
|
192.168.1.127
|
192.168.1.128
|
1000xxxx
|
192.168.1.129 to 192.168.1.142
|
192.168.1.143
|
192.168.1.144
|
1001xxxx
|
192.168.1.145 to 192.168.1.158
|
192.168.1.159
|
192.168.1.160
|
1010xxxx
|
192.168.1.161 to 192.168.1.174
|
192.168.1.175
|
192.168.1.176
|
1011xxxx
|
192.168.1.177 to 192.168.1.190
|
192.168.1.191
|
192.168.1.192
|
1100xxxx
|
192.168.1.193 to 192.168.1.206
|
192.168.1.207
|
192.168.1.208
|
1101xxxx
|
192.168.1.209 to 192.168.1.222
|
192.168.1.223
|
192.168.1.224
|
1110xxxx
|
192.168.1.225 to 192.168.1.238
|
192.168.1.239
|
192.168.1.240
|
1111xxxx
|
192.168.1.241 to 192.168.1.254
|
192.168.1.255 - UNUSABLE - NETMASK
ALL 1111's
|
0's/1's restriction on host part:
let's take one subnet from the table above:
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.32
|
0010xxxx
|
192.168.1.33 to 192.168.1.46
|
192.168.1.47
|
Now, let's look at the individual hosts within that subnet:
Network part
|
Subnet . Host part
|
Host Address
|
192.168.1.32
|
0010.0000
|
UNUSABLE - HOST PART IS ALL 0's
|
192.168.1.33
|
0010.0001
|
|
192.168.1.34
|
0010.0010
|
|
192.168.1.35
|
0010.0011
|
|
192.168.1.36
|
0010.0100
|
|
192.168.1.37
|
0010.0101
|
|
192.168.1.38
|
0010.0110
|
|
192.168.1.39
|
0010.0111
|
|
192.168.1.40
|
0010.1000
|
|
192.168.1.41
|
0010.1001
|
|
192.168.1.42
|
0010.1010
|
|
192.168.1.43
|
0010.1011
|
|
192.168.1.44
|
0010.1100
|
|
192.168.1.45
|
0010.1101
|
|
192.168.1.46
|
0010.1110
|
|
192.168.1.47
|
0010.1111
|
UNUSABLE - HOST PART IS ALL 1's
|
Although you may be familiar with the all ones broadcast addresses (typically x.x.x.255 for a Class C network) you may not realise that at some time in the past x.x.x.0 was also used as a broadcast address. Although this seldom is done nowadays, for historical reasons we still obey this convention. (The last machine I owned that actually used the .0 address for broadcast was a Sun from the late 1980's)
Note what happens as the room for hosts gets smaller:
This is the host table for a /30:
Network part
|
Subnet . Host part
|
Host Address
|
192.168.1.32
|
001000.00
|
UNUSABLE - HOST PART IS ALL 0's
|
192.168.1.33
|
001001.01
|
|
192.168.1.34
|
001010.10
|
|
192.168.1.35
|
001011.11
|
UNUSABLE - HOST PART IS ALL 1's
|
A /30 is particularly wasteful - 50%
of the hosts are unusable. Similarly, a /26 is pretty bad, because 50% of the
nets are unusable. a /28 is best because it lets you have (16 - 2) * (16 - 2) =
192 hosts.
This would be the host table if a /31, if it existed:
This would be the host table if a /31, if it existed:
Network part
|
Subnet . Host part
|
Host Address
|
192.168.1.32
|
0010000.0
|
UNUSABLE - HOST PART IS ALL 0's
|
192.168.1.33
|
0010000.1
|
UNUSABLE - HOST PART IS ALL 1's
|
What's wrong with this picture??? Well, you can't have a /31. Here's why...
We can have subnets of
/26,/27,/28,/29,/30 - BUT NOT /25 or /31!
This is a /30 (with sections removed for brevity):
Mask is 11111100
This is a /30 (with sections removed for brevity):
Mask is 11111100
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
000000xx
|
192.168.1.1 to 192.168.1.2
|
192.168.1.3 - UNUSABLE - NETMASK
ALL 000000's
|
192.168.1.4
|
000001xx
|
192.168.1.5 to 192.168.1.6
|
192.168.1.7
|
192.168.1.8
|
000010xx
|
192.168.1.9 to 192.168.1.10
|
192.168.1.11
|
192.168.1.12
|
000011xx
|
192.168.1.13 to 192.168.1.14
|
192.168.1.15
|
192.168.1.16
|
000100xx
|
192.168.1.17 to 192.168.1.18
|
192.168.1.19
|
192.168.1.20
|
000101xx
|
192.168.1.21 to 192.168.1.22
|
192.168.1.23
|
192.168.1.24 - 244
|
...
|
..............................
|
.............
|
192.168.1.248
|
111110xx
|
192.168.1.249 to 192.168.1.250
|
192.168.1.251
|
192.168.1.252
|
111111xx
|
192.168.1.253 to 192.168.1.254
|
192.168.1.255 - UNUSABLE - NETMASK
ALL 111111's
|
So why not a /25????
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
0xxxxxxx
|
192.168.1.1 to 192.168.1.126
|
192.168.1.127 - UNUSABLE - NETMASK
ALL 0's
|
192.168.1.128
|
1xxxxxxx
|
192.168.1.129 to 192.168.1.254
|
192.168.1.255 - UNUSABLE - NETMASK
ALL 1's
|
When the netmask is only one bit, it
can't help but being all zeroes or all ones.
And why not a /31?
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Addresses (0's and 1's)
|
192.168.1.0
|
0000000x
|
192.168.1.0? to 192.168.1.1?
|
192.168.1.0 - UNUSABLE - NETMASK
000000's
192.168.1.1 - UNUSABLE - NETMASK 000000's |
192.168.1.2
|
0000001x
|
192.168.1.2? to 192.168.1.3?
|
192.168.1.2 - UNUSABLE - Broadcast
0's
192.168.1.3 - UNUSABLE - Broadcast 1's |
192.168.1.4 - 250
|
...
|
..............................
|
.............
............. |
192.168.1.252
|
1111110x
|
192.168.1.252 to 192.168.1.253
|
192.168.1.252 - UNUSABLE -
Broadcast 0's
192.168.1.253 - UNUSABLE - Broadcast 1's |
192.168.1.254
|
1111111x
|
192.168.1.254 to 192.168.1.255
|
192.168.1.254 UNUSABLE - NETMASK
111111's
192.168.1.255 UNUSABLE - NETMASK 111111's |
Variable subnetting example 1
(insert /30 into /28 from above)
Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each.
Is there any way we can get back some of those addresses? Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries:
Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each.
Is there any way we can get back some of those addresses? Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries:
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
000000xx
|
192.168.1.1 to 192.168.1.2
|
192.168.1.3 - UNUSABLE - NETMASK
ALL 000000's
|
192.168.1.4
|
000001xx
|
192.168.1.5 to 192.168.1.6
|
192.168.1.7
|
192.168.1.8
|
000010xx
|
192.168.1.9 to 192.168.1.10
|
192.168.1.11
|
192.168.1.12
|
000011xx
|
192.168.1.13 to 192.168.1.14
|
192.168.1.15
|
192.168.1.16 - 252
|
...
|
..............................
|
.............
|
Apart from the first one, these are all perfectly valid subnets, and if we were to configure machines using them, they will look just like normal addresses in a /30 subnet. We can do exactly the same thing for the 192.168.1.240-255 addresses.
These small subnets - they only have 2 IP addresses that are usable - are actually just what you need when you are setting up a point to point link between different subnets (in different locations). So by using the 'slop' at the end of the range, you can get your point to point links for free.
Variable subnetting example 2
(insert /28 from above into /26)
Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations.
The following table tells you how many workstations and how many offices you can have for each size of subnet mask:
Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations.
The following table tells you how many workstations and how many offices you can have for each size of subnet mask:
Bit Split
|
Subnet Mask
|
Block Size
|
Max Useable Subnets
(number of offices) |
# C IPs/Subnet
(number of workstations) |
2/6
|
192 (/26)
|
64
|
2
|
62
|
3/5
|
224 (/27)
|
32
|
6
|
30
|
4/4
|
240 (/28)
|
16
|
14
|
14
|
5/3
|
248 (/29)
|
8
|
30
|
6
|
6/2
|
252 (/30)
|
4
|
62
|
2
|
You see, with one office of size 50, we're forced with a simple subnet scheme to use a /26 (2 bits subnet, 6 bits host). However, we have three offices, so this won't work.
With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28 (16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station office.
Well, the solution is simple: Treat it as a /26, allocate the large office, then extract from a table of /28's enough smaller subnets to fit in the one remaining /26 slot. Like this:
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
00xxxxxx
|
192.168.1.1 to 192.168.1.62
|
192.168.1.63 UNUSABLE - NETMASK
ALL 00's
|
192.168.1.64
|
01xxxxxx
|
192.168.1.65 to 192.168.1.126
|
192.168.1.127 ALLOCATE THIS TO BE
FURTHER SUBNETTED
|
192.168.1.128
|
10xxxxxx
|
192.168.1.129 to 192.168.1.190
|
192.168.1.191 ALLOCATE THIS ONE TO
THE 50-STATION OFFICE
|
192.168.1.192
|
11xxxxxx
|
192.168.1.193 to 192.168.1.254
|
192.168.1.255 UNUSABLE - NETMASK
ALL 11's
|
(note: with a simple /26, you lose
HALF of your potential IP addresses to the broadcast network addresses)
And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here:
192.168.1.63
And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here:
192.168.1.63
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.64
|
0100xxxx
|
192.168.1.65 to 192.168.1.78
|
192.168.1.79
|
192.168.1.80
|
0101xxxx
|
192.168.1.81 to 192.168.1.94
|
192.168.1.95
|
192.168.1.96
|
0110xxxx
|
192.168.1.97 to 192.168.1.110
|
192.168.1.111
|
192.168.1.112
|
0111xxxx
|
192.168.1.113 to 192.168.1.126
|
192.168.1.127
|
Now we simply put the two tables together, and we have a variable subnet solution for our three offices. Plus some spares!
Network part
|
Subnet.host
|
Host addresses
|
Broadcast Address
|
192.168.1.0
|
00xxxxxx
|
192.168.1.1 to 192.168.1.62
|
192.168.1.63 UNUSABLE - NETMASK
ALL 00's
|
192.168.1.64
|
0100xxxx
|
192.168.1.65 to 192.168.1.78
|
192.168.1.79 ALLOCATE THIS TO THE
10-PC OFFICE
|
192.168.1.80
|
0101xxxx
|
192.168.1.81 to 192.168.1.94
|
192.168.1.95 ALLOCATE THIS TO THE
9-PC OFFICE
|
192.168.1.96
|
0110xxxx
|
192.168.1.97 to 192.168.1.110
|
192.168.1.111 SPARE
|
192.168.1.112
|
0111xxxx
|
192.168.1.113 to 192.168.1.126
|
192.168.1.127 SPARE
|
192.168.1.128
|
10xxxxxx
|
192.168.1.129 to 192.168.1.190
|
192.168.1.191 ALLOCATE THIS ONE TO
THE 50-STATION OFFICE
|
192.168.1.192
|
11xxxxxx
|
192.168.1.193 to 192.168.1.254
|
192.168.1.255 UNUSABLE - NETMASK
ALL 11's
|
and don't forget the trick of grabbing the end IP's for the point to point networks to link these offices together.
Preference to finer resolution
routes - don't need to fully enumerate
Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other. To route this properly you would issue 29 routing commands to one address and 1 to the other. This is wasteful of router table space. The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere. More specific routes take precedence in most routers. Occasionally you will find some brand of router which does require non-overlapping routes, and if this happens to you, just issue all 30 explicit commands.
Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other. To route this properly you would issue 29 routing commands to one address and 1 to the other. This is wasteful of router table space. The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere. More specific routes take precedence in most routers. Occasionally you will find some brand of router which does require non-overlapping routes, and if this happens to you, just issue all 30 explicit commands.
"Supernetting", aka CIDR
(Classless InterDomain Routing)
The world has a big problem with too many route table entries in the big backbone routers. To solve that problem, people realised they could aggregate network routing commands, eg a network 192.168.2.0/24 and a neighboring network 192.168.3.0/24 could be represented by merging them like this: 192.168.2.0/23
This would be fine, except we know the problems of subnetting and all-zeroes and all-ones masks. The same problems would start showing up here. The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless"
When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing.
That's really all you need to know about CIDR. It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down.
The world has a big problem with too many route table entries in the big backbone routers. To solve that problem, people realised they could aggregate network routing commands, eg a network 192.168.2.0/24 and a neighboring network 192.168.3.0/24 could be represented by merging them like this: 192.168.2.0/23
This would be fine, except we know the problems of subnetting and all-zeroes and all-ones masks. The same problems would start showing up here. The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless"
When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing.
That's really all you need to know about CIDR. It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down.
Calculators
Once you understand subnetting as described above, you'll probably be able to do it in your head. However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s.
Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet. The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark.
Once you understand subnetting as described above, you'll probably be able to do it in your head. However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s.
Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet. The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark.
Final test :-)
You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation (equivalent to 32 Class C networks). You were given the following: 167.114.209.0 through 167.114.240.0.
Will these do what you want?
(If we have time left, we'll work this example on paper)
You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation (equivalent to 32 Class C networks). You were given the following: 167.114.209.0 through 167.114.240.0.
Will these do what you want?
(If we have time left, we'll work this example on paper)
Cisco IP subnetting 101: An introduction to supernetting
By David "Davis CCIE, MCSE+I, SCSA"
August 18, 2005, 7:00am PDT
I recently wrote a two-part series about the basics of Cisco IP subnetting ("Cisco
IP subnetting 101: Five things you should know" and "Cisco
IP subnetting 101: Five more things you should know.") In response,
several TechRepublic members posted comments in the article's discussion or
contacted me with questions and requests for more advanced information about IP
subnetting.So I decided to take advantage of such requests and use them as fodder for my column. A couple weeks ago, I answered one member's question about all 1s and all 0s subnet masks. This time, let's look at another member's request for more technical information.
TechRepublic member Kevaburg offered the following feedback and requests for more details.
"I think I would have liked to have seen content showing how taking bits from the host to the network portion of the address changes the amount of subnets you have.
"A basic discussion of route summarization and a bit more about CIDR and the roles they play within subnetting would have been more useful than telling us all what we already know."
Changing bits on the subnet mask
Let's start with the first part of this request: How does moving bits from the host to the network portion of the address change the number of subnets? By taking away bits from the network portion of the address, we reduce the number of subnets and increase the number of hosts.This is always the case with a subnet mask. Adding 1s means increasing subnets and decreasing hosts per subnet. Removing 1s means decreasing subnets and increasing hosts per subnet.
Let's look at an example. Say we're starting with an IP network of 1.1.1.0 and a subnet mask of 255.255.255.0. In binary form, the current subnet mask looks like this:
11111111 11111111 11111111 00000000The sequences of 1s represent the network portion of this IP address, and the 0s stand for the node or host portion. To keep the example simple, let's take eight bits from the network portion of the address. So, we remove the last eight 1s and change them to 0s. The new subnet mask would look like this:
11111111 11111111 00000000 00000000With the original subnet mask, we had 254 useable hosts in the network (which we can determine by using the hosts formula: 28-2 hosts). With the new subnet mask—which is now 255.255.0.0—we have 65,534 useable hosts in the network (216-2).
We increased the number of hosts dramatically, but we also decreased the number of subnets by 256, which we can determine by using the networks formula: 28. (If we're using the original networks formula, 28-2, we would decrease the number of subnets by 254.)
So what are you going to do with a network that has more than 65,000 hosts? Actually, you're not going to use all 65,000 hosts.
You could assign it and address it, but at some point, your network will start to bog down with all the network broadcast traffic—and it will eventually grind to a halt. In reality, you would more likely use this reduced subnet mask to represent a supernetted network, which segues nicely into the second part of this member's request.
Supernetting a network
Supernetting (also known as route summarization or route aggregation) uses classless interdomain routing (CIDR) to address a number of IP subnets with a single route. We call that single route a summarized route or a supernet (in other words, the inverse of a subnet).To learn how to supernet a network, let's look at another example. Let's say we have four IP subnets on the four LAN interfaces of our router: 1.1.0.0/24, 1.1.1.0/24, 1.1.2.0/24, and 1.1.3.0/24. We want to summarize these networks into a single route that we can advertise across the WAN, which reduces the number of routes in the remote routers.
We could summarize these routes with this supernet IP address: 1.1.0.0/22. This single IP address references all four of the IP subnets. Here's a look at it in binary form:
IP address: 00000001 00000001 00000000 0000000
Supernet subnet mask: 11111111 11111111 11111100 0000000
Notice the third octet of the supernet subnet mask: 11111100. This allows
the last two bits of the third octet to be any combination of 00, 01, 10, or
11. So when advertised, this supernet mask would show that any of the four
subnets are available from the router.Keep in mind that when subnetting or supernetting from the classful boundaries, you must use a routing protocol that supports variable length subnet masks (VLSM) and CIDR. Your options include Routing Information Protocol version 2 (RIPv2), Enhanced Interior Gateway Routing Protocol (EIGRP), the Open Shortest Path First (OSPF) protocol, and Border Gateway Protocol (BGP).
Of these protocols, EIGRP is the only one that summarizes at classful network boundaries by default—a capability that you can turn on or off. On the other hand, OSPF requires manually entering a summary route with the summary-address command. BGP disables autosummary by default, but you can turn it on, or you can use the aggregate-address command to create your own summary route.
Whether you call it route summarization, route aggregation, or supernetting, this practice is essential on the Internet. If every carrier advertised every specific route it has, it would overwhelm the memory of the Internet BGP routers. For example, my company's BGP Internet router has 125,000 routes to Internet networks, and most of these routes are supernets. However, because the advertising routers summarize their routes, the router is able to receive all Internet routes using only 125,000 entries.
Miss a column?
Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.Cisco IP subnetting 101: Five things you should know
By David "Davis CCIE, MCSE+I, SCSA"
July 7, 2005, 6:43pm PDT
If you work with networks, odds are pretty good that you're familiar with
Cisco IP subnetting. But that doesn't mean you know all there is to know. It
never hurts to refresh your subnetting skills—particularly if you're planning
on taking a Cisco exam soon.IP subnetting isn't some obscure, esoteric topic that only the network administration "gurus" can understand. In fact, you should be able to get a firm grasp on subnetting in about an hour.
However, just like almost anything else, you won't be able to understand subnetting unless you use it—and practice. Learning subnetting takes some repetition. And once you do learn it, you'll quickly forget it if you don't practice it periodically.
What is IP subnetting?
Subnetting means breaking a large network into smaller networks. You can accomplish this by changing the subnet mask.When it comes to subnetting, how are routers different from computers?
Every computer needs three components in order to communicate both on its network and outside its network (e.g., to the Internet).- An IP address
- A subnet mask: Combined with the IP address, the subnet mask tells the computer which IP addresses are on its local network.
- A default gateway: A computer uses the default gateway to transmit data not on its local network. If a computer only needs to communicate on its own LAN, a default gateway isn't necessary.
In addition, every interface on a router must be on a different network. In fact, the router won't let you place two interfaces on the same network.
Where did subnetting come from?
Published in 1990, RFC 1166 specified five different classes of IP addresses:- Class A: Any IP address that begins with 1 to 127 has a subnet mask of 255.0.0.0.
- Class B: Any IP address that begins with 128 to 191 has a subnet mask of 255.255.0.0.
- Class C: Any IP address that begins with 192 to 223 has a subnet mask of 255.255.255.0.
- Class D is for multicast traffic only.
- Class E is experimental.
VLSM means that the subnet mask can dynamically change based on how many networks or hosts you need. So, while it's important to know the default (fixed length) subnet masks for testing purposes, a subnet mask for an IP that begins with 192 may or may not be 255.255.255.0.
What do 1s and 0s have to do
with it?
Subnetting is taking the original subnet mask and adding bits to it to
create more networks. In other words, if you convert a subnet mask into binary
form and add more 1s, you are subnetting that network. The more 1s that are
present in the subnet mask means the more networks with a fewer number of
hosts. The more 0s that are present in the subnet mask means the fewer networks
and the more hosts you have.In other words, the subnet mask tells routers and computers which portion of the IP address is for the network and which is for the host. If you slide the line between network and host to the left, you create fewer networks and more hosts. If you slide the line to the right, you create more networks and fewer hosts.
How can I write out subnet masks?
You can write out subnet masks in two different ways: dotted decimal notation and slash notation. The dotted decimal notation method is more than likely what you're familiar with. This involves writing the numbers and separating them by periods (i.e., dots). For example, you would write a Class C default subnet mask as 255.255.255.0.To use the slash notation method, you convert the subnet mask into binary form, writing the number of 1s in the subnet mask instead. For example, in binary form, 255.255.255.0 would be 11111111 11111111 11111111 00000000.
In slash notation, this "translates" to /24—in other words, the number of 1s. So, you would write your IP network with its subnet mask like this: 192.168.1.0/24. While the slash notation method may seem more complicated, keep in mind that it makes diagramming and note taking easier.
Cisco IP subnetting 101: Five more things you should know
By David "Davis CCIE, MCSE+I, SCSA"
July 14, 2005, 7:00am PDT
IP subnetting isn't some obscure topic that only network administration
"gurus" can understand. In fact, if you work with networks, odds are
pretty good that you're already somewhat familiar with Cisco IP subnetting.But it never hurts to refresh your subnetting skills—particularly if you're planning on taking a Cisco exam soon. Last time, I told you five things you should know about Cisco IP subnetting, including what subnetting is, how to write out subnet masks, and more. Now, let's look at five more things you should know about subnetting.
Which formulas can I use to subnet a network?
To review, subnetting involves taking a single network that has a large number of hosts and breaking it into multiple networks each with a smaller number of hosts. That's why we call it subnetting—because we're creating subnetworks. Let's look at two formulas you need to know when subnetting a network.Networks formula
This formula is 2x, where x is the number of 1s added to the subnet mask from the previous or default subnet mask when converted to binary.
For example, a subnet mask of 255.255.255.252 converted to binary is 11111111 11111111 11111111 11111100. Let's assume that this is from a classful network (i.e., a network that uses the five different classes of IP addresses), and it started out as a Class C subnet mask (255.255.255.0). To arrive at the new subnet mask (255.255.255.252), we added six 1s to the subnet mask, which had a default number of 24 1s.
So, 26 = 64, which means that changing the subnet mask from the default /24 (255.255.255.0) mask to a /30 (255.255.255.252) subnet mask would create 64 new networks.
Hosts formula
This formula is 2y-2, where y is the number of 0s in the subnet mask when converted to binary.
Let's use the same example. Our subnet mask is 255.255.255.252, which is 11111111 11111111 11111111 11111100 when converted to binary. This subnet mask had two 0s. So, 22-2 = 2, which means there are two valid hosts in the subnet. The 2 we subtract in the formula stand for the network ID and the broadcast ID.
Let's say the IP address for this example is 192.168.1.0 with a /30 subnet mask (the 255.255.255.252 subnet mask above). This network would look like this:
192.168.1.0: Network ID 192.168.1.1: One of the usable hosts 192.168.1.2: One of the usable hosts 192.168.1.3: Broadcast IDSo, by using the /30 subnet mask, we've created 64 new networks with two useable hosts each.
Shouldn't I subtract 2 when using the networks formula?
A more experienced administrator out there might be wondering why we didn't subtract 2 when using the networks formula. Let me clarify: The original networks formula was 2x-2, where the subtracted 2 stood for networks with all 0s and all 1s. However, with modern IP stacks, you can use these networks, and it's no longer necessary to subtract them (RFC 1878).Prior to Cisco IOS 12.0, by default, Cisco routers wouldn't allow you to configure an IP address on the all 0s network on an interface. However, you could configure this using the ip subnet-zero command in Global Configuration Mode.
Now, after IOS 12.0, the ip subnet-zero command is the default on routers. Note that this command not only allows the all 0s subnet, but it also permits the all 1s subnet. And that's why you no longer have to subtract 2 when using the network formula. For more information on this, see Cisco's "Subnet Zero and the All-Ones Subnet" documentation.
Which formulas should I know
for the CCNA exam?
Many CCNA test candidates want to know which subnetting formulas they should
know for the CCNA exam. I researched this question, and here's what I found
out: While most questions don't cover subnet 0 or subnet 1, it's still a
possible test topic. However, the exam clearly states the situation and
discloses whether the network in question uses the 0 or 1 subnets. So, I
recommend CCNA exam candidates make sure they understand the difference and
read the questions carefully.What are special IP addresses?
In addition to the different classes of IP addresses (i.e., A, B, C, D, and E), you should also be familiar with special IP addresses. Let's look at three categories of special IP addresses.Private IP addresses
Based on RFC 1918, private IP addresses are not routable on the Internet. Instead, the purpose of these addresses is for use on internal networks only. (While you may receive traffic from the Internet with a private IP address as the source, this is actually a spoofed source IP address.)
Here are the ranges of private IP addresses:
- 10.0.0.0 with a 255.0.0.0 (/8) subnet mask
- 172.16.0.0 through 172.31.255.255 with a 255.240.0.0 (/12) subnet mask
- 192.168.0.0 with a 255.255.0.0 (/16) subnet mask
The 169.254.0.0 network with a 255.255.0.0 (/16) subnet mask is an IP address range used for private IP addressing in situations when a machine is unable to contact a DHCP server (RFC 3927). For example, this is a default configuration when a Windows machine can't contact a DHCP server.
Loopback network
The 127.0.0.0 network with a 255.0.0.0 (/8) subnet mask is a special IP address range from the Class A network, which administrators can use for loopback adapters (RFC 1166). These are internal, "virtual" adapters that represent a network interface.
Every system has a loopback adapter, and it's usually 127.0.0.1. What many people don't realize is that 127.123.3.240 also represents their loopback adapter. The standard domain name for the loopback adapter is localhost.
Do I have to calculate my subnetting manually?
The CCNA exam requires candidates to be able to figure out subnetting in longhand. However, in the real world, most network administrators use a calculator.While you can use the Windows calculator to figure out the networks and hosts formulas, several specialized IP subnetting calculators are also available. In addition, these calculators can come in handy when you're studying for the CCNA exam and want to check your manual calculations.
No comments:
Post a Comment