Basic Subnet Masks One aspect of IP addressing that is extremely important to how IP addressing works is the use of subnet masks. An IP address without the appropriate subnet mask is like Laurel without Hardy. The subnet mask for a particular IP address is actually used by the router to resolve which part of the IP address is providing the network address and which part of the address is providing host address. The basic subnet masks for each class are shown below. Subnet masks also consist of four octets of information. A router matches up the information in the subnet mask with the actual IP address and determines the network address and the node address. Class Subnet Mask A B C 255.0.0.0 255.255.0.0 255.255.255.0 In the basic subnet masks (where no subnetting has been done) the octet either has all the bits turned on (represented by 1s) or all the bits turned off (represented by Os). When all the bits are turned on the decimal equivalent is 255. When all bits are set to binary 0, the decimal equivalent is 0. The question is how does a router use the subnet mask to determine which part of an IP address refers to the network address. It actually uses a process called anding where it "ands" the bits in the subnet mask with the bits in the IP address to determine the network address. Subnet-Mask: 255.255.0.0 IP-Address: 180.20.5.9 Network-Address: ? Subnet Mask: 11111111 11111111 00000000 00000000 IP-Address: 10110100 00010100 00000101 00001001 -------------------------------------------------------Network-Address: 10110100 00010100 00000000 00000000 Network-Address: 180.20 Subnetting IP Addresses Basically, subnetting enables you to take a number of LAN's and connect them together into one internetwork. It also provides you with the capability to break a large network into subnets that are connected with routers. Segmenting a large network using routers allows you to maximize the bandwidth of the network because the routers keep the traffic on each subnet local; the data isn't broadcast to the entire network. Each octet in the IP address (although represented as a decimal number) consists of 8 bits. Each bit position has a decimal equivalent. That decimal equivalent isn't realized, however, unless the bit is represented as a 1 (0 bits have no decimal value). The bits on the far left of the octet are referred to as the high-order bits. If you move down to the right end of the octet you are working with the lower-order bits. Creating Subnets on a Class A Network The subnetting math is actually easiest when working with Class A and Class B networks. Let's say that you've been assigned the network address 10.0.0.0 and you need 30 subnets. In Class A networks, the first octet defines the network address. The remaining three octets provide the node address information because you have all the possible bit combinations available in 3 octets. That's 24 bit positions, so the number of node addresses available would be 2^24-2 or 16,777,214 nodes. The reason that you must subtract 2 from the possible node addresses is that you lose two possibilities because the bits in the node octets cannot be set to all 1s or 0s. When the node octets are all set to 1, that address is used to broadcast messages to all the nodes on the network-it means all nodes-and so can't be used for an actual node address.When the node octets are all set to 0, that address signifies the network wire address. In our case, if all the node octets are set to 0, you get the address 10.0.0.0, which remember is our network address, which becomes very important when you configure IP networks on a router. Creating the Network Subnet Mask We want 30 subnets, right now our network address 10.0.0.0 only supplies bits for the network address (the first octet) and bits for node addresses (the other three octets). So, how do we create subnets? We steal some bits from the node octets and use them to create the subnets (you can't steal bits from the network octet because this is provided to you by the people who assign IP networks -- it is basically cast in stone). So, will steal bits from the first node octet to create our subnets (the second octet in the 10.0.0.0 address-from left to right). This means that the possible number of node addresses is going to be decreased because you are going to take some of the bits to create subnets (with bits removed for subnets, you get less node addresses). Stealing the bits will not only let us compute ranges of IP addresses for each subnet (each of the 30 subnets will have a different range of IP addresses), but it also lets us create a new subnet mask for the entire network. This new subnet mask will let routers and other devices on the network know that you have divided the network into subnets and it will also tell them how many logical subnets have been created. But first things first, you must figure out how many bits you need to steal to come up with 30 subnets. Remember that each bit in an octet has a decimal value. For example, the first low-order bit on the far right of the octet has a decimal value of 1, the bit to its left has a value of 2 and so on. So, to create 30 subnets you add the lower order bits' decimal values until you come up with a value of 31. Why, 31 and not 30? You cannot use subnet 0, which is what you derive when we steal only the first lower-order bit. When we know how many bits it takes to create 30 subnets -- 5 bits, we can create the new subnet mask for the entire Class A network. Forget for the moment that we used lower order bits (adding from right to left) to come up with the 30 subnets. Take the first five high order bits (128, 64, 32, 16, and 8) working from left to right. Add them together: 128+64+32+16+8=248. The 248 is very important. Normally, a Class A subnet mask is 255.0.0.0. but this Class A network has been subnetted, so the new subnet mask is 255.248.0.0. This new subnet mask tells routers and other devices that this Class A network contains 30 subnets. Now that we have the subnet mask for the entire network we can figure out the range of IP addresses that would be available in each of the 30 subnets. Calculating IP Subnet Ranges Calculating the subnet ranges is pretty straightforward. You used five high-order bits to determine the binary number used in the second octet of our new subnet mask for the network. These high-order bits also provide the secret for determining the IP address ranges for each subnet. The high-order decimal values that you used for the subnet mask were: 128, 64, 32, 16, and 8. Take the lowest of the high-order bits that you used to calculate the new subnet mask, in this case 8. This number becomes the increment used to create the IP address ranges for the 30 subnets. For example, the first subnet (of our 30) will begin with the IP address 10.8.0.1. The 8 is used as the starting increment for the second octet in the IP address, Remember, it was the second octet that you stole the bits from to create our subnets. So, all IP addresses that have a second octet decimal value of less than 8 are invalid values. To calculate the beginning number of our next subnet add 8 to the second octet, you get 16. So, the starting address for the second subnet will be 10,16.0.1. Continue to add 8 to the second octet to determine the start address for all 30 of the subnets. Now, you probably wonder where we came up with the 0 in the third octet and the 1 in the fourth octet. The possible decimal values of any octet range from 0 (where all bits are set to 0) to 255 (where all bits are set to 1). So the first IP address in the subnet can have all 0s in the third octet. So, why does the fourth position start with 1? Remember, we said earlier that the node address could not be represented by octets containing all 0s or all 1s. If the fourth octet was 0, both the node octets (the third and the fourth) would be all 0s, which is used to denote the subnetwork address, and so it isn't a legal address for a node. To determine the range of addresses for a particular subnet, we take that subnet's starting address and use all the addresses that are between it and the starting address of the next subnet. For example, the first subnet will contain all the addresses between 10.8.0.1 and 10.16.0.1 (but not including 10.16.0.1). Subnet# Start Address End Address ------------------------------------1 10.8.0.1 10.15.255.254 2 10.16.0.1 10.23.255.254 3 10.24.0.1 10.3 1.255.254 4 10.32.0.1 10.39.255.254 5 10.40.0.1 10.47.255.254 6 10.48.0.1 10.55.255.254 7 10.56.0.1 10.63.255.254 8 10.64.0.1 10.71.255.254 9 10.72.0.1 10.79.2 55.254 10 10.80.0.1 10.87.255.254 .. ......... ............. Calculating Available Node Addresses Calculating the number of node addresses available in each subnet is very straightforward. In our Class A network, you originally had 24 bits dedicated to node addressing. To create the 30 subnets, we had to steal 5 bits from the second octet. This means that now only 19 bits (24-5) are available to create node IP addresses. To calculate the nodes addresses per subnet, take 2 and raise it to the 19th power and then subtract 2: 2^19-2 = 524286 IP addresses per subnet. Creating Subnets on a Class B Network Class B networks that aren't subnetted provide 2 octets (I 6 bits) for node addressing. This provides 65,534 node addresses. The basic subnet mask for a Class B network is 255.255.0.0. Creating the Network Subnet Mask Let's say that you've been assigned a Class B network address of 180.10.0.0. To subnet this network, you will have to steal bits from the third octet. You have determined that you want to create 6 subnets. Calculating IP Subnet Ranges To figure out the range of IP addresses in each of the 6 subnets, you use the lowest of the high-order bits that were added to determine the new subnet mask number for the third octet. This would be 32. So, the first address in the first subnet would be 180.10.32.1 (180.10.32.0 is reserved as the subnetwork address and so cannot be used as a node address). To come up with the starting IP address of the second subnet, add 32 to the third octet (64). The second subnet would start with 180.10.64.1 and so on. Subnet# Start Address End Address -------------------------------------------1 180.10.32.1 180.10.63.254 2 180.10.64.1 180.10.95.254 3 180.10.96.1 180.10.127.254 4 180.10.128.1 180.10.159.254 5 180.10.160.1 180.10.191.254 6 180.10.192.1 180.10.223.254 Calculating Available Node Addresses Because you took 3 bits to create your subnets, you are left with 13 (16-3) bits for nodes. So, 2^13 - 2 = 8190. That's 8190 IP addresses available per subnet. Creating Subnets on a Class C Network Class C subnetting is a little more problematic than Class A and B networks because you only have one octet to steal bits from to create your subnets. Class C networks are also small to begin with (only 254 IP addresses are available), so creating more than just a few subnets will leave you with a very small number of node addresses available in each subnet. Creating the Network Subnet Mask Let's walk through an example that allows us to examine the idiosyncrasies of Class C subnetting. The network address is 200.10.44.0. One octet is available for node addresses (the fourth octet). This is also the octet that you must borrow bits from to create your subnets. You will divide the Class C network into 2 subnets. To create the 2 subnets you must borrow the first two lower order bits that have the decimal value of 1 and 2 (1 + 2 - 1 = 2 subnets). You then move to the other end of the decimal bit values and use the first 2 high-order bits (because you borrowed 2 bits for the subnets) to create the new subnet mask for the network. The two high-order bits are 128 and 64. Add them together and you get 192. So the new subnet mask for the network is 255.255.255.192. Calculating IP Subnet Ranges Now we need to figure out the range of IP addresses that will be available in the 2 subnets. The lowest of the high-order bits used to create the new subnet mask was 64, which becomes the increment for the subnet ranges. So, using what we learned when creating Class A and Class B subnets, you would assume that the start address of the first subnet would be 200.10.44.64. However, remember that an address in the range must be reserved as the subnetwork address. Because we are working with only one octet, the first usable address in the range of IP addresses for the subnet must be reserved as the subnetwork address. So, 200.10.44.64 is reserved for the subnet address. That means that the beginning of the range of IP addresses in the first subnet that you can use for node addresses begins with 200.10.44.65. And the next subnet, which begins with 200.10.44.128 also reserves the first address (200.10.44.128) as the subnetwork address. So the second subnet range of addresses that can be used for nodes begins with 200.10.44.129. Subnet# Subnetwork Start End Broadcast Address Address Address Address ----------------------------------------------------------------1 200.10.44.64 200.10.44.65 200.10.44.126 200.10.44.127 2 200.10.44.128 200.10.44.129 200.10.44.190 200.10.44.191 The big problem with subnetting a Class C network is that you lost a lot of normally usable IP addresses. You lost 2 addresses in each subnet, one for the subnetwork address, and one for the broadcast address. You also lost all the addresses that come before 200.10.44.64. That means you lose 200.10.44.1 through 200.10.44.63. That's quite a few addresses, especially when you don't get that many addresses with a Class C anyway. There is a workaround for this problem, so called using Subnet 0. Understanding Subnet 0 There is a way to "cheat" and use these lost addresses for your network nodes, in our case addresses 200.10.44.2 through 200.10.44.62. The IP Address 200.10.44.1 is reserved for the subnetwork address and 200.10.44.63 would be the broadcast address. These "lost" addresses are referred to as subnet 0 and normally cannot be used. However, you can configure a CISCO router to take advantage of the subnet 0 IP addresses using the command: ip subnet-zero Using subnet 0 means that only 1 bit needs to be stolen to create subnet 0 and subnet 1. So, the subnet mask would now be 255.255.255.128 (only 1 high-order bit is used to create the new subnet mask). The range of IP addresses for the 2 subnets would be: Subnet# Subnetmask Start End Broadcast Address Address Address --------------------------------------------------------------------1 255.255.255.128 200.10.44.1 200.10.44.126 200.10.44.127 2 200.10.44.129 200.10.44.254 200.10.44.255 The big thing to remember when using subnet 0 is that you don't subtract 1 from the loworder bits when you determine the number of bits you must steal to create the required number of subnets. Subnetting with a subnet address of zero is discouraged because of the confusion inherent in having a network and a subnet with indistinguishable addresses. IP Addresses Ranges for Class C Subnets using Subnet 0 for 2,4 and 8 Subnets Subnet# Subnetmask Start End Broadcast Address Address Address --------------------------------------------------------------------1 255.255.255.128 X.X.X.1 X.X.X.126 X.X.X.127 2 X.X.X.129 X.X.X.254 X.X.X.255 1 2 3 4 255.255.255.192 X.X.X.1 X.X.X.65 X.X.X.129 X.X.X.193 X.X.X.62 X.X.X.126 X.X.X.190 X.X.X.254 X.X.X.63 X.X.X.127 X.X.X.191 X.X.X.255 1 255.255.255.224 X.X.X.1 X.X.X.30 X.X.X.31 2 3 4 5 6 7 8 X.X.X.33 X.X.X.65 X.X.X.97 X.X.X.129 X.X.X.161 X.X.X.193 X.X.X.225 X.X.X.62 X.X.X.94 X.X.X.126 X.X.X.158 X.X.X.190 X.X.X.222 X.X.X.254 X.X.X.63 X.X.X.95 X.X.X.127 X.X.X.159 X.X.X.191 X.X.X.223 X.X.X.255 Slash notation to enter subnet masks In slash notation, a single number indicates how many bits of the IP address identify the network the host is on. A netmask of 255.255.255.0 has a netmask of 8 + 8 + 8 = 24. For example, writing 192.168.42.23/24 is the same as specifying an IP address of 192.168.42.23 with a corresponding netmask of 255.255.255.0. Often you have to enter the netmask as slash notation, an easy task with the usual 255.255.255.0. However if your network doesn't have 255 hosts, for example only 8 hosts, then the netmask will be 255.255.255.248. The following table lists the variable length subnets from 1 to 32, the CIDR [3] representation form (/xx) and the Decmial equivalents. (M = Million, K=Thousand, A,B,C= traditional class values) Mask value: Hex 80.00.00.00 C0.00.00.00 E0.00.00.00 F0.00.00.00 F8.00.00.00 FC.00.00.00 FE.00.00.00 FF.00.00.00 FF.80.00.00 FF.C0.00.00 FF.E0.00.00 FF.F0.00.00 FF.F8.00.00 FF.FC.00.00 FF.FE.00.00 FF.FF.00.00 FF.FF.80.00 FF.FF.C0.00 FF.FF.E0.00 FF.FF.F0.00 FF.FF.F8.00 FF.FF.FC.00 FF.FF.FE.00 FF.FF.FF.00 FF.FF.FF.80 FF.FF.FF.C0 FF.FF.FF.E0 FF.FF.FF.F0 FF.FF.FF.F8 FF.FF.FF.FC CIDR /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 /11 /12 /13 /14 /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27 /28 /29 /30 Decimal 128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0 248.0.0.0 252.0.0.0 254.0.0.0 255.0.0.0 255.128.0.0 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 # of addresses Classfull 2048 M 128 A 1024 M 64 A 512 M 32 A 256 M 16 A 128 M 8 A 64 M 4 A 32 M 2 A 16 M 1 A 8 M 128 B 4 M 64 B 2 M 32 B 1024 K 16 B 512 K 8 B 256 K 4 B 128 K 2 B 64 K 1 B 32 K 128 C 16 K 64 C 8 K 32 C 4 K 16 C 2 K 8 C 1 K 4 C 512 2 C 256 1 C 128 1/2 C 64 1/4 C 32 1/8 C 16 1/16 C 8 1/32 C 4 1/64 C FF.FF.FF.FE FF.FF.FF.FF /31 /32 255.255.255.254 255.255.255.255 2 1/128 C This is a single host route