Bitzenbytes.com

You only have one network segment and a few machines. Your goal is to configure TCP/IP properties so that your systems can talk.  You want to know "what's a subnet mask?" A subnet mask splits your IP addresses into network identifiers and host identifiers. A host is a computer.

All of your computers will be on the same network. Each of your computers needs a unique host identifier.

The host identifier cannot be 0 and cannot be 255.

Your Network Identifier is 192.168.1 and your host identifier is a number between 1 and 254 inclusive.

Your subnet mask is 255.255.255.0 for all computers.

If you have 5 computers on your network, the following addresses, assigned one to each computer will work:

• Address: 192.168.128.1 subnet mask: 255.255.255.0
• Address: 192.168.128.2 subnet mask: 255.255.255.0
• Address: 192.168.128.3 subnet mask: 255.255.255.0
• Address: 192.168.128.4 subnet mask: 255.255.255.0
• Address: 192.168.128.5 subnet mask: 255.255.255.0
  

Everybody in the world can use these addresses. No; your network will not be in conflict with all those other networks. Those numbers will not be seen on the internet.

If you connect a computer or your network to the internet, you will either receive a fixed IP address and subnet mask from your ISP or your ISP will assign them automagically when you make a connection. If your ISP gives you a fixed address, your ISP will also tell you where to configure that. These will be entered for your adapter (or router interface) that is the only interface you have to the internet. The network interfaces that you set up on your NICs in those few computers are what is used so that just your computers on your network can talk.

If you are using a router that provices DNS forwarding and DHCP services to your network, follow the instructions that came with your router.  If you have a special configuration, you will need to learn a little bit about routers.

That's everything you need to know about subnetting....................
  

On the other hand, if you discover a need to know a little bit about subnetting...

Starts a TCP/IP subnetting article. The intention is for this article to be published in several segments (looking like 4 to 6) in this thread. It will take some amount of time to complete publishing all the parts of this article. If you have questions about anything contained in this thread, please ask them in a new or relevant post on the HOME & CORPORATE NETWORKING forum. Thank you.
  

First:

This article REALLY starts with the topic heading of "Why subnet?", which would be about 75 lines (very approximately) below this line. If you think you mostly understand already, and just want some quick advice, there are the next 75 lines. If not, please bear with me while I get the quick advice out of the way.

When the main body of this article starts, it will start at a very basic level, and that will prove frustrating to some. So, first, there will be some preliminary suggestions for the frustrated, and So, if at first you don't understand, keep reading. (Just to keep things on an even keel, this will serve to frustrate everybody.)

Preliminary suggestions: If you are configuring for a small network not connected to the internet, then employ the least complicated of the subnet schemas: use one of the private network Class B addresses or the private network Class A address, borrow the whole third octet for one or more subnets (subnet mask - 255.255.255.0, i.e., the third octet for a class B address is the network or subnet ID). Usage of the Class A address is similar. Just to be clear, make the third octet be the number of your subnet, then make the fourth octet be the number of your host on that subnet, and forget about subnetting difficulties. You can support 254 subnets (class B) with 254 hosts on each subnet with this. For those of you who CANNOT do that, there is the rest of this document.

To recap: For your home or small business network of under 200 nodes, use 10.10.1.0 as your network ID and use 255.255.255.0 as your subnet mask.

This document is about the subnetting of IP Class Addresses. You should really understand about IP addresses before you read this. And to really understand IP addresses, you should be somewhat comfortable with binary, hexadecimal, and conversion to decimal. For basic information on number systems, read this . For basic information on IP addresses, read this .

Subnetting, documented in RFC 950, originally referred to the subdivision of a class-based network into subnetworks, but the term, subnetting, now refers more generally to the subdivision of a CIDR block into smaller CIDR blocks. CIDR will be briefly mentioned in this thread, but most of the information here refers to subnetting a classful IP addressing scheme. LAN's, particularly small LAN's, generally use classful IP addressing and will continue to use IP version 4 for some time to come. The subnetting explained in this thread applies to IPv4. Parts of the internet and larger organizations will be implementing IPv6 in the next few years, but it is probable that some significant number of smaller LANs will continue to use classful IPv4 for a long time.

Briefly, CIDR consists of supernetting in which the subnet mask permits, for instance, the aggregation of several class C addresses into one network. Subsequently, this aggregate can be subnetted. (So, Subnetting applies to both classful and classless forms of addressing.) CIDR allows single routing entries to refer either to the larger block or to its individual constituents. This permits a single, general routing entry to be used through most of the Internet for the block aggregate, more specific routes only being required for routers within the subnetted block. CIDR addresses problems with large routing tables and a shortage of large blocks of IP addresses. This will be all of the discussion of CIDR at this level in this document. In general, it helps when trying to understand CIDR, if you first understand classful subnetting. We now return to our explanation of class-based subnetting which is very widely used for internal addressing within companies or divisions.

For more detailed technical information on RFC 950, go to
http://www.rfc-editor.org/rfcsearch.html
and type in RFC 950. (Though lately they have a form posted where you check off stuff.)

Second:

The Quick Study Part

This is here for what it is worth. I personally don't do wrote memory well. If you want some explanation as to what is going on here, then read past this section...
 

Table 1:

  
Note: In the Classful Subnetting table above, the assumed subnet masks are as follows:

• Class A: 255.192.0.0, 255.224.0.0, etc.
• Class B: 255.255.192.0, 255.255.224.0, etc.
• Class C: 255.255.255.192, 255.255.255.224, etc.

Remember that a subnet mask for class A could also be 255.255.192.0 which would result in fewer hosts and more networks than the table shows. (That explanation is not in this quick study section nor is the explanation for how to derive those numbers.)
  

Table 2:

Table 3:

  
And so, we come to the beginning...
  

Why Subnet?

Coping with class-based subnetting is not the most difficult thing in networking. There are an infinite number of other oddities in networking that require more patience and more knowledge.

Subnetting allows you to take a single network address and span multiple physical networks using only the addresses available from the single network address range allocated to you.

For whatever reason (increasing security by isolating traffic, increasing performance by reducing traffic, making administration more manageable through segmentation), you may be faced with taking what could be a single physical network, separating it into two or more separate physical networks and connecting those physical networks with routers. This network topology demands different IP Network ID's for each router segment.

In general, most networks of under 50 hosts (nodes) do not have a need to subnet, unless specialized servers included in the intranet require it because of one of the reasons listed above. Home networks seldom have a need for a DMZ used for isolating traffic, and if yours does, then you have an uncommon home network.

Meet current requirements. For example, let's say you have but a single Class C address to use, and you have two physical networks. What to do?

It would be useful if you could take part of the addresses from that single Class C address for one physical network, and then assign another part of the addresses from that single Class C address for the other physical network. With a single network address, you cannot route, and therefore, you would be beat. But you are not beat, you can do this; the technique you use is called subnetting.

Accommodate restrictions. Or, often the number of hosts that can be supported by a single network segment does not begin to approach the number of network addresses available from a single IP address. In other words, your physical network by nature of its defined limitations can only support a number of nodes that is far less than the range of addresses that you have in a single network address. Take, for instance, a 10base2 network that features 3 populated segments of 30 nodes each.

This is a maximum of 90 network connections, yet even a little Class C address provides for 254 host addresses on a single network. Shame on us if we should waste those addresses. Subnetting can help us out.

Increase performance. If because of the number of nodes on a network, the network traffic increases until network performance decreases, subnetting can allow us to reduce traffic by isolating commonly noisy nodes--banishing heavy talkers to their own network segments. For hosts on different subnets that need to communicate with each other infrequently, access will be through a (at least one) router. Routers are configured to filter traffic, allowing only messages addressed to other subnets to move onto foreign media. So subnetting allows us to keep traffic away from some nodes while letting other nodes that commonly talk to one another exist on their own network.

Maintain security. If the packets, in accounting traffic, are not for the curious eyes of techno-geeks outside of the CFO's office, you can isolate the accounting department by putting them on their own subnet. There are scores of other security concerns that can be addressed by subnetting which mostly boil down to putting filters in place between the secure network and other networks.

Organize Administration. If you have two techs who each do wonderful work, but differently, you can divide the pie with subnets. As you can see, there can be any number of reasons to subnet.

What it is. If we are given a single class C address to work with, and we have more than one LAN, we can separate that single class C address into sub-networks. We do this by borrowing bits from the Host ID. By partitioning the Host ID into two parts and borrowing some bits to add to the Network ID, we gain the ability to add more states (more than 1 Network ID) to the existing original single state Network ID. Because we have borrowed some bits from the original Host ID, we can define only a lesser number of Host ID's for the hosts on a given subnet.

In summary: Some advantages of subnetting

• Efficiency: Network numbers are conserved, because one Net ID can be used by more than one network.
• Organization: The size of the physical networks can be relatively small.
• Performance: Total throughput of many small networks can exceed throughput of one large network.
• Security: can be improved, by creating a separate network of hosts having sensitive information.
• Fault Tolerance: Physical damage to a network will only cause problems for one network.
• Communication: Remote networks can be created, e.g., by using a WAN link to connect a local and remote local area network

A Brief Review

Before the details of subnetting are revealed, there is this...

A brief review of IP Addresses (for those of us that need it)...
Back it up to what you learned about IP Addressing. The entire usable address space for hosts on a network has been divided in to three address classes, A, B, and C. Each class address has a number of bits used for a Network ID based on the class of the address. Each class address also has a number of bits used for a Host ID based on the class of the address.

By definition, a class A address uses 1 bit to determine the class--leaving 7 bits from the first octet for a specific Network ID. These seven bits determine the range of class A addresses (1.x.y.z to 126.x.y.z (127 left out by definition)). The whole first octet is the Network ID while the remaining 24 bits in the following 3 octets determine the Host ID for a class A address.

A class B address uses 2 bits to determine the class--leaving 14 bits from the first two octets for a specific Network ID. These fourteen bits added to the value of the first two bits (always 128) determine the range of class B addresses (128.0.y.z to 191.255.y.z). The whole first two octets are the Network ID while the remaining 16 bits in the following 2 octets determines the Host ID for a class B address.

A class C address uses 3 bits to determine the class--leaving 21 bits from the first three octets for a Network ID. These 21 bits added to the value of the first three bits (always 192) determine the range of class C addresses (192.0.0.z to 223.255.255.z). The whole first three octets are the Network ID, while the remaining 8 bits in the last octet determines the Host ID for a class C address.

Some addresses cannot be used:

• The host ID that is all 0s is used to have the address refer to the (sub)network itself. (The IP specification also reserves host 0.) E.g., the address 192.15.28.0 refers to class C network 192.15.28.
• The network ID that is all 0s is used to have the address refer to "this" network within that given network. In this case the host ID of the address refers to a specific host. E.g., in a class C network with no subnetting, the address 0.0.0.16 refers to host 16 on "this" network. (Address 0.0.0.16 refers to host 0.16 in a class B network, or to host 0.0.16 in a class A network.)
• The host ID that is all 1s is reserved as a broadcast address within a given (sub)network for all hosts on this (sub)network. (The IP specification also reserves a net or subnet number whose binary representation is all 1s.) E.g., within the class C network 192.15.28, with no subnetting, the address 192.15.28.255 is placed in a broadcast packet and that packet will be received and processed by all hosts in this network.
• If the bits in the network portion are all 1s, the address is reserved and 255.255.255.255 is the universal broadcast address.
  

RFC 905 states that subnet ID's cannot consist entirely of 0's or 1's. This significantly reduces the number of subnets that can be defined, particularly for Class C addresses.

Be aware that some TCP/IP implementations will accept the all zero's address as a valid address and do not recognize it as a network identifier.

Under (behind) every domain name is an IP address. Under every IP address is a bit pattern. Every host that has an IP address also has a MAC address. (non-tcp/ip: Every host on a Microsoft Network has a Computer Name, the NetBIOS name, albeit, this appears to be going away at some time in the future.)

Subnet Mask

A subnet mask is a 32 bit number (composed of four octets of eight bits each) used to reveal to a TCP/IP host what bits of the IP address are being used for the Network ID and what bits of the IP address are being used for the Host ID.

The subnet mask reveals to a host whether an IP address in a packet is located on the local subnet or not. If the incoming packet is on the local subnet, the response will be addressed to a node on the local subnet. If the incoming packet is on another subnet, the response will be addressed to the local "default gateway" (your designated router--in Microsoft parlance, a "default gateway" is a router.)

By examination of an IP address and subnet mask, a host knows whether to issue a packet to the local network media or to direct the message to a "default gateway" for forwarding. If the network ID of the destination address matches the network ID of the transmitting node, then the packet will be simply placed on the local segment and the destination node will receive it. If the network ID of the destination address does not match the network ID of the transmitting node, then the packet is directed to the default gateway. Subnet masking allows a process to reveal the demarcation line in an IP address that separates the Network ID portion from the Host ID portion. With this known, the Network ID is extracted and the Host ID can be extracted.

Simply, all bits in the subnet mask that correspond to bits that are part of the Network ID are set to 1, and all bits in the subnet mask that correspond to bits that are part of the Host ID are set to 0.
  

Default Subnet Masks

Default subnet masks: For the defined IP Class addresses, the default subnet masks simply redefine the definition of the classes. Most implementations of TCP/IP require a subnet mask whether you are subnetting or not.

For a class A address, the default subnet mask will have all 1's in the first octet,
followed by all 0's in the following three octets.
For a class B address, the default subnet mask will have all 1's in the first and second octets,
followed by all 0's in the following two octets.
For a class C address, the default subnet mask will have all 1's in octets one, two, and three,
followed by all 0's in the last octet.
  

Table 4:

  
The default subnet mask for a class A address defines the same number of bits
as is called for by the high order bits in the first octet.
The default subnet mask for a class B address defines the same number of bits
as is called for by the high order bits in the first octet.
The default subnet mask for a class C address defines the same number of bits
as is called for by the high order bits in the first octet.

Routers do not need to know the location of every node on an internetwork or intranetwork. Only the default gateway router on your subnet needs to know the hosts on your particular subnet.  Routers between source and destination hosts (and not on the local network segments of those hosts) do not need to know the address of the destination host.

Routers need only know how to reach the router that is on the network or subnetwork of the destination host. Packets addressed to a host on a subnet are sent to the router for that subnet, and then that router is responsible for forwarding the packet to the correct host. To do this, routers employ the network portion of the IP address.

Use of the subnet mask requires a computation called a "bitwise AND." This is a logical operation based on a simple binary truth table. The "bitwise AND" operation results in 1, if the values at any given bit position in both the IP address and the Subnet mask are each 1.
  

A class B address can be subnetted easily and simply to provide 254 Host ID's on 254sub-networks by masking the whole third octet.  In the two illustrations below, inspection of the high order bits of the first octet show that this is a class B address, but the subnet mask is not the default subnet mask.  The following two addresses are two possible addresses for hosts on two of the possible Class B subnetworks using this subnet mask.
  

This is not the only way of subnetting a class B address. In the illustration above, we have borrowed 8 bits (a whole octet) from the Host ID. How many bits you will choose to borrow from the default Host ID depends on the number of networks that you will need and the number of hosts per network that you will need to support.
  

Before we start, here are the 5 major steps for subnetting a network:

• Determine the total number of network ID's required. (Plan for the future.)
• Determine the total number of host ID's to be supported by each network.
• Define a subnet mask that supports the required number of networks & hosts/network.
• Define the network and subnet ID's that will be used. (usable)
• Define the host ID's to be used on the network. (valid ranges.)
  

Subnetting does not come without a price. Because of the rules established for IP addresses, subnetting exposes more addresses to being excluded from the apparent usable range of addresses in a given class address. Class C suffers the most from this. It is not difficult to lose large amounts of possible host ID's due to subnetting. Furthermore, many of the excluded addresses may be in the body of the the apparent range of host ID's, requiring you to discover the sub-ranges that these excluded addresses enforce. If you do not do the calculations to find these ranges of legitimate host ID's, it is highly likely that you will attempt to configure an invalid IP address. While you can get a clear idea of the numbers from looking at charts and tables, it would be difficult to memorize these charts. And both the possible number of address ranges and subnet mask tables is large.

If you can't memorize these charts (I can't) then you must find out how to reconstruct the information that they reveal. This is the purpose of learning subnet calculations. We address the recalcitrant nature of Class C addresses in the table below.
   

Be clear that the "number of masked subnet bits" means the number of bits borrowed from the Host ID, that now identify the subnet ID extension of the Network ID. This does not include all of the bits that are 1's in the subnet mask. The address for your default class is the Network ID and the borrowed bits are your subnet ID. In practice, sometimes the combination of these two is called the Network ID and sometimes the subnet ID alone is called the Network ID. You should be able to distinguish between the meanings by the context of the statement.

Be clear that the "number of unmasked subnet bits" refers to the bits left in the host ID after you have borrowed the bits needed for the subnet ID. This new ID has a reduced number of bits when compared to the default Host ID. The subnetted host ID is simply called the Host ID--again, context reveals the usage of the term.

To illustrate how the three formulas above can be used to calculate the resources made available by a particular subnet mask, and how to discover the valid IP addresses in a Class C address for a given subnet mask, let's work an example.

We are given a Class C address and told that we need to give addresses out to 5 networks connected by routers. The class C address is 192.168. 1.0. This gives us one network with 254 possible hosts but this does not address our needs. After careful analysis, the network seems to be stable and there is no near term likelihood of adding a new network segment. The 5 existing segments have 12, 6, 15, 18, and 22 nodes currently connected to the respective segments. We decide to subnet. Our subnetting requirements are that we must accommodate 5 subnetworks having a maximum of 22 nodes per subnetwork.

We know that the number of subnets supported by a given subnet mask can be calculated by the formula 2^N - 2. A class C address has 8 bits left in its Host ID. We consider borrowing 2 bits for a subnet mask and applying the formula, 2^N - 2, we discover that this only provides 4 subnetworks. Clearly we need 3 or 4 bits for the job. Applying the formula, we find that 3 bits will give us 6 subnetworks and 4 bits will give us 14 subnetworks. We briefly consider the possibility of wild expansion and then decide to calculate how many hosts will be supported by each of these subnet masks. For the 3-bits-borrowed subnet schema, there will be 5 bits left to support host ID's. Apply the formula, 2^H - 2, we find that this subnet mask will allow us 30 nodes per subnet. Again applying our formula, we discover that with 4 bits remaining for a Host ID, we will be allowed 14 nodes per subnetwork. We consider the possibility of further segmenting the network to bring the number of nodes per segment below 14, but the cost of additional routers, cable, and administration is daunting. Borrowing 3 bits will cover our current configuration and gives us the comfort of having one unused subnet left to play with; in addition, we'll have room to add a few nodes to existing segments. We're borrowing 3 bits.

This makes our subnet mask look like 11111111.11111111.11111111.11100000 or in dotted decimal notation, it looks like 255.255.255.224. We have been given the values of the first three octets in our class C address, 192.168.1.0 and it is now up to us, given our subnet mask, to determine what are the valid Host ID's and what are the invalid Host ID's for our subnets. The combination of the bits in our Subnet ID value and our Host ID value will give us the value of the fourth octet for each of our host devices.

Our rules state that a subnet ID cannot consist of all 0's or all 1's. This is why even though we have borrowed 3 bits, we do not have 8 subnet ID's available for use.

The range of valid subnet ID's will be 001 through 110 and we know from our formula there are six of them, 001, 010, 011, 100, 101, and 110. We had to discard 000, and 111 because of our rules.

Remember that this is a masked octet. The values of these subnet ID's are not 1, 2, 3, 4, 5, and 6 thought we may refer to them as such. The decimal values of these subnet ID's will be based on 00100000, 01000000, 01100000, 10000000, 10100000, and 11000000 or 32, 64, 96, 128, 160, and 192. These are the base ID's of our available subnets.

For each of our subnets, we will have a range of hosts determined by a 5 bit address ranging from 00001 to 11110 because 00000 and 11111 are invalid by the rules. 00000 specifies "this" subnet. 11111 specifies a broadcast message for a subnet.
  

There is more than one way to discover the list of ranges. One method is to write out the binary for the first two ranges and convert them to decimal in just the manner you see in the table above. You would then discover that between the low host ID and the high host ID for each subnet there is a difference of 29 and between each subnet there is a difference of 3. After you confirm the first two subnet address host ranges, you can find the ranges for the rest of the subnets by first adding 3 and then adding 29 until you have discovered the number of ranges indicated by the valid number of subnets.

Let's try that method for a 4 bit Class C subnet. Applying our formulas we discover that we will have 14 subnets with 14 hosts (max) on each subnet. The first two ranges of binary addresses will be 00010001 - 00011110 and 00100001 - 00101110 which convert to (16/1) 17 - (16/14) 30 and (32/1) 33 - (32/14) 46. We discover that there is a difference in the valid range of 13 and a difference of 3 to account for unusable addresses.

So we alternate and add these numbers until we come up with 14 ranges.
17 +13 = 30+3 = 33+13= 46+3= 49+13= 62+3= 65+13= 78+3= 81+13= 94+3=
97+13= 110+3= 113+13= 126+3= 129+13= 142+3= 145+13= 158+3= 161+13= 174+3=
177+13= 190+3= 193+13= 206+3= 209+13= 222+3= 225+13= 238

To derive the 14 ranges: 17 - 30, 33 - 46, 49 - 62, 65 - 78, 81 - 94, 97 - 110,
113 - 126, 129 - 142, 145 - 158, 161 - 174,
177 - 190, 193 - 206, 209 - 222, and 225 - 238.

Let's try a different method. While this may seem like a longer list of instructions, once the method is known, the table can be quickly constructed and the values needed can be quickly discovered.

Construct the following table (the part in yellow):
  

• writing the first row of exponential expressions from the right.
• expand the exponential expressions in the second row.
• write the third row from the left. The third row is easily constructed in the following sequence: 128 + 64 = 192, 192 + 32 = 224, 224 + 16 = 240, and so forth.
      

Borrowing a number of bits for the subnet mask (3 for our example), we can discover the following:

1. The number of valid subnets (a quick way to see 2^N - 2):
   1. using the top, row match the number of bits borrowed to the exponent (3)
   2. The number under it is the number of max number of subnets (8)
   3. subtract 2 for the number of valid subnet ID's (6)
2. The number of valid hosts (a quick way to see 2^H - 2):
   1. using the top row, match the number of bits left to the exponent (5)
   2. The number under it is the max number of host ID's (32)
   3. subtract 2 for the number of valid host ID's (30)
3. The value of the subnet mask:
   1. using the bottom row, count the number of bits borrowed from left to right
   2. The number read is the subnet mask (224)
4. The valid subnet ID's: and the valid Host ID ranges:
   1. using the top row, match the number of bits in the Host ID to the exponent
   2. The number underneath is the increment (32) to find the subnet progression.

Your table, the table that you create by hand as it is needed, should look something like this.
   

How to use your Class C Subnet Quick Reference Table is a matter of practice. Work problems with it, using the method described here, and you will be able to easily do any subnet calculations.

Using the increment (32), find the subnet ID's and the valid Host ID ranges. When you build the following specific table, you only need to write the numbers in green and blue,