Subnetting and CIDR blocks by wuyunqing


									                                                         IS 435 handout 2: IP Subnetting Primer

               IP Subnet Primer (PP. 1-6 required, 7-8 optional)
  From Internet sources; revised and edited by Dr. Yüe Zhang (4th revision Sept 2005)

I. IP address space - Class A/B/C
II. What is a subnet and why subnetting?
III. How does a host know who is local and who is remote?
IV. Subnet masking in action
V. More examples
VI. Reserved addresses
VII. An incorrect subnet mask

I. IP address space - Class A/B/C

Every machine on the Internet has an address. Addresses are 32 bits (IPv4). These 32 bits
are split into two parts - a network number followed by a host address.
    - The host address part is for a number of machines on one physical network - say a
        bunch of machines connected with a hub/switch (and this collection of devices is
        the “subnet” we are talking about).
    - The network number represents this group of hosts as a single unit, and routers
        need to know these network numbers to send data from one net to another.

Before you start designing your subnets, you should know what it is that you've been
given. Here are three ways of finding out what class your allocation is in. Use whichever
you find easiest.

     Class A addresses begin with 0xxx, or 1 to 126 decimal. (127 is loopback)
     Class B addresses begin with 10xx, or 128 to 191 decimal.
     Class C addresses begin with 110x, or 192 to 223 decimal.
     Class D addresses begin with 1110, or 224 to 239 decimal. (multicast)
     Class E addresses begin with 1111, or 240 to 254 decimal. (future use)

  First     Class    Network Mask              Network part (N) and node part (n)
  Byte              (explained later)

1-126      A           NNNNNNNN.nnnnnnnn.nnnnnnnn.nnnnnnnn
128-191    B         NNNNNNNN.NNNNNNNN.nnnnnnnn.nnnnnnnn
192-223    C       NNNNNNNN.NNNNNNNN.NNNNNNNN.nnnnnnnn

Class     Number of networks Num of host in each network                    Remarks
A                         126 16,387,064 (roughly 256^3)          Many wasted #s
B           64 X 254 = 16,256     64516 (roughly 256^2)           Many wasted #s
C               32 X 254^2 =              254 (= 256 - 2)         More “reasonable size”;
                    2,064,512                                     still can be divided

                                                            IS 435 handout 2: IP Subnetting Primer

Note: In Subnetting as discussed below, we often do not use the 8-bit “natural boundary”,
and often borrow bits from the last 8 bits (last “octet”) for subnets, which means, further
dividing the last 8 bits into subnets.

II. What is a subnet and why subnetting?

1. More efficient use of IP address spaces.
2. Simplification of routing.
3. Isolating local activities (such as broadcasting).

1. More efficient use of IP address spaces. We need subnetting because there are not
enough IP addresses free for you to give a whole Class C network to every site you
manage. So a Class C network will be divided to smaller portions to give to networks that
do not have as many hosts as a Class C network can provide. Think about this: assuming
your environment being a small college with several schools within it. You don’t have a
whole Class C IP range to give to each of the schools, but on the other hand they do need
to have a network of their own. The solution is: subnetting – dividing the IP addresses the
College has into smaller subnets, and give each school a subnet. Subnetting borrows bits
from the usually host part (the last octet or the last eight bits) to expand the network part
– allows us to have more “manageable” sub-networks.

2. Simplification of routing. If the entire network were very small, it would be reasonable
for it to simply pass all traffic everywhere. As the size of the network grows, the amount
of traffic on it also grows. It becomes necessary to draw a distinction between a group of
machines (hosts) that are "local" and those that are "remote." When the traffic is heading
for a remote network, the router on the network of the sender doesn’t need to know the
details of the destination network – it doesn’t need to deliver the message to the
individual receiver, but rather to the network where the receiver is located.

To make an analogy: the post office of Los Angeles doesn’t need to know how to deliver
mails to individuals in Atlanta; all it needs to know is to forward the mails for addresses
in Atlanta to the post office of Atlanta. Everything after that is for the post office in
Atlanta to worry about.

3. Isolating local activities (such as broadcasting). Networks often have broadcasting
messages to send among its member devices. Broadcasting means that “everybody on
this network will receive the message.” So if we do not appropriately isolate a portion of
a larger network (said a school within the college in the above example), many
people/devices would have to face countless of irrelevant traffic/messages.

After subnets are put to work,
- if a host is trying to communicate with another "local" host, then it can simply start
sending data and assume the receiver will get it;
- if the intended recipient is not local, then the sending host must instead send the traffic
to a router and assume that the router knows how to get it where it's supposed to go.

                                                          IS 435 handout 2: IP Subnetting Primer

Please note: this structure alleviates the burden of routers to have to know each and every
one device on the network: all they need to know are several subnets, and the traffic
heading for an IP in those subnets only need to be forwarded to the SUBNET rather than
the individual (hundreds or thousands) devices.

A subnet is simply a set of hosts which are all local to one another.

III. How does a host know who is local and who is remote?

Each host knows who is local to it (i.e., on the same subnet) and who is not based on the
combination of (1) its IP address, (2) its subnet mask, and (3) the other host's IP address.

You usually see IP address written as 4 sets of numbers separated by dots ("dotted quad"
notation), such as, but this is merely for readability by humans. The
dotted-quad notation is just the decimal value of the 32-bit address taken 8 bits at a time
rather than all together. The address is actually the binary representation
10000010 10100110 01111110 10000011, or rather:

The IP address is interpreted as divided into two parts, the network portion and the host
portion, as we will see below. Another IP address is local to you (in the same subnet) if
its IP address and yours have the same value in the network portion.

How much of your address is "network" and how much of it is "host" is defined by the
subnet mask.

The subnet mask is also a 32-bit number assigned to a host and is also usually written in
dotted-quad notation, but again we will see that the binary representation is the most
useful for understanding how it works. A commonly seen subnet mask at CSUN is, which in binary is 11111111 11111111 11111111 00000000. Note that all
the 1s are to the left and all the 0s are to the right; this is the format of subnet masks.

When examine an IP address,
  - the portion (of that IP) corresponding to the “1”s in the subnet mask is the
      network portion,
  - and the portion (of that IP) corresponding to the “0”s in the subnet mask is the
      host portion.

So, let's look at the example we used before: with a subnet mask of Looking at the binary versions of these numbers, we have:

10000010 10100110 01111110        10000011            (Host IP)
11111111 11111111 11111111        00000000            (Subnet mask)

       Subnet portion             Host portion

                                                           IS 435 handout 2: IP Subnetting Primer

The subnet mask has 24 bits of 1 followed by 8 bits of 0, so the first 24 bits of
10000010 10100110 01111110 10000011 (
comprise the network portion, while the remaining 8 bits are the host portion. So, in this
example, any other machine whose IP address also begins with
10000010 10100110 01111110 (= 130.166.126)
is on the same subnet and considered "local;" everyone else is “remote”.

IV. Subnet Masking in Action

Applying a subnet mask to an address allows you to identify the network and node
sections of an IP address. Doing a bitwise AND (can be understood as “bit-by-bit
multiplication”) on the IP address and the subnet mask results in the network address.

IP address
Subnet mask
Network address (or subnet)

For example:

10000010 10100110 01111110 10000011  IP
11111111 11111111 11111111 00000000  Mask
10000010 10100110 00000001 00000000  Subnet

This is CSUN network, and the “.126 network” (or “.126 subnet”) within CSUN.

V. More examples

Let's look at some examples that do not fit so nicely on 8-bit boundaries, i.e., several bits
in the last 8 bits are used for the subnet portion.

1. Example 1

Starting with the same IP address (, let's use a subnet mask of, another commonly seen one on campus. in binary is 11111111 11111111 11111111 11000000 - 26 bits of 1
followed by 6 bits of zero. So now, the first 26 bits of my IP address is the network
portion, and the last 6 is the host portion:

10000010 10100110 01111110 10000011 (host)
11111111 11111111 11111111 11000000 (mask)

Any other host whose IP address has the same first 26 bits as here is on the same subnet.

                                                         IS 435 handout 2: IP Subnetting Primer

Let's look at exactly what addresses share the network portion here. That would be any
address that is
10000010 10100110 01111110 10xxxxxx, where "xxxxxx" can be 000000, 111111, or
anything in between.

If "xxxxxx" is 000000, the full address is
10000010 10100110 01111110 10000000, or
If "xxxxxx" is 111111, the full address is
10000010 10100110 01111110 10111111, or

So in this example, my subnet begins at and ends at
The boundaries between subnets do not correspond to the dot-separated fields, which are
only there for readability., for example, is not on my subnet. [If you can’t
see it, please note that the range of my subnet is .128~.191, and .5 is NOT in this

2. Example 2

Let's use the same IP address, but this time with the subnet mask [Note:
in Example 1 the subnet mask was .192]

As before, the address is, or 10000010 10100110 01111110 10000011,
and the subnet mask is now
11111111 11111111 11111111 11111000.

10000010 10100110 01111110 10000011 (host)
11111111 11111111 11111111 11111000 (mask)

So, my subnet is 10000010 10100110 01111110 10000xxx, and again "xxx" can be 000,
111, or anywhere in between. This makes full addresses in the range between

10000010 10100110 01111110 10000000 and 10000010 10100110 01111110 10000111

Written in dotted-quad notation, these are through
There are only 8 addresses including my own that are local to me!

The next subnet begins at This is because written in
binary is
10000010 10100110 01111110 10001000 - note that one of the bits which is represented
by a 1 in the subnet mask has changed; the subnet is now.136 (10001000, compared to
.128, or 10000000; compare the two digits connected by the dotted-line arrow), so
therefore it is now a different subnet.

                                                            IS 435 handout 2: IP Subnetting Primer

VI. Reserved addresses

There are some IP addresses which are reserved and which may not be assigned to a host.
For example, is a reserved network.

Each subnet also has certain addresses that are reserved. You may not assign a host
address such that the host portion of that address is all zeros or all ones. Using the first
example with 130.166.126.* and a mask of, this means you may not assign (“0” here is in fact 00000000) or (“255” here is in fact
11111111) to any host. The all zeros address is reserved for designating the network
block (usually called “network/subnet ID”), and the all ones address is reserved for
broadcast traffic within that subnet.

In addition, one address on each subnet must be reserved for a routing device of some
sort - this is your "default gateway." It is the path that traffic destined for any non-local
address will take. By convention, the lowest numbered non-zero address in each range is
reserved for this purpose.

Keep this in mind when allocating address space. In the example above with a mask of, it is true that there are 8 addresses on that subnet, but you may only
assign 5 of them to hosts. [But we will consider the default gateway as a host. So defined,
this subnet would have a maximum of 6 hosts]

In all, if the number of subnet bits in the last octet is n, and the number of host bits is m (n
+ m = 8), then
                        Number of subnets = 2n - 2, Number of hosts = 2m – 2.

[Reserved: subnet ID and broadcasting]

VII. An incorrect subnet mask

If your subnet mask is set incorrectly, some parts of the network will be unreachable to
you. Let's assume that your IP address is, and your correct subnet mask
should be This means effectively that the top half (“higher numbers” –
128-255) of 130.166.126.* is local to you.

If you mistakenly set your subnet mask to, your host will believe that all
of 130.166.126.* is local. This will make the bottom half of it unreachable. If you try to
send a packet to, your host will mistakenly send the packet out on the local
network (since it thinks the destination is local) rather then sending the packet to the
router, and will never hear it.

If you set the subnet mask too small, say, then part of your local
network (in this case, the top half) will be unreachable. Your host will think these packets
are not local and will send them to the router rather then directly to the receiving host.
(The router will ignore them.)

                                                           IS 435 handout 2: IP Subnetting Primer

Extra info for those who are interested (not required, but helps your team network
design project):

Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded. Mask is

This table may be all you ever need to know, for many installations. This is a typical
example and possibly the most common one.
Because it is such a useful table, this is the only large one we will list in full.

Network part    Host addresses                    Broadcast Address      0000xxxx to -
                                                                  UNUSABLE -
                                                                  NETMASK ALL 0000's     0001xxxx to         
                           0010xxxx to         
                           0011xxxx to         
                           0100xxxx to         
…             …                 …                                 … 1101xxxx to        
                       1110xxxx to        
                       1111xxxx to         -
                                           UNUSABLE -
                                                                  NETMASK ALL 1111's

A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26 is pretty
bad, because 50% of the nets are unusable. a /28 is best because it lets you have
(16 - 2) * (16 - 2) = 192 hosts.

Variable subnetting example 2 (insert /28 from above into /26)

Here we have a different and possibly more useful example of variable subnetting. Let's
say we have a central office with 50 workstations, one remote office with 10, and another
remote office with 9 workstations.

                                                        IS 435 handout 2: IP Subnetting Primer

The following table tells you how many workstations and how many offices you can have
for each size of subnet mask:

Bit       Subnet       Block      Max Useable Subnets       # C IPs/Subnet
Split     Mask         Size       (number of offices)       (number of workstations)
2/6       192 (/26)    64         2                         62
3/5       224 (/27)    32         6                         30
4/4       240 (/28)    16         14                        14
5/3       248 (/29)    8          30                        6
6/2       252 (/30)    4          62                        2

Practice question (for those who like challenges)

You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation
(equivalent to 32 Class C networks). You were given the following:
through Will these do what you want?


    IP Address Subnetting Tutorial

    Daryl's TCP/IP Primer

    IP Subnet Calculations (Check here for a quick refresher in binary arithmetic)

    Subnet masking, definition and summary

A reasonable subnet calculator that makes some attempt to warn about unusable subnets


To top