IP Subnetting

Document Sample
IP Subnetting Powered By Docstoc
					IP Subnetting
 Kenneth Forward
                                             IP Subnetting
The concept of subnetting is fundamental to IP addressing and routing, from determining whether
another host is local or remote (and therefore, whether traffic to it must be routed) to optimal
assignment of IP addresses and route aggregation.
For the purpose of this discussion, we limit ourselves to the Internet Protocol (IP) release still in widest
use, IPv4. An IPv4 IP address consists of four 8-bit bytes or octets, for a total of 32 bits. Certain
exceptions aside, each 8-bit octet can vary in value from 00000000 base 2 to 11111111 base 2 or 0 to
255 decimal. Although computers and network hardware ultimately operate on the former binary
values, humans more typically express IPv4 addresses in dotted decimal notation; for example, as opposed to 10101100 00010001 00101010 10010111.
If a 32-bit address space is completely flat or non-hierarchical, it allows for 232 or over 4.2 billion
independent IP addresses. Efficient exchange of traffic across the same essentially require that every
host know the path to every other host, which is clearly an intractable problem. Even the earliest
implementation of IPv4, therefore, divided these 32-bit addresses into a first octet network number and
a second through fourth octet rest or local address field to allow for routing between networks as
opposed to individual hosts (RFC 760).
This 8-bit network number allowed only for a maximum of 255 equally sized networks; however, in
due course, this was deemed insufficient. Three new classes of network addresses were therefore
proposed: classful addressing, classful network sizes, and supernetting.

RFC 791—Classful Addressing
The first of these classes, the Class A networks, continue to use the first octet for their network number,
with the restriction that the most significant bit of this octet be 0. The remaining three octets or 24 bits
are used to represent the local or host portion of the address. Using ns to designate the remaining
network address bits and hs to represent host address bits, you have:
                           Class A—0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
Class B addresses use the first two octets to represent the network number, with the restriction that the
two most significant bits of the first octet be 10. The remaining two octets or 16 bits are used to
represent the local or host portion of the address:
                           Class B—10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Finally, class C addresses use the first three octets to represent the network number, with the restriction
that the three most significant bits of the first octet be 110. The remaining octet or last 8 bits are used to
represent the local or host portion of the address:
                           Class C—110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
Recalling an 8-bit byte can range in value from 0 to 255, you begin to see the binary basis for the
dotted decimal classful address ranges with which the reader is no doubt familiar. An octet with its
most significant bit set to 0 can at most represent 01111111 base 2 or decimal 127; one beginning 10
can meanwhile vary from 10000000 base 2 through 10111111 base 2 or decimal values 128 through
191. Similarly, an octet beginning 110 supports the decimal range 192 through 223; a first nibble of
1110 characterizes Class D multicast network addresses, which have a first octet of 224 through 239
[RFCs 966, 988]. A first nibble of 1111 characterizes Class E reserved network addresses, which have
a first octet of 240 through 255.1 These observations are summarized Table 1:

                     Class       Most Significant Bit(s)                        Range

                       A                      0                         ≤

                        B                    10           –

                        C                    110         0 –

                       D                    1110          –

                        E                   1111          –

                  Table 1: The Binary Basis for Classful IP Ranges, or the First Octet Rule
This binary basis for identifying an IP address’s class is often referred to as the first octet rule. It is best
that you understand this binary basis and how to derive the dotted decimal class ranges from it, and
then attempt to memorize the seemingly arbitrary decimal ranges themselves.

Classful Network Sizes
Aside from the drawback that the original network number versus rest scheme supported only a
maximum of 255 networks, each of the resulting networks was wastefully huge. With 24 bits of rest
field, each such network contained 224, or over 16 million addresses, which at the time could be
delegated no further. Thus, the classful addressing proposal that followed strove not just to create a
greater number of networks (which by definition meant a smaller average size, and therefore, fewer
wasted addresses per network); it also sought to create networks of different sizes, with the idea that
each applicant received a network of smallest adequate size, which further reduced address waste.
Recalling the first one, two, and three most significant bits are predetermined for class A, B, and C
addresses respectively, we calculate the number of networks per class and the maximum number of
hosts per network, as follows3:

    Class      Variable Network Host Bits (h) Number of Networks 2n                      Hosts Per Network 2h-2
                    Bits (n)
       A                 7                   24                      128                         16,777,214
       B                14                   16                    16,384                          65,534

1 As defined, in RFCs 1112, 1700, and 3300. You may find references suggesting Class E addresses extend only to, the first five bits of which—11110—better fit the classful pattern under discussion. Such references
  appear to derive from RFC 1365, an ultimately unadopted address extension proposal that promoted the redefining of
  class E to include only addresses beginning 11110, and the creation of a new class F for addresses beginning 111110.
2 You may object that addresses beginning with 127 are loopback addresses (and not Class A addresses in the regular
  sense). Although true, the fact is that many special use addresses (RFC 3300) exist within the primary class ranges, and
  their designation as the former does not exclude them from the latter.
3 Although the maximum number of hosts per classful network has been corrected to ignore illegal host numbers
  consisting of all zeros and all ones, the number of networks per class has not been so adjusted, in keeping with RFC
  1812 over RFC 1122.
      C              21                8                2,097,152                      254
                                     Table 2: Classful Network Sizes
Referring to Table 2, you can see that under the classful model, it is possible to provide over two
million small sites with networks that are relatively economical with respect to address waste.

Are We There Yet?
Although supporting far more network numbers in a manner far less wasteful of host IDs, classful IP
addressing still makes suboptimal use of IPv4’s 32-bit IP space. At the crux of this inefficiency are
trade-offs between address allocation versus route aggregation.
In classful addressing’s early days, a site, such as a university with more than several hundred hosts,
became a likely candidate for a class B network. The “pros” of this were the site had sufficient
addresses, and the routers of the world needed only to know a single route to reach them all. The
“cons” were that the vast majority of host addresses went unused. The recipient was stuck with a single
network that physical limitations—maximum segment length in particular—often could not support.
The alternative to this—providing a site multiple class C networks—largely reversed these pros and
cons. Fewer addresses were wasted, and the site could get multiple internal networks, but at the
expense of Internet routing tables growing larger.
The most pressing of these problems in the early days was not actually address wastage; rather, it was
the need to keep Internet routing tables small while still providing larger organizations more than a
single flat LAN. The challenge was to somehow subdivide the single-issued network into a series of
virtual networks internally, while still presenting them as a unified whole to the Internet.

IP Subnetting
This goal of subdividing the network became known as subnetting, and various schemes (RFCs 917,
925, 932, 936, 940, 950, and 1219) were proposed to achieve it. The model that prevailed in the end
allowed one to “borrow” some number of most significant bits from the host field—bits that typically
went unused in an under populated network—to define an optional subnet field intermediate between
the network and host fields; graphically, it looked like this:
       <network-number><subnet-number><host-number>, instead of the strictly classful
This model seemed to offer the best of both worlds: All traffic to a site could continue to route to it
using the true network number, while internally, one could divide the one network into subnetworks,
whether to overcome layer 1 (physical) limitations, segment traffic along organizational lines, or
simply to limit broadcast domains. Traffic could be routed between internal subnets on the basis of
network and subnet numbers combined, just as if the combination were a real network number.
This subnetting concept brought with it one major problem, however. If a 32-bit address was no longer
guaranteed classful—worse, if it had different interpretations in different contexts—then the old first
octet rule was no longer guaranteed to apply, and a new aid to interpreting IP addresses was vital.

Network Masking
The network or subnet mask was a simple construct proposed to alleviate the problem of how to
interpret non-classful addresses. Like an IP address, a subnet mask is a 32-bit, four-octet value typically
expressed in dotted decimal notation. Unlike an address, it merely contains a binary value of 1 in every
position that corresponds to the net- and sub-network fields, and a binary value of zero in every
position that corresponds to the host ID.
Recall that class A, B, and C addresses use their first, first two, and first three octets, respectively, to
represent the network portion of an address. We derive the following table of default subnet masks that
correspond to these classes:

           Class                          Binary Netmask                                  Decimal Netmask

             A             11111111.00000000.00000000.00000000                       

             B             11111111.11111111.00000000.00000000                     

             C             11111111.11111111.11111111.00000000                    

                                               Table 3: Classful Netmasks
Defined as they are, the logical AND of a netmask and an IP address reveals what portion of the
address is to be treated as the network number in that context. ANDing the class B address with the default netmask for that class, for instance, reveals to be a host
on the network:

                             IP Address:            10101100.00010001.00101010.10010111
                               Netmask:       11111111.11111111.00000000.00000000
        Resulting Network Number:             10101100.00010001.00000000.00000000

With the advent of subnet masking, sites were in a much better position to utilize their assigned IP
space. In the early days of subnetting however, this borrowing of host bits to create subnets was
typically performed only along classful or byte boundary lines. Sites with class B networks, for
instance, commonly applied the default class C netmask internally to subdivide the
network into 254 subnets5, each containing 254 usable host IDs6. AND ing the address
with for instance, made it a host in the subnet:

                             IP Address:            10101100.00010001.00101010.10010111
                               Netmask:             11111111.11111111.11111111.00000000
        Resulting Network Number: 10101100.00010001.00101010.00000000
As noted before, however, dotted decimal notation is merely a human convenience. Addresses are 32-
bit entities that can be arbitrarily subnetted along non-byte boundaries. Should 24 network bits and 8
host ones provide too few subnets with too many unused host IDs in each, for instance, you can split 25
network bits versus 7 host ones. Using a 25-bit netmask, you define to be a host in

4 1+1=1, whereas 0+0, 0+1 and 1+0 equal 0.
5 254, not 256, subnets, because prior to RFC 1812, subnet fields consisting of all 1s or all 0s were considered illegal.
6 254, not 256, usable host IDs, because an address with a host ID field of all 0s would be indistinguishable from its
  network number, whereas an address with a host ID field of all 1s is reserved for net-directed broadcasts.
subnet This allows twice as many subnets because the subnet field is
now nine bits long (nnnnnnnn.nnnnnnnn. ssssssss.shhhhhhh) instead of the previous eight
(nnnnnnnn.nnnnnnnn.ssssssss.hhhhhhhh), and the number of hosts per subnet is only half what it was
before because there are only seven host bits per subnet remaining, as opposed to eight:

                          IP Address:        10101100.00010001.00101010.10010111
                             Netmask:             11111111.11111111.11111111.10000000
       Resulting Network Number:           10101100.00010001.00101010.10000000

The importance of non-classful subnet masking is the capability to trade off maximum numbers of
subnets per network versus maximum numbers of hosts per subnet. Although less intuitive than classful
subnetting (especially when expressed in dotted decimal notation), non-classful subnetting is equally
valid and with practice can become intuitive, even when expressed in dotted decimal form.

RFC 1338: Supernetting
The growing practice of subnetting large classful networks begged its converse, namely supernetting a
number of smaller classful networks into one larger one. N contiguous class C networks, for example,
could be routed as if they were a single network of (N*256-2)7 hosts, provided certain bit (not byte)
boundary conditions were met. Applying the network mask to for
instance, becomes a host in the network, the host number
range of which is through because that netmask leaves ten bits for host IDs:

                          IP Address:        10101100.00010001.00101010.10010111
                             Netmask:        11111111.11111111.11111100.00000000
       Resulting Network Number:             10101100.00010001.00101000.00000000

CIDR Notation
With so many subnetting and supernetting options available, the concept of the network class was
quickly becoming deprecated. With the publication of RFCs 1517 through 1520, the transition from
classful to what became known as classless IP addressing was largely complete. In the context of
routing in particular, references to network ID or network number gave way to network prefix. The
length of this prefix being equal to the number of network bits or 1s in the netmask gave rise to a new
abbreviated CIDR notation, whereby /prefix-length could be used to indicate an IP address’s subnet
Using CIDR notation, the network address from the previous example can
be more succinctly expressed as A complete table of binary netmasks and their decimal
and CIDR equivalents follows:
                         Binary Netmask                           Decimal Netmask            CIDR Equivalent
         10000000.00000000.00000000.00000000                                    /1

7 As per previous footnote, host IDs of all zeros and all ones are not permitted, hence N*256-2.
11000000.00000000.00000000.00000000      /2

11100000.00000000.00000000.00000000      /3

11110000.00000000.00000000.00000000      /4

11111000.00000000.00000000.00000000      /5

11111100.00000000.00000000.00000000      /6

11111110.00000000.00000000.00000000      /7

11111111.00000000.00000000.00000000      /8

11111111.10000000.00000000.00000000     /9

11111111.11000000.00000000.00000000     /10

11111111.11100000.00000000.00000000     /11

11111111.11110000.00000000.00000000     /12

11111111.11111000.00000000.00000000     /13

11111111.11111100.00000000.00000000     /14

11111111.11111110.00000000.00000000     /15

11111111.11111111.00000000.00000000     /16

11111111.11111111.10000000.00000000    /17

11111111.11111111.11000000.00000000    /18

11111111.11111111.11100000.00000000    /19

11111111.11111111.11110000.00000000    /20

11111111.11111111.11111000.00000000    /21

11111111.11111111.11111100.00000000    /22

11111111.11111111.11111110.00000000    /23

11111111.11111111.11111111.00000000    /24

11111111.11111111.11111111.10000000   /25

11111111.11111111.11111111.11000000   /26

11111111.11111111.11111111.11100000   /27
         11111111.11111111.11111111.11110000                       /28

         11111111.11111111.11111111.11111000                       /29

         11111111.11111111.11111111.11111100                       /30

         11111111.11111111.11111111.11111110                       /31

         11111111.11111111.11111111.11111111                       /32

                         Table 4: Decimal Netmasks and CIDR Notation Equivalents

Inverse Subnet Masks
Aside from dotted decimal and CIDR notations, the aspiring subnetter should be familiar with a third
type of network mask as well. The inverse subnet mask is as the name implies: the inverse or
complement of a normal subnet mask. It contains zeros in those positions that correspond to the
network ID, and ones in those positions that correspond to host ID. The inverse subnet mask is
significant for two reasons:
Firstly, the logical OR8 of an IP address and its inverse subnet mask reveals the (subnet directed)
broadcast address for that network. The broadcast address for the IP in our previous supernetting
example, for instance, can be derived as follows:

                        IP Address:         10101100.00010001.00101010.10010111
                          Netmask:         11111111.11111111.11111100.00000000
            Inverse Subnet Mask:             00000000.00000000.00000011.11111111
              Broadcast Address:         10101100.00010001.00101011.11111111

This first observation may be a little academic in that we already know from a previous footnote that
the net directed broadcast address for a network is the address for which the host bits are all ones. A
second, more practical reason why inverse subnet masks are important is the fact that Cisco uses them
to specify router ACLs. In this context, they are typically referred to as wildcard masks. A sampling of
decimal netmasks, CIDR equivalents, and inverse decimal (wildcard) netmasks is presented Table 5:

                      Decimal Netmask             CIDR Equivalent       Inverse (Wildcard) Mask




8 0 OR 0 = 0, whereas 0 OR 1, 1 OR 0, and 1 OR 1all equal 1.









                                  Table 5: Inverse (Wildcard) Masks
Note once again how the CIDR prefix /N equals the number of ones in the dotted decimal netmask.
Note also how the complementary nature of netmasks and inverse netmasks gets expressed in dotted
decimal notation: Each pair of octets adds up to 255.

An IPv4 address is 32 bits long, but most frequently expressed using dotted decimal notation.
In their earliest days, IPv4 addresses were envisioned as consisting of an 8-bit network number and a
24-bit rest or local address field. Because this scheme supported only 255 networks, it was eventually
replaced by the classful network scheme described in RFC 791.
Under this new scheme, an address’s class could be determined using the first octet rule. While less
wasteful than its predecessor, classful networking was still suboptimal in that network host divisions
were required to fall on byte boundaries. The concept of subnetting large networks consequently arose
as a means of providing organizations internal network structure whilst still minimizing the size of
Internet routing tables. This concept of subnetting eventually begged its converse: supernetting, or the
consolidation of multiple small networks into a supernet that could be routed as a single network.
Between these two mechanisms, the concept of classful addressing became something of an artifact. In
its place came Classless Inter-Domain Routing or CIDR, with its concept that variable length subnet
masks could be used to increasingly summarize routes as one got closer to the Internet backbone, while
still allowing for complex subnet structures within organizations.
As 32-bit constructs, subnet masks contain the binary value 1 in every position that corresponds to the
network portion of an address and 0 in those positions that correspond to the host part. Originally
expressed in the same dotted decimal notation that IP addresses are expressed in, netmasks today are
more frequently indicated using CIDR notation, whereby /prefix-length equals the number of network
bits or 1s in the subnet mask, and (32–prefix-length) is the number of host bits remaining. Inverse
subnet masks, also known as wildcard masks, are frequently used to specify router ACLs.
To the uninitiated, classless networking can appear unintuitive, especially when expressed using dotted
decimal notation. With practice however, common classless netmasks become recognizable even in
dotted decimal format. The certification candidate should be completely familiar with the binary basis
for classless subnetting, as any details that cannot be remembered can always be derived from those
first principles.
Some readers may dismiss them as dry, but in the end, there’s simply no substitute for careful reading
of the RFCs. The list of titles that follows is representative and by no means complete for the topic of
subnetting. Of those RFCs that do appear, some represent the most recent word on an aspect, whereas
others are now considered historical and have been superseded by newer RFCs. Don’t ignore the
obsolete RFCs, however. Reading new and old together typically lead to far greater insight than a
reading of the latest document alone.
The official home of the RFCs is Many mirror sites exist and can be located
using the reader’s preferred search engine.
RFC 760—DoD Standard Internet Protocol
RFC 791—Internet Protocol
RFC 917—Internet Subnets
RFC 925—Multi-LAN Address Resolution
RFC 932—Subnetwork Addressing Scheme
RFC 936—Another Internet Subnet Addressing Scheme
RFC 940—Toward an Internet Standard Scheme for Subnetting
RFC 950—Internet Standard Subnetting Procedure
RFC 966—Host Groups: A Multicast Extension to the Internet Protocol
RFC 988—Host Extensions for IP Multicasting
RFC 1112—Host Extensions for IP Multicasting
RFC 1122—Requirements for Internet Hosts—Communication Layers
RFC 1219—On the Assignment of Subnet Numbers
RFC 1338—Supernetting: an Address Assignment and Aggregation Strategy
RFC 1365—An IP Address Extension Proposal
RFC 1467—Status of CIDR Deployment in the Internet
RFC 1517—Applicability Statement for the Implementation of Classless Inter-Domain Routing
RFC 1518—An Architecture for IP Address Allocation with CIDR
RFC 1519—Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation
RFC 1520—Exchanging Routing Information Across Provider Boundaries in the CIDR Environment
RFC 1700—Assigned Numbers
RFC 1812—Requirements for IP Version 4 Routers
RFC 1817—CIDR and Classful Routing
RFC 1878—Variable Length Subnet Table for IPv4
RFC 3300—Internet Official Protocol Standards
RFC 4632—Classless Inter-domain Routing (CIDR): The Internet Address Assignment and
Aggregation Plan
Literally dozens of free and commercial subnet calculators exist; the ones listed here are just a
sampling of those freely available for various platforms. No endorsement or lack thereof is implied via
inclusion or exclusion from this list. If none of these meet your particular needs , many worthy
alternatives are available if you search for them on the Internet.
   •   Windows:
          o SolarWinds advanced subnet calculator:
          o WildPackets IP subnet calculator:
   •   Unix/Linux:
          o IPCalc perl script:
   •   Mac OS:
          o Mac OS X IP subnet calculator dashboard widget:
   •   Web-based calculators:
          o Online IP subnet calculator:
          o Cisco IP subnet calculator (CCO login required):

Shared By:
Description: CIDR (Classless Inter-Domain Routing) on the Internet is a way to create additional address, these addresses are provided to the service provider (ISP), and then assigned by the ISP to the customer. CIDR routing together, so that the backbone of an IP address on behalf of thousands of service providers, IP address, thereby reducing the burden on Internet routers.