Subnetting IPv4 Primer

Review of Internet Protocol

The Internet Protocol (IP) is used on almost every network in the world, from the largest to the smallest. Most people are familiar with IP addresses, and that they are required in order to communicate on a network. But some are confused as to how they work. An IP address is a unique identification assigned to a device so that it can operate on a network.

An IP address consists of a 32-bit number that ranges from 0 to 4294967295. This means that theoretically, the Internet can contain approximately 4.3 billion unique objects. Because computers read IP addresses in binary (ones and zeros strung together to form a number) and because a 32-bit binary number would prove very difficult for humans to read, IP addresses were divided into four base-256 digits. In other words, the IP address was divided into four 8-bit numbers, or “octets”, which are separated by a period. This form is known as “dotted decimal” notation.

The internet currently uses the IP version four (IPV4) addressing format that is now some 20 years old. Because of the inherent address limitations IPV4 is being slowly replaced by IPV6. This newer version was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification called RFC 2460. This paper will discuss IPV4, which is still the most widely used addressing format.

Review of Key Points: An IP (Internet Protocol) address is a unique identifier for a device on an IP network. An IP address is a 32 bit binary number usually represented as 4 decimal values, each representing 8 bits, in the range 0 to 255 (known as octets) separated by decimal points. This form of writing IP addresses is known as “dotted decimal” notation (example, 10.68.131.22).

Binary Numbers

Let’s face it – as humans we’re kinda lazy and for most of us that means when it comes to reading and remembering long numbers – we’d rather not. This is why the mathematicians developed the dotted decimal notation for us network administrators. However, computers prefer to process their numbers in formats that we humans find harder to remember, such as hexadecimal or binary.

For example, the dotted decimal notation of 10.68.131.22 is expressed as 00001010.01000100.10000011.00010110 in binary.

Of course the easiest way to convert binary numbers is to use a scientific calculator, which can easily convert binary to decimal and decimal to binary for you; however there is another way to do it.

Let’s take a look at one of the four octets. This octet has 8 bits, with each bit representing a certain value. If a bit has a 1 in it, then the bit is “on”, likewise, if the bit has a 0 in the placeholder position, the bit can be described as being “off”. In relating this to a light switch, the on position turns on the light and the off position turns the light off.

If you read the bit positions from right to left (backwards from the normal left to right that we use when we read a newspaper), the first position represents 1. The second position represents twice the first position or 2. The third position represents twice the value of the preceding bit or 4. This continues until the eighth and final position represents 128.

To convert the binary number 10110011 to decimal, you simply, line up the 1’s and 0’s according to their position, and then multiple either the 1 or 0 against the numerical value of that position. The sum, or total, of the multiplication equals the decimal number.

Review of Key Points: We’re lazy. Because we are lazy, we like to turn long confusing streams of ones and zeros into an easy to understand (and remember) decimal numbers. IP addresses are made of 4 octets, with each octet comprising 8 bits. Each bit represents a certain value with the lowest value bit residing on the right-most end of the octet. You can line up the 8 ones and zeros in the octet with each of the decimal numbers the octet positions represent and multiply them. By adding each of the products you arrive at the binary number. A scientific calculator does this for you without making you count on your fingers and toes.

Address Classes

OK, so we understand that IP addresses come in dotted decimal notation, and the number ranges for each of the four octets can be 0 thru 255 (for a total of 256 numbers). So, this means that we have the following IP addresses available for use on the Internet – 0.0.0.0.0 thru 255.255.255.255 – right?

Well, not exactly. These IP addresses are actually divided into different classes. And some of these IP addresses are reserved for special uses. For example, 127.0.0.1 is reserved for internal testing and is commonly known as the loopback address.

There are five main classes of IP addresses:

Class A addresses begin with 0xxx (binary) or 1 to 126 (decimal)

Class B addresses begin with 10xx (binary) or 128 to 191 (decimal)

Class C addresses begin with 110x (binary) or 192 to 223 (decimal)

Class D addresses begin with 1110 (binary) or 224 to 239 (decimal)

Class E addresses begin with 1111 (binary) or 240 to 254 (decimal)

Of these classes, only Class A, Class B, and Class C addresses are used for common networking purposes. Class D addresses are used for multicasting, and Class E addresses are reserved for future use (of what possible future use, I cannot say… but they’ve been reserved for at least as long as I’ve been in networking).

How many possible addresses is there in a Class A range? There are 127 network licenses in a Class A network with over 16 million possible addresses. A Class B range affords 16,000 network licenses with 65,000 possible addresses per license. Finally, there are over 2 million network licenses for Class C, and each license allows for 254 possible addresses.

Review of Key Points: Each octet contains a total of 256 addresses. This number is taken by adding the 0 position to the maximum 255 positions available. Not all IP addresses can be used. IP addresses are divided into classes and are broken up into large networks and small networks.

List of Network and Host Ranges

It is important to understand the difference between the network portion of the IP address and the host portion. The network portion, shown above in blue, denotes the portion of the IP address which describes the network. The remaining part of the IP address, shown in green, denotes the possible host addresses. Therefore, on a Class A network of 101.100.100.100, the network ID is 101.xxx.xxx.xxx, and the host ID is xxx.100.100.100.

I used lowercase x’s for a reason. I want you to use your mind to carve out the network ID from the rest of the IP address. When we refer to this network ID, we use 101.0.0.0. So, the IP address 101.100.100.100 has a network ID of 101.0.0.0 and a broadcast address of 101.255.255.255.

Broadcast address? Remember in our discussion above, I stated that some IP addresses were reserved for special reasons. Each network has two special reserved addresses. The first one, is of course, the network ID, where all the bits in the remaining octets not used to distinguish the network ID are set to zeros. By turning all these same bits to ones, you have the second reserved address – the broadcast address.

Broadcast addresses are used to communicate with every device on the network. So, if you have a host device and it needs to utilize a network service, but doesn’t know which host on the network provides that service, it can send out a special message to ask all hosts on the network if they offer the service. This happens by setting the destination address of the packet to the broadcast address. This special packet, known as a broadcast packet, will be seen by all devices (increased network traffic) but only devices that provide that service will respond (potentially less network traffic).

Review of Key Points: The diagram above demonstrates the vast number of possible hosts available to a single Class A network. Broadcasts are used to talk to all hosts on a network.

Private Networks

There are three private networks available. The addresses are 10.0.0.0, Subnet Mask 255.0.0.0, 172.16.0.0, Subnet Mask 255.240.0.0, and 192.168.0.0, Subnet Mask 255.255.0.0. The inclusion of these private networks has really been one of the saving graces of IPV4. These addresses can be used by anyone and are generally not routable, or at least, are not routable out on the Internet.

The real world use of these addresses allow organizations to use relatively few public IP addresses, but have the depth and range of a Class A address if needed.

Introduction of Subnets

Ok, so we know how IP addresses work, but what’s this stuff you’re saying about subnets? The word subnet is actually a shortened phrase for the term “sub networks”, which means a small network within a larger one, or a logically visible sub-section of a single Internet network. The smallest network within a larger network is known as a “broadcast domain”. The broadcast domain is a single local area network, or LAN, segment on a switch.

A broadcast domain, or LAN, is the basic unit of a network. Here, computers can communicate directly with each other by using the physical address, or MAC address. Since physical addresses are not routable, meaning they cannot be accessed directly from one network to another one, all communication done at the MAC level must be done on the same LAN. Communications on the MAC level require ARP broadcasting. Broadcasting requires sending communication packets to every device on the network in order to identify who is on the network. Large amount of broadcast traffic will depredate the network’s performance. This is why the term “broadcast domain” is used to identify the LAN, or basic network unit.

Returning full-circle to the subject of subnetting, the size of the most common subnet is 8 bits, though networks can be larger or smaller than that.

Subnets have both a beginning and an end. The beginning number, known as the “Network ID” is always even and the ending number, known as the “Broadcast ID”, is always odd. When creating subnets, you are not allowed to use these numbers because they are reserved. Why are they reserved? Because they have special meaning in the network. The Network ID is the designation for the network that you are referring to. When you use the Network ID, you are referring to the network itself. The subnet mask defines the size of the network. The Broadcast ID is the broadcast number that you would refer to if you wanted to communicate with every device on the network.

Review of Key Points: The term subnet refers to a small network within a larger one. A broadcast domain is a single local area network or segment between routers. Subnets begin with the Network ID and end with the Broadcast ID.

Characteristics of “Classful” Subnets

Subnet masks allow you to see where the “endpoints” of the subnet are on any given IP address within the subnet. This is done through a process known as “ANDing”. In order to AND, you must first have two pieces of information – the IP address, and the subnet mask.

Computers perform the ANDing process to determine if the destination computer is on the local network or a different network.

There are only 4 results of ANDing:

0 and 0 = 0

0 and 1 = 0

1 and 0 = 0

1 and 1 = 1

Ok, so let’s assume that you have an IP address of 192.168.62.14 and a subnet mask of 255.255.248.0, and it wants to communicate with a host with the IP address of 192.168.65.1. The process of ANDing provides for the following outcome:

This process shows that the computers are on separate networks. The source computer is on network ID 192.168.56.0 and the destination computer is on network ID 192.168.64.0.

Review of Key Points: Anding is used when a host wishes to know if it can communicate with a destination node. This is done in three steps:

1. The host takes its on IP address and ANDs it with its own subnet mask, producing a result.
2. The host takes the destination node IP address and ANDs it with its own subnet mask, producing a second result.
3. The host compares the two results. If the results are the same, the host can communicate directly with the destination node on the same network. If the results are dissimilar, the host knows that the destination node is not on the same network, and communications to this node will be sent to the hosts default gateway.

Breaking up Networks

Subnetting can be taken a step further in order to break up large networks. This is accomplished by adding more bits to the default subnet mask. In other words, you can take bits away from the host portion of the subnet mask and assign them as part of the subnet mask.

To calculate the number of subnets or nodes, use the formula (2n-2) where n = number of bits in either field, and 2n represents 2 raised to the nth power.

In the example above, a 3-bit subnet mask is applied to the default Class B subnet mask of 255.255.0.0 to create a new subnet mask of 255.255.224.0. There are 6 (2³-2) subnets available with this size mask. Remember to subtract out 2 for the network ID and Broadcast ID reserved addresses. Each subnet has 8190 (2¹³-2) nodes. Each subnet can have nodes assigned to any address between the subnet address and the broadcast address. This gives a total of 49,140 nodes for the entire class B address using the new subnet.

One thing that should strike your attention is the total number of addresses available for this network. A default Class B network (not subnetted in this manner) has over 65,000 addresses. The process of subnetting always reduces the total number of possible addresses, or in other words, there is a cost to the convenience of subnetting.

Classless InterDomain Routing (CIDR)

Can you believe the nerve of some people? There are more devices in the world that need IP addresses to communicate than there are IP addresses. And when people know this fact, can you believe they are still going to seedy Internet-based shopping sites and buying even more devices which require IP addresses? Don’t they know there’s not enough IP addresses to go around?

CIDR was invented some years ago to help alleviate the strain on the number of IP addresses available under IPV4. After all, the classful system of assigning IP addresses was very wasteful. If you were a small or medium business, you might be able to use all the IP addresses in a Class C address range. But how many small and medium businesses exist in the world compared to the number of possible Class C addresses ranges? (The Internal Revenue Service estimated there were 29.3 million nonfarm business tax returns filed in 2004, and as we learned above, there are just over 2 million network licenses for all of Class C) Lastly, there but how many Class A addresses do you think are actually assigned to devices? After all, how many organizations can use 1.7 million IP addresses anyway (besides the government)?

In 1992, Supernetting (or “slash” notation, or CIDR) was proposed as a means to handle this issue. CIDR uses a subnet mask to show where the line is drawn between host ID and network ID.

CIDR is sometimes called “slash” notation, or properly CIDR notation, because the subnet mask is expressed as a “/n” behind the network address as a means to describe the subnet mask. The “n” in /n is the number of bits used for the network ID.

Where’s My Class?

Because CIDR was intended to make better use of the IP address space, the classes (Class A, Class B, Class C, etc.) are obsolete. Therefore, since there are no address classes in CIDR, you cannot readily identify the size of the network ID of an IP address by only looking at the IP address.

How it works

CIDR works by “borrowing” bits from the host ID portion of the IP address. Let’s take a look at the address 192.168.12.0/23. Right off, the /23 tells us that we are going to take 23 bits from the binary IP address starting at the left-most portion of the IP address.

Review of Key Points: CIDR was created to allow for better use of IP addresses. CIDR is also known as supernetting or slash notation. There are no classes in CIDR (hence the term classless).

How CIDR is calculated

So, the first octet contains 8 bits. The second octet contains an additional 8 bits, making it a total of 16 bits. Since we want to use a total of 23 bits, we need to “borrow” 7 additional bits from the next octet. This is illustrated in the drawing above by coloring the 23 bits we are using green. That leaves us 9 bits for the host IDs, meaning the one unused bit in the 3^rd octet and the 8 bits in the 4^th octet.

So, how do we determine our IP address range for this subnet? We know the starting position – 192.168.12.0. The easiest way to determine the ending position is to count the number of unused bits in the 3^rd octet. In this example, there is one unused bit in the “1” position. So, we know that 12 + 1 = 13. The answer is 192.168.12.0 – 192.168.13.255. The 255 is the easiest to figure, because we are going to use all of the available bits in the 4^th octet. The illustration below helps depict this.

Also, notice how the subnet mask of 255.255.254.0 is determined the same way. All the bits in the 3^rd octet are used but the last bit, so 255 – 1 = 254.

So, the remaining question is how many possible hosts do you have for the /23 subnet? In calculating how many hosts you have left, you take the number of unused bits and add them to this formula: (2^n)-2

Therefore, if you had a network which was 192.168.12.0/23, you would be using the following bits:

How CIDR is calculated

The first 23 bits (colored in green) are used for the network ID. The remaining bits are used for the host ID. Notice that there are 9 bits not colored in green. This nine becomes the “n” used in the formula (2^n)-2. So the answer to the question of how many hosts are available in 192.168.12.0/23 is

Therefore, you have a possible 510 hosts for a /23 subnet. Now that you know the logic behind CIDR and know how to figure out the math, below is a chart of all the possible combinations of CIDR for easy reference.

This table illustrates some interesting facts. The most obvious one to me at first glance is that every time the number of bits used for the network ID increased by one, the number of available hosts is reduced by slightly more than half. This makes sense when considered against what we have already learned – there is always a cost associated with subnetting.

Review of Key Points: CIDR allows you to take better advantage of limited IP addresses. For practice sake, let’s go over this one more time.

Let’s take the following subnet – 10.100.20.0/18. This tells us that we are going to use the first 18 bits as the network ID and the remaining 14 bits as the host IDs.

Remember how you arrive at the ending subnet range of 10.100.83.255. You have 6 unused bits in the 3^rd octet. 00111111 = 63 (You can check this by adding the two used bits, the 8^th position (128) and the 7^th position (64) to the 63 to equal 255 (128+64+63 = 255). So, 10.100.20 (plus 63) = 10.100.83. You will use all the bits in the 4^th octet, so the final number is 10.100.83.255.

To figure out the number of available host IDs, you use the same formula as above.

How does it work?

CIDR works its magic because enterprise routers are designed to support it. CIDR requires the network segments involved to be contiguous (numerically adjacent) in the address space. CIDR cannot, for example, aggregate 10.100.20.0 and 10.100.83.0 into a single route and somehow skip over or not include an intermediate range such as 10.100.30.0 and 10.100.31.0 address ranges (such as 10.100.20.0/18 example above).

It is highly unlikely that consumer routers will be designed to handle CIDR since it is generally an unnecessary cost to add that functionality.

Conclusion

Subnetting might not be something that comes easily to you, but it’s not terribly difficult either. Yes, there is some math involved, but the math is relatively simple and if you practice a few times, the logic will begin to make sense.

Of course, IPV4 will become a thing of the past as IPV6 becomes more commonplace. But that’s a discussion for another day. I hope this has been beneficial for you.