Professional Documents
Culture Documents
Kenneth Forward
IP Subnetting
Introduction
The concept of subnetting is fundamental to IP addressing and routing, from determining whether another host is local or remote (and therefore, whether traffic to it must be routed) to optimal assignment of IP addresses and route aggregation. For the purpose of this discussion, we limit ourselves to the Internet Protocol (IP) release still in widest use, IPv4. An IPv4 IP address consists of four 8-bit bytes or octets, for a total of 32 bits. Certain exceptions aside, each 8-bit octet can vary in value from 00000000 base 2 to 11111111 base 2 or 0 to 255 decimal. Although computers and network hardware ultimately operate on the former binary values, humans more typically express IPv4 addresses in dotted decimal notation; for example, 172.17.42.151 as opposed to 10101100 00010001 00101010 10010111. If a 32-bit address space is completely flat or non-hierarchical, it allows for 232 or over 4.2 billion independent IP addresses. Efficient exchange of traffic across the same essentially require that every host know the path to every other host, which is clearly an intractable problem. Even the earliest implementation of IPv4, therefore, divided these 32-bit addresses into a first octet network number and a second through fourth octet rest or local address field to allow for routing between networks as opposed to individual hosts (RFC 760). This 8-bit network number allowed only for a maximum of 255 equally sized networks; however, in due course, this was deemed insufficient. Three new classes of network addresses were therefore proposed: classful addressing, classful network sizes, and supernetting.
a first octet of 240 through 255.1 These observations are summarized Table 1: Class A B C D E Most Significant Bit(s) 0 10 110 1110 1111 Range 127.255.255.2552 128.0.0.0 191.255.255.255 192.0.0.0 0 223.255.255.255 224.0.0.0 239.255.255.255 240.0.0.0 255.255.255.255
Table 1: The Binary Basis for Classful IP Ranges, or the First Octet Rule This binary basis for identifying an IP addresss class is often referred to as the first octet rule. It is best that you understand this binary basis and how to derive the dotted decimal class ranges from it, and then attempt to memorize the seemingly arbitrary decimal ranges themselves.
1 As defined, in RFCs 1112, 1700, and 3300. You may find references suggesting Class E addresses extend only to 247.255.255.255, the first five bits of which11110better fit the classful pattern under discussion. Such references appear to derive from RFC 1365, an ultimately unadopted address extension proposal that promoted the redefining of class E to include only addresses beginning 11110, and the creation of a new class F for addresses beginning 111110. 2 You may object that addresses beginning with 127 are loopback addresses (and not Class A addresses in the regular sense). Although true, the fact is that many special use addresses (RFC 3300) exist within the primary class ranges, and their designation as the former does not exclude them from the latter. 3 Although the maximum number of hosts per classful network has been corrected to ignore illegal host numbers consisting of all zeros and all ones, the number of networks per class has not been so adjusted, in keeping with RFC 1812 over RFC 1122.
21
2,097,152
254
Table 2: Classful Network Sizes Referring to Table 2, you can see that under the classful model, it is possible to provide over two million small sites with networks that are relatively economical with respect to address waste.
IP Subnetting
This goal of subdividing the network became known as subnetting, and various schemes (RFCs 917, 925, 932, 936, 940, 950, and 1219) were proposed to achieve it. The model that prevailed in the end allowed one to borrow some number of most significant bits from the host fieldbits that typically went unused in an under populated networkto define an optional subnet field intermediate between the network and host fields; graphically, it looked like this: <network-number><subnet-number><host-number>, instead of the strictly classful <network-number><-----------host-number----------> This model seemed to offer the best of both worlds: All traffic to a site could continue to route to it using the true network number, while internally, one could divide the one network into subnetworks, whether to overcome layer 1 (physical) limitations, segment traffic along organizational lines, or simply to limit broadcast domains. Traffic could be routed between internal subnets on the basis of network and subnet numbers combined, just as if the combination were a real network number. This subnetting concept brought with it one major problem, however. If a 32-bit address was no longer guaranteed classfulworse, if it had different interpretations in different contextsthen the old first octet rule was no longer guaranteed to apply, and a new aid to interpreting IP addresses was vital.
Network Masking
The network or subnet mask was a simple construct proposed to alleviate the problem of how to interpret non-classful addresses. Like an IP address, a subnet mask is a 32-bit, four-octet value typically expressed in dotted decimal notation. Unlike an address, it merely contains a binary value of 1 in every
position that corresponds to the net- and sub-network fields, and a binary value of zero in every position that corresponds to the host ID. Recall that class A, B, and C addresses use their first, first two, and first three octets, respectively, to represent the network portion of an address. We derive the following table of default subnet masks that correspond to these classes: Class A B C Binary Netmask 11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.00000000 Table 3: Classful Netmasks Defined as they are, the logical AND of a netmask and an IP address reveals what portion of the address is to be treated as the network number in that context. ANDing the class B address 172.17.42.151 with the default netmask for that class, for instance, reveals 172.17.42.151 to be a host on the 172.17.0.0/255.255.0.0 network: IP Address: 172.17.42.151 Netmask: Resulting Network Number: 255.255.0.0 172.17.0.0 10101100.00010001.00101010.10010111 11111111.11111111.00000000.00000000 10101100.00010001.00000000.00000000
4
Progress
With the advent of subnet masking, sites were in a much better position to utilize their assigned IP space. In the early days of subnetting however, this borrowing of host bits to create subnets was typically performed only along classful or byte boundary lines. Sites with class B networks, for instance, commonly applied the default class C netmask 255.255.255.0 internally to subdivide the network into 254 subnets5, each containing 254 usable host IDs6. AND ing the address 172.17.42.151 with 255.255.255.0 for instance, made it a host in the 172.17.42.0/255.255.255.0 subnet: IP Address: 172.17.42.151 Netmask: 255.255.255.0 10101100.00010001.00101010.10010111 11111111.11111111.11111111.00000000
Resulting Network Number: 172.17.42.0 10101100.00010001.00101010.00000000 As noted before, however, dotted decimal notation is merely a human convenience. Addresses are 32bit entities that can be arbitrarily subnetted along non-byte boundaries. Should 24 network bits and 8 host ones provide too few subnets with too many unused host IDs in each, for instance, you can split 25 network bits versus 7 host ones. Using a 25-bit netmask, you define 172.17.42.151 to be a host in
4 1+1=1, whereas 0+0, 0+1 and 1+0 equal 0. 5 254, not 256, subnets, because prior to RFC 1812, subnet fields consisting of all 1s or all 0s were considered illegal. 6 254, not 256, usable host IDs, because an address with a host ID field of all 0s would be indistinguishable from its network number, whereas an address with a host ID field of all 1s is reserved for net-directed broadcasts.
subnet 172.17.42.128/255.255.255.128. This allows twice as many subnets because the subnet field is now nine bits long (nnnnnnnn.nnnnnnnn. ssssssss.shhhhhhh) instead of the previous eight (nnnnnnnn.nnnnnnnn.ssssssss.hhhhhhhh), and the number of hosts per subnet is only half what it was before because there are only seven host bits per subnet remaining, as opposed to eight: IP Address: Resulting Network Number: 172.17.42.151 172.17.42.128 10101100.00010001.00101010.10010111 11111111.11111111.11111111.10000000 10101100.00010001.00101010.10000000
Netmask: 255.255.255.128
The importance of non-classful subnet masking is the capability to trade off maximum numbers of subnets per network versus maximum numbers of hosts per subnet. Although less intuitive than classful subnetting (especially when expressed in dotted decimal notation), non-classful subnetting is equally valid and with practice can become intuitive, even when expressed in dotted decimal form.
CIDR Notation
With so many subnetting and supernetting options available, the concept of the network class was quickly becoming deprecated. With the publication of RFCs 1517 through 1520, the transition from classful to what became known as classless IP addressing was largely complete. In the context of routing in particular, references to network ID or network number gave way to network prefix. The length of this prefix being equal to the number of network bits or 1s in the netmask gave rise to a new abbreviated CIDR notation, whereby /prefix-length could be used to indicate an IP addresss subnet mask. Using CIDR notation, the network address 172.17.40.0/255.255.252.0 from the previous example can be more succinctly expressed as 172.17.40.0/22. A complete table of binary netmasks and their decimal and CIDR equivalents follows: Binary Netmask 10000000.00000000.00000000.00000000 Decimal Netmask 128.0.0.0 CIDR Equivalent /1
7 As per previous footnote, host IDs of all zeros and all ones are not permitted, hence N*256-2.
11000000.00000000.00000000.00000000 11100000.00000000.00000000.00000000 11110000.00000000.00000000.00000000 11111000.00000000.00000000.00000000 11111100.00000000.00000000.00000000 11111110.00000000.00000000.00000000 11111111.00000000.00000000.00000000 11111111.10000000.00000000.00000000 11111111.11000000.00000000.00000000 11111111.11100000.00000000.00000000 11111111.11110000.00000000.00000000 11111111.11111000.00000000.00000000 11111111.11111100.00000000.00000000 11111111.11111110.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.10000000.00000000 11111111.11111111.11000000.00000000 11111111.11111111.11100000.00000000 11111111.11111111.11110000.00000000 11111111.11111111.11111000.00000000 11111111.11111111.11111100.00000000 11111111.11111111.11111110.00000000 11111111.11111111.11111111.00000000 11111111.11111111.11111111.10000000 11111111.11111111.11111111.11000000 11111111.11111111.11111111.11100000
192.0.0.0 224.0.0.0 240.0.0.0 248.0.0.0 252.0.0.0 254.0.0.0 255.0.0.0 255.128.0.0 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224
/2 /3 /4 /5 /6 /7 /8 /9 /10 /11 /12 /13 /14 /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27
This first observation may be a little academic in that we already know from a previous footnote that the net directed broadcast address for a network is the address for which the host bits are all ones. A second, more practical reason why inverse subnet masks are important is the fact that Cisco uses them to specify router ACLs. In this context, they are typically referred to as wildcard masks. A sampling of decimal netmasks, CIDR equivalents, and inverse decimal (wildcard) netmasks is presented Table 5: Decimal Netmask 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 CIDR Equivalent /16 /17 /18 /19 Inverse (Wildcard) Mask 0.0.255.255 0.0.127.255 0.0.63.255 0.0.31.255
Table 5: Inverse (Wildcard) Masks Note once again how the CIDR prefix /N equals the number of ones in the dotted decimal netmask. Note also how the complementary nature of netmasks and inverse netmasks gets expressed in dotted decimal notation: Each pair of octets adds up to 255.
Summary
An IPv4 address is 32 bits long, but most frequently expressed using dotted decimal notation. In their earliest days, IPv4 addresses were envisioned as consisting of an 8-bit network number and a 24-bit rest or local address field. Because this scheme supported only 255 networks, it was eventually replaced by the classful network scheme described in RFC 791. Under this new scheme, an addresss class could be determined using the first octet rule. While less wasteful than its predecessor, classful networking was still suboptimal in that network host divisions were required to fall on byte boundaries. The concept of subnetting large networks consequently arose as a means of providing organizations internal network structure whilst still minimizing the size of Internet routing tables. This concept of subnetting eventually begged its converse: supernetting, or the consolidation of multiple small networks into a supernet that could be routed as a single network. Between these two mechanisms, the concept of classful addressing became something of an artifact. In its place came Classless Inter-Domain Routing or CIDR, with its concept that variable length subnet masks could be used to increasingly summarize routes as one got closer to the Internet backbone, while still allowing for complex subnet structures within organizations. As 32-bit constructs, subnet masks contain the binary value 1 in every position that corresponds to the network portion of an address and 0 in those positions that correspond to the host part. Originally expressed in the same dotted decimal notation that IP addresses are expressed in, netmasks today are more frequently indicated using CIDR notation, whereby /prefix-length equals the number of network bits or 1s in the subnet mask, and (32prefix-length) is the number of host bits remaining. Inverse subnet masks, also known as wildcard masks, are frequently used to specify router ACLs. To the uninitiated, classless networking can appear unintuitive, especially when expressed using dotted decimal notation. With practice however, common classless netmasks become recognizable even in dotted decimal format. The certification candidate should be completely familiar with the binary basis
for classless subnetting, as any details that cannot be remembered can always be derived from those first principles.
References
Some readers may dismiss them as dry, but in the end, theres simply no substitute for careful reading of the RFCs. The list of titles that follows is representative and by no means complete for the topic of subnetting. Of those RFCs that do appear, some represent the most recent word on an aspect, whereas others are now considered historical and have been superseded by newer RFCs. Dont ignore the obsolete RFCs, however. Reading new and old together typically lead to far greater insight than a reading of the latest document alone. The official home of the RFCs is http://www.rfc-editor.org. Many mirror sites exist and can be located using the readers preferred search engine. RFC 760DoD Standard Internet Protocol RFC 791Internet Protocol RFC 917Internet Subnets RFC 925Multi-LAN Address Resolution RFC 932Subnetwork Addressing Scheme RFC 936Another Internet Subnet Addressing Scheme RFC 940Toward an Internet Standard Scheme for Subnetting RFC 950Internet Standard Subnetting Procedure RFC 966Host Groups: A Multicast Extension to the Internet Protocol RFC 988Host Extensions for IP Multicasting RFC 1112Host Extensions for IP Multicasting RFC 1122Requirements for Internet HostsCommunication Layers RFC 1219On the Assignment of Subnet Numbers RFC 1338Supernetting: an Address Assignment and Aggregation Strategy RFC 1365An IP Address Extension Proposal RFC 1467Status of CIDR Deployment in the Internet RFC 1517Applicability Statement for the Implementation of Classless Inter-Domain Routing (CIDR) RFC 1518An Architecture for IP Address Allocation with CIDR RFC 1519Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy RFC 1520Exchanging Routing Information Across Provider Boundaries in the CIDR Environment RFC 1700Assigned Numbers RFC 1812Requirements for IP Version 4 Routers RFC 1817CIDR and Classful Routing RFC 1878Variable Length Subnet Table for IPv4 RFC 3300Internet Official Protocol Standards RFC 4632Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan
Resources
Literally dozens of free and commercial subnet calculators exist; the ones listed here are just a sampling of those freely available for various platforms. No endorsement or lack thereof is implied via inclusion or exclusion from this list. If none of these meet your particular needs , many worthy alternatives are available if you search for them on the Internet. Windows: o SolarWinds advanced subnet calculator: http://www.solarwinds.net/products/freetools/index.aspx o WildPackets IP subnet calculator: http://www.wildpackets.com/products/free_utilities/ipsubnetcalc/overview Unix/Linux: o IPCalc perl script: http://jodies.de/ipcalc Mac OS: o Mac OS X IP subnet calculator dashboard widget: http://www.apple.com/downloads/dashboard/networking_security/ipsubnetcalculator.ht ml Web-based calculators: o Online IP subnet calculator: http://www.subnet-calculator.com/ o Cisco IP subnet calculator (CCO login required): http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl