IP Subnetting

Kenneth Forward

IP Subnetting
Introduction
The concept of subnetting is fundamental to IP addressing and routing, from determining whether another host is local or remote (and therefore, whether traffic to it must be routed) to optimal assignment of IP addresses and route aggregation. For the purpose of this discussion, we limit ourselves to the Internet Protocol (IP) release still in widest use, IPv4. An IPv4 IP address consists of four 8-bit bytes or octets, for a total of 32 bits. Certain exceptions aside, each 8-bit octet can vary in value from 00000000 base 2 to 11111111 base 2 or 0 to 255 decimal. Although computers and network hardware ultimately operate on the former binary values, humans more typically express IPv4 addresses in dotted decimal notation; for example, 172.17.42.151 as opposed to 10101100 00010001 00101010 10010111. If a 32-bit address space is completely flat or non-hierarchical, it allows for 232 or over 4.2 billion independent IP addresses. Efficient exchange of traffic across the same essentially require that every host know the path to every other host, which is clearly an intractable problem. Even the earliest implementation of IPv4, therefore, divided these 32-bit addresses into a first octet network number and a second through fourth octet rest or local address field to allow for routing between networks as opposed to individual hosts (RFC 760). This 8-bit network number allowed only for a maximum of 255 equally sized networks; however, in due course, this was deemed insufficient. Three new classes of network addresses were therefore proposed: classful addressing, classful network sizes, and supernetting.

RFC 791Classful Addressing

The first of these classes, the Class A networks, continue to use the first octet for their network number, with the restriction that the most significant bit of this octet be 0. The remaining three octets or 24 bits are used to represent the local or host portion of the address. Using ns to designate the remaining network address bits and hs to represent host address bits, you have: Class A0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh Class B addresses use the first two octets to represent the network number, with the restriction that the two most significant bits of the first octet be 10. The remaining two octets or 16 bits are used to represent the local or host portion of the address: Class B10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh Finally, class C addresses use the first three octets to represent the network number, with the restriction that the three most significant bits of the first octet be 110. The remaining octet or last 8 bits are used to represent the local or host portion of the address: Class C110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh Recalling an 8-bit byte can range in value from 0 to 255, you begin to see the binary basis for the dotted decimal classful address ranges with which the reader is no doubt familiar. An octet with its most significant bit set to 0 can at most represent 01111111 base 2 or decimal 127; one beginning 10 can meanwhile vary from 10000000 base 2 through 10111111 base 2 or decimal values 128 through 191. Similarly, an octet beginning 110 supports the decimal range 192 through 223; a first nibble of 1110 characterizes Class D multicast network addresses, which have a first octet of 224 through 239 [RFCs 966, 988]. A first nibble of 1111 characterizes Class E reserved network addresses, which have

a first octet of 240 through 255.1 These observations are summarized Table 1: Class A B C D E Most Significant Bit(s) 0 10 110 1110 1111 Range 127.255.255.2552 128.0.0.0 191.255.255.255 192.0.0.0 0 223.255.255.255 224.0.0.0 239.255.255.255 240.0.0.0 255.255.255.255

Table 1: The Binary Basis for Classful IP Ranges, or the First Octet Rule This binary basis for identifying an IP addresss class is often referred to as the first octet rule. It is best that you understand this binary basis and how to derive the dotted decimal class ranges from it, and then attempt to memorize the seemingly arbitrary decimal ranges themselves.

Classful Network Sizes

Aside from the drawback that the original network number versus rest scheme supported only a maximum of 255 networks, each of the resulting networks was wastefully huge. With 24 bits of rest field, each such network contained 224, or over 16 million addresses, which at the time could be delegated no further. Thus, the classful addressing proposal that followed strove not just to create a greater number of networks (which by definition meant a smaller average size, and therefore, fewer wasted addresses per network); it also sought to create networks of different sizes, with the idea that each applicant received a network of smallest adequate size, which further reduced address waste. Recalling the first one, two, and three most significant bits are predetermined for class A, B, and C addresses respectively, we calculate the number of networks per class and the maximum number of hosts per network, as follows3: Class A B Variable Network Host Bits (h) Number of Networks 2n Bits (n) 7 14 24 16 128 16,384 Hosts Per Network 2h-2 16,777,214 65,534

1 As defined, in RFCs 1112, 1700, and 3300. You may find references suggesting Class E addresses extend only to 247.255.255.255, the first five bits of which11110better fit the classful pattern under discussion. Such references appear to derive from RFC 1365, an ultimately unadopted address extension proposal that promoted the redefining of class E to include only addresses beginning 11110, and the creation of a new class F for addresses beginning 111110. 2 You may object that addresses beginning with 127 are loopback addresses (and not Class A addresses in the regular sense). Although true, the fact is that many special use addresses (RFC 3300) exist within the primary class ranges, and their designation as the former does not exclude them from the latter. 3 Although the maximum number of hosts per classful network has been corrected to ignore illegal host numbers consisting of all zeros and all ones, the number of networks per class has not been so adjusted, in keeping with RFC 1812 over RFC 1122.

21

2,097,152

254

Table 2: Classful Network Sizes Referring to Table 2, you can see that under the classful model, it is possible to provide over two million small sites with networks that are relatively economical with respect to address waste.

Are We There Yet?

Although supporting far more network numbers in a manner far less wasteful of host IDs, classful IP addressing still makes suboptimal use of IPv4s 32-bit IP space. At the crux of this inefficiency are trade-offs between address allocation versus route aggregation. In classful addressings early days, a site, such as a university with more than several hundred hosts, became a likely candidate for a class B network. The pros of this were the site had sufficient addresses, and the routers of the world needed only to know a single route to reach them all. The cons were that the vast majority of host addresses went unused. The recipient was stuck with a single network that physical limitationsmaximum segment length in particularoften could not support. The alternative to thisproviding a site multiple class C networkslargely reversed these pros and cons. Fewer addresses were wasted, and the site could get multiple internal networks, but at the expense of Internet routing tables growing larger. The most pressing of these problems in the early days was not actually address wastage; rather, it was the need to keep Internet routing tables small while still providing larger organizations more than a single flat LAN. The challenge was to somehow subdivide the single-issued network into a series of virtual networks internally, while still presenting them as a unified whole to the Internet.

IP Subnetting
This goal of subdividing the network became known as subnetting, and various schemes (RFCs 917, 925, 932, 936, 940, 950, and 1219) were proposed to achieve it. The model that prevailed in the end allowed one to borrow some number of most significant bits from the host fieldbits that typically went unused in an under populated networkto define an optional subnet field intermediate between the network and host fields; graphically, it looked like this: <network-number><subnet-number><host-number>, instead of the strictly classful <network-number><-----------host-number----------> This model seemed to offer the best of both worlds: All traffic to a site could continue to route to it using the true network number, while internally, one could divide the one network into subnetworks, whether to overcome layer 1 (physical) limitations, segment traffic along organizational lines, or simply to limit broadcast domains. Traffic could be routed between internal subnets on the basis of network and subnet numbers combined, just as if the combination were a real network number. This subnetting concept brought with it one major problem, however. If a 32-bit address was no longer guaranteed classfulworse, if it had different interpretations in different contextsthen the old first octet rule was no longer guaranteed to apply, and a new aid to interpreting IP addresses was vital.

Network Masking
The network or subnet mask was a simple construct proposed to alleviate the problem of how to interpret non-classful addresses. Like an IP address, a subnet mask is a 32-bit, four-octet value typically expressed in dotted decimal notation. Unlike an address, it merely contains a binary value of 1 in every

position that corresponds to the net- and sub-network fields, and a binary value of zero in every position that corresponds to the host ID. Recall that class A, B, and C addresses use their first, first two, and first three octets, respectively, to represent the network portion of an address. We derive the following table of default subnet masks that correspond to these classes: Class A B C Binary Netmask 11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.00000000 Table 3: Classful Netmasks Defined as they are, the logical AND of a netmask and an IP address reveals what portion of the address is to be treated as the network number in that context. ANDing the class B address 172.17.42.151 with the default netmask for that class, for instance, reveals 172.17.42.151 to be a host on the 172.17.0.0/255.255.0.0 network: IP Address: 172.17.42.151 Netmask: Resulting Network Number: 255.255.0.0 172.17.0.0 10101100.00010001.00101010.10010111 11111111.11111111.00000000.00000000 10101100.00010001.00000000.00000000
4

Decimal Netmask 255.0.0.0 255.255.0.0 255.255.255.0

Progress
With the advent of subnet masking, sites were in a much better position to utilize their assigned IP space. In the early days of subnetting however, this borrowing of host bits to create subnets was typically performed only along classful or byte boundary lines. Sites with class B networks, for instance, commonly applied the default class C netmask 255.255.255.0 internally to subdivide the network into 254 subnets5, each containing 254 usable host IDs6. AND ing the address 172.17.42.151 with 255.255.255.0 for instance, made it a host in the 172.17.42.0/255.255.255.0 subnet: IP Address: 172.17.42.151 Netmask: 255.255.255.0 10101100.00010001.00101010.10010111 11111111.11111111.11111111.00000000

Resulting Network Number: 172.17.42.0 10101100.00010001.00101010.00000000 As noted before, however, dotted decimal notation is merely a human convenience. Addresses are 32bit entities that can be arbitrarily subnetted along non-byte boundaries. Should 24 network bits and 8 host ones provide too few subnets with too many unused host IDs in each, for instance, you can split 25 network bits versus 7 host ones. Using a 25-bit netmask, you define 172.17.42.151 to be a host in
4 1+1=1, whereas 0+0, 0+1 and 1+0 equal 0. 5 254, not 256, subnets, because prior to RFC 1812, subnet fields consisting of all 1s or all 0s were considered illegal. 6 254, not 256, usable host IDs, because an address with a host ID field of all 0s would be indistinguishable from its network number, whereas an address with a host ID field of all 1s is reserved for net-directed broadcasts.

subnet 172.17.42.128/255.255.255.128. This allows twice as many subnets because the subnet field is now nine bits long (nnnnnnnn.nnnnnnnn. ssssssss.shhhhhhh) instead of the previous eight (nnnnnnnn.nnnnnnnn.ssssssss.hhhhhhhh), and the number of hosts per subnet is only half what it was before because there are only seven host bits per subnet remaining, as opposed to eight: IP Address: Resulting Network Number: 172.17.42.151 172.17.42.128 10101100.00010001.00101010.10010111 11111111.11111111.11111111.10000000 10101100.00010001.00101010.10000000

Netmask: 255.255.255.128

The importance of non-classful subnet masking is the capability to trade off maximum numbers of subnets per network versus maximum numbers of hosts per subnet. Although less intuitive than classful subnetting (especially when expressed in dotted decimal notation), non-classful subnetting is equally valid and with practice can become intuitive, even when expressed in dotted decimal form.

RFC 1338: Supernetting

The growing practice of subnetting large classful networks begged its converse, namely supernetting a number of smaller classful networks into one larger one. N contiguous class C networks, for example, could be routed as if they were a single network of (N*256-2)7 hosts, provided certain bit (not byte) boundary conditions were met. Applying the network mask 255.255.252.0 to 172.17.42.151 for instance, 172.17.42.151 becomes a host in the 172.17.40.0/255.255.252.0 network, the host number range of which is 172.17.40.1 through 172.17.43.254 because that netmask leaves ten bits for host IDs: IP Address: Netmask: Resulting Network Number: 172.17.42.151 255.255.252.0 172.17.40.0 10101100.00010001.00101010.10010111 11111111.11111111.11111100.00000000 10101100.00010001.00101000.00000000

CIDR Notation
With so many subnetting and supernetting options available, the concept of the network class was quickly becoming deprecated. With the publication of RFCs 1517 through 1520, the transition from classful to what became known as classless IP addressing was largely complete. In the context of routing in particular, references to network ID or network number gave way to network prefix. The length of this prefix being equal to the number of network bits or 1s in the netmask gave rise to a new abbreviated CIDR notation, whereby /prefix-length could be used to indicate an IP addresss subnet mask. Using CIDR notation, the network address 172.17.40.0/255.255.252.0 from the previous example can be more succinctly expressed as 172.17.40.0/22. A complete table of binary netmasks and their decimal and CIDR equivalents follows: Binary Netmask 10000000.00000000.00000000.00000000 Decimal Netmask 128.0.0.0 CIDR Equivalent /1

7 As per previous footnote, host IDs of all zeros and all ones are not permitted, hence N*256-2.

11000000.00000000.00000000.00000000 11100000.00000000.00000000.00000000 11110000.00000000.00000000.00000000 11111000.00000000.00000000.00000000 11111100.00000000.00000000.00000000 11111110.00000000.00000000.00000000 11111111.00000000.00000000.00000000 11111111.10000000.00000000.00000000 11111111.11000000.00000000.00000000 11111111.11100000.00000000.00000000 11111111.11110000.00000000.00000000 11111111.11111000.00000000.00000000 11111111.11111100.00000000.00000000 11111111.11111110.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.10000000.00000000 11111111.11111111.11000000.00000000 11111111.11111111.11100000.00000000 11111111.11111111.11110000.00000000 11111111.11111111.11111000.00000000 11111111.11111111.11111100.00000000 11111111.11111111.11111110.00000000 11111111.11111111.11111111.00000000 11111111.11111111.11111111.10000000 11111111.11111111.11111111.11000000 11111111.11111111.11111111.11100000

192.0.0.0 224.0.0.0 240.0.0.0 248.0.0.0 252.0.0.0 254.0.0.0 255.0.0.0 255.128.0.0 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224

/2 /3 /4 /5 /6 /7 /8 /9 /10 /11 /12 /13 /14 /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27

11111111.11111111.11111111.11110000 11111111.11111111.11111111.11111000 11111111.11111111.11111111.11111100 11111111.11111111.11111111.11111110 11111111.11111111.11111111.11111111

255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254 255.255.255.255

/28 /29 /30 /31 /32

Table 4: Decimal Netmasks and CIDR Notation Equivalents

Inverse Subnet Masks

Aside from dotted decimal and CIDR notations, the aspiring subnetter should be familiar with a third type of network mask as well. The inverse subnet mask is as the name implies: the inverse or complement of a normal subnet mask. It contains zeros in those positions that correspond to the network ID, and ones in those positions that correspond to host ID. The inverse subnet mask is significant for two reasons: Firstly, the logical OR8 of an IP address and its inverse subnet mask reveals the (subnet directed) broadcast address for that network. The broadcast address for the IP in our previous supernetting example, for instance, can be derived as follows: IP Address: Netmask: Inverse Subnet Mask: Broadcast Address: 172.17.42.151 255.255.252.0 0.0.3.255 172.17.43.255 10101100.00010001.00101010.10010111 11111111.11111111.11111100.00000000 00000000.00000000.00000011.11111111 10101100.00010001.00101011.11111111

This first observation may be a little academic in that we already know from a previous footnote that the net directed broadcast address for a network is the address for which the host bits are all ones. A second, more practical reason why inverse subnet masks are important is the fact that Cisco uses them to specify router ACLs. In this context, they are typically referred to as wildcard masks. A sampling of decimal netmasks, CIDR equivalents, and inverse decimal (wildcard) netmasks is presented Table 5: Decimal Netmask 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 CIDR Equivalent /16 /17 /18 /19 Inverse (Wildcard) Mask 0.0.255.255 0.0.127.255 0.0.63.255 0.0.31.255

8 0 OR 0 = 0, whereas 0 OR 1, 1 OR 0, and 1 OR 1all equal 1.

255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240

/20 /21 /22 /23 /24 /25 /26 /27 /28

0.0.15.255 0.0.7.255 0.0.3.255 0.0.1.255 0.0.0.255 0.0.0.127 0.0.0.63 0.0.0.31 0.0.0.15

Table 5: Inverse (Wildcard) Masks Note once again how the CIDR prefix /N equals the number of ones in the dotted decimal netmask. Note also how the complementary nature of netmasks and inverse netmasks gets expressed in dotted decimal notation: Each pair of octets adds up to 255.

Summary
An IPv4 address is 32 bits long, but most frequently expressed using dotted decimal notation. In their earliest days, IPv4 addresses were envisioned as consisting of an 8-bit network number and a 24-bit rest or local address field. Because this scheme supported only 255 networks, it was eventually replaced by the classful network scheme described in RFC 791. Under this new scheme, an addresss class could be determined using the first octet rule. While less wasteful than its predecessor, classful networking was still suboptimal in that network host divisions were required to fall on byte boundaries. The concept of subnetting large networks consequently arose as a means of providing organizations internal network structure whilst still minimizing the size of Internet routing tables. This concept of subnetting eventually begged its converse: supernetting, or the consolidation of multiple small networks into a supernet that could be routed as a single network. Between these two mechanisms, the concept of classful addressing became something of an artifact. In its place came Classless Inter-Domain Routing or CIDR, with its concept that variable length subnet masks could be used to increasingly summarize routes as one got closer to the Internet backbone, while still allowing for complex subnet structures within organizations. As 32-bit constructs, subnet masks contain the binary value 1 in every position that corresponds to the network portion of an address and 0 in those positions that correspond to the host part. Originally expressed in the same dotted decimal notation that IP addresses are expressed in, netmasks today are more frequently indicated using CIDR notation, whereby /prefix-length equals the number of network bits or 1s in the subnet mask, and (32prefix-length) is the number of host bits remaining. Inverse subnet masks, also known as wildcard masks, are frequently used to specify router ACLs. To the uninitiated, classless networking can appear unintuitive, especially when expressed using dotted decimal notation. With practice however, common classless netmasks become recognizable even in dotted decimal format. The certification candidate should be completely familiar with the binary basis

for classless subnetting, as any details that cannot be remembered can always be derived from those first principles.

References
Some readers may dismiss them as dry, but in the end, theres simply no substitute for careful reading of the RFCs. The list of titles that follows is representative and by no means complete for the topic of subnetting. Of those RFCs that do appear, some represent the most recent word on an aspect, whereas others are now considered historical and have been superseded by newer RFCs. Dont ignore the obsolete RFCs, however. Reading new and old together typically lead to far greater insight than a reading of the latest document alone. The official home of the RFCs is http://www.rfc-editor.org. Many mirror sites exist and can be located using the readers preferred search engine. RFC 760DoD Standard Internet Protocol RFC 791Internet Protocol RFC 917Internet Subnets RFC 925Multi-LAN Address Resolution RFC 932Subnetwork Addressing Scheme RFC 936Another Internet Subnet Addressing Scheme RFC 940Toward an Internet Standard Scheme for Subnetting RFC 950Internet Standard Subnetting Procedure RFC 966Host Groups: A Multicast Extension to the Internet Protocol RFC 988Host Extensions for IP Multicasting RFC 1112Host Extensions for IP Multicasting RFC 1122Requirements for Internet HostsCommunication Layers RFC 1219On the Assignment of Subnet Numbers RFC 1338Supernetting: an Address Assignment and Aggregation Strategy RFC 1365An IP Address Extension Proposal RFC 1467Status of CIDR Deployment in the Internet RFC 1517Applicability Statement for the Implementation of Classless Inter-Domain Routing (CIDR) RFC 1518An Architecture for IP Address Allocation with CIDR RFC 1519Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy RFC 1520Exchanging Routing Information Across Provider Boundaries in the CIDR Environment RFC 1700Assigned Numbers RFC 1812Requirements for IP Version 4 Routers RFC 1817CIDR and Classful Routing RFC 1878Variable Length Subnet Table for IPv4 RFC 3300Internet Official Protocol Standards RFC 4632Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan

Resources
Literally dozens of free and commercial subnet calculators exist; the ones listed here are just a sampling of those freely available for various platforms. No endorsement or lack thereof is implied via inclusion or exclusion from this list. If none of these meet your particular needs , many worthy alternatives are available if you search for them on the Internet. Windows: o SolarWinds advanced subnet calculator: http://www.solarwinds.net/products/freetools/index.aspx o WildPackets IP subnet calculator: http://www.wildpackets.com/products/free_utilities/ipsubnetcalc/overview Unix/Linux: o IPCalc perl script: http://jodies.de/ipcalc Mac OS: o Mac OS X IP subnet calculator dashboard widget: http://www.apple.com/downloads/dashboard/networking_security/ipsubnetcalculator.ht ml Web-based calculators: o Online IP subnet calculator: http://www.subnet-calculator.com/ o Cisco IP subnet calculator (CCO login required): http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl