Anda di halaman 1dari 9

IP Subnetting, Variable Subnetting, and CIDR (Supernetting)

1. Who is this for? People who will be building networks. If you're a manager you can go to sleep now; if you know this stuff already, take a pizza break; if you want to actually build networks some day and are not already comfortable working out appropriate sizes of subnets, please come to the front of the lecture hall - I have a few copies of this lesson but not enough for everyone in the room. 2. Purpose of this lesson Some day you may be responsible for designing a network that connects several locations together with routers. You'll have been given a certain number of IP addresses you can use, and you have to allocate them in chunks to each site without running out! The reason we are going to learn subnetting is simple: there are not enough IP addresses free for you to give a whole Class C network to every site you manage. Some upstream providers charge you for each Class C you allocate. Others force you to justify your use of space in detail, showing that each network you allocated was fully populated. Before we go into details, there are two things you might be able to use which will avoid the need to learn any of this stuff: 1. NAT - network address translation If it is available to you, NAT often lets you create any size of network you want, without worrying about how much IP space you have been officially allocated. I'm not going to explain what NAT is in detail, because it will be covered in someone else's lesson. In short, it's a way to map large numbers of IPs on to a single IP (or to take a large sparse range such as a Class B and map each address that is actually used on to a small number of Class C's). NAT is worth taking the time to learn, because it can save you a whole lot of effort! 2. Online tools to calculate subnets There are many web pages available that will calculate netmasks for given sizes of subnets. These are useful as long as you understand the basics of what you're trying to do. If you don't have 'the big picture', these tools won't help. You can listen to this lecture to get 'the big picture' without getting distracted by the details, then use one of the online tools when you need actual numbers. 3. IP address space in general - inference of Class A/B/C Before we start - a quick and very basic recap on IP addressing in general. Every machine on the net has an address. Addresses are 32 bits. These 32 bits are split into two parts - a network number followed by a host address. The 'host address' part is for a number of machines on one physical network - say a bunch of machines connected with a hub or on a single thin ether wire. The network number represents this group of hosts as a single unit, and routers need to know these network numbers to send data from one net to another. Just where the network/host split is made is arbitrary. There's no real reason why 10.1.2.3 should be part of a class A network and 220.1.2.3 is part of a class C network - it just is. The address space was split up as shown below, and any addresses in these ranges are deemed to be in the appropriate Class. Why does this matter? Well, some software will ask for an IP address but NOT a netmask - and it will infer a netmask from the address. This is OK as

long as you are staying within the class system, but if you are subnetting or supernetting, it can cause you a lot of trouble. There's actually very little difference between a Class C network, and a Class B network with a 255.255.255.0 netmask applied. (The only time they're different is if the network address is of the form X.X.0.X or X.X.255.X) Before you start designing your subnets, you should know what it is that you've been given. Here are three ways of finding out what class your allocation is in. Use whichever you find easiest. 1. 2. 3. 4. Class A addresses begin with 0xxx, or 1 to 126 decimal. (127 is loopback) Class B addresses begin with 10xx, or 128 to 191 decimal. Class C addresses begin with 110x, or 192 to 223 decimal. Class D addresses begin with 1110, or 224 to 239 decimal. (a.k.a multicast - you'll probably never see these) 5. Class E addresses begin with 1111, or 240 to 254 decimal. (or these) 6. If the first bit is 0 it is a Class A address 7. If the first two bits are 10 it is a Class B address 8. If the first three bits are 110 it is a Class C address 9. If the first four bits are 1110 it is a Class D multicast address 10.If the first four bits are 1111 it is a Class E experimental address First Byte Class Network Mask (explained later) 1-126 128-191 192-223 "A" "B" "C" 255.0.0.0 255.255.0.0 255.255.255.0

In all the examples below we will assume we have been allocated a Class C network to work with: 192.168.1.0 192.168.1.0 is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet. So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up. It's amazing the number of people who create internal networks using real IP addresses chosen at random. If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else. If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses. Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover. If you can do a Class C from first principles, you'll be able to do Class B's in your sleep. Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing. 4. What is Broadcast? I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses 192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be sent to *every* station on that network. Later we'll

discover that sending to 192.168.1.0 is sort of something similar. Or was once, anyway. In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet host part set to all ones means broadcast. Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only. 5. Don't I need to know how to do binary arithmetic? Forgetaboutit. If you can't do binary math in your head, just use the data in these tables below. (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.) 6. Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded. Mask is 11110000 This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full. Network part Subnet.host Host addresses 192.168.1.0 192.168.1.16 192.168.1.32 192.168.1.48 192.168.1.64 192.168.1.80 192.168.1.96 0000xxxx 0001xxxx 0010xxxx 0011xxxx 0100xxxx 0101xxxx 0110xxxx 192.168.1.1 to 192.168.1.14 192.168.1.17 to 192.168.1.30 192.168.1.33 to 192.168.1.46 192.168.1.49 to 192.168.1.62 192.168.1.65 to 192.168.1.78 192.168.1.81 to 192.168.1.94 192.168.1.97 to 192.168.1.110 192.168.1.113 to 192.168.1.126 192.168.1.129 to 192.168.1.142 192.168.1.145 to 192.168.1.158 192.168.1.161 to 192.168.1.174 192.168.1.177 to 192.168.1.190 192.168.1.193 to 192.168.1.206 192.168.1.209 to 192.168.1.222 Broadcast Address 192.168.1.15 - UNUSABLE NETMASK ALL 0000's 192.168.1.31 192.168.1.47 192.168.1.63 192.168.1.79 192.168.1.95 192.168.1.111 192.168.1.127 192.168.1.143 192.168.1.159 192.168.1.175 192.168.1.191 192.168.1.207 192.168.1.223

192.168.1.112 0111xxxx 192.168.1.128 1000xxxx 192.168.1.144 1001xxxx 192.168.1.160 1010xxxx 192.168.1.176 1011xxxx 192.168.1.192 1100xxxx 192.168.1.208 1101xxxx

192.168.1.224 1110xxxx 192.168.1.240 1111xxxx

192.168.1.225 to 192.168.1.238 192.168.1.241 to 192.168.1.254

192.168.1.239 192.168.1.255 - UNUSABLE NETMASK ALL 1111's

7. 0's/1's restriction on host part: let's take one subnet from the table above: Network part Subnet.host Host addresses 192.168.1.32 0010xxxx Broadcast Address 192.168.1.33 to 192.168.1.46 192.168.1.47

Now, let's look at the individual hosts within that subnet: Network part Subnet . Host part Host Address 192.168.1.32 0010.0000 192.168.1.33 0010.0001 192.168.1.34 0010.0010 192.168.1.35 0010.0011 192.168.1.36 0010.0100 192.168.1.37 0010.0101 192.168.1.38 0010.0110 192.168.1.39 0010.0111 192.168.1.40 0010.1000 192.168.1.41 0010.1001 192.168.1.42 0010.1010 192.168.1.43 0010.1011 192.168.1.44 0010.1100 192.168.1.45 0010.1101 192.168.1.46 0010.1110 192.168.1.47 0010.1111 UNUSABLE - HOST PART IS ALL 1's UNUSABLE - HOST PART IS ALL 0's

Although you may be familiar with the all ones broadcast addresses (typically x.x.x.255 for a Class C network) you may not realise that at some time in the past x.x.x.0 was also used as a broadcast address. Although this seldom is done nowadays, for historical reasons we still obey this convention. (The last machine I owned that actually used the .0 address for broadcast was a Sun from the late 1980's) Note what happens as the room for hosts gets smaller: This is the host table for a /30: Network part Subnet . Host part Host Address 192.168.1.32 001000.00 192.168.1.33 001001.01 192.168.1.34 001010.10 UNUSABLE - HOST PART IS ALL 0's

192.168.1.35 001011.11 UNUSABLE - HOST PART IS ALL 1's A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26 is pretty bad, because 50% of the nets are unusable. a /28 is best because it lets you have (16 - 2) * (16 - 2) = 192 hosts. This would be the host table if a /31, if it existed: Network part Subnet . Host part Host Address 192.168.1.32 0010000.0 192.168.1.33 0010000.1 UNUSABLE - HOST PART IS ALL 0's UNUSABLE - HOST PART IS ALL 1's

What's wrong with this picture??? Well, you can't have a /31. Here's why... 8. We can have subnets of /26,/27,/28,/29,/30 - BUT NOT /25 or /31! This is a /30 (with sections removed for brevity): Mask is 11111100 Network part Subnet.host Host addresses 192.168.1.0 192.168.1.4 192.168.1.8 192.168.1.12 192.168.1.16 192.168.1.20 192.168.1.24 244 192.168.1.248 192.168.1.252 000000xx 000001xx 000010xx 000011xx 000100xx 000101xx ... 111110xx 111111xx 192.168.1.1 to 192.168.1.2 192.168.1.5 to 192.168.1.6 192.168.1.9 to 192.168.1.10 192.168.1.13 to 192.168.1.14 192.168.1.17 to 192.168.1.18 192.168.1.21 to 192.168.1.22 .............................. 192.168.1.249 to 192.168.1.250 192.168.1.253 to 192.168.1.254

Broadcast Address 192.168.1.3 - UNUSABLE NETMASK ALL 000000's 192.168.1.7 192.168.1.11 192.168.1.15 192.168.1.19 192.168.1.23 ............. 192.168.1.251 192.168.1.255 - UNUSABLE NETMASK ALL 111111's

9. So why not a /25???? Network part Subnet.host Host addresses 192.168.1.0 0xxxxxxx 192.168.1.1 to 192.168.1.126 Broadcast Address 192.168.1.127 - UNUSABLE NETMASK ALL 0's

192.168.1.129 to 192.168.1.255 - UNUSABLE 192.168.1.254 NETMASK ALL 1's When the netmask is only one bit, it can't help but being all zeroes or all ones. 192.168.1.128 1xxxxxxx 10.And why not a /31?

Network part 192.168.1.0

Subnet.host Host addresses 0000000x 192.168.1.0? to 192.168.1.1?

Broadcast Addresses (0's and 1's) 192.168.1.0 - UNUSABLE NETMASK 000000's 192.168.1.1 - UNUSABLE NETMASK 000000's 192.168.1.2 - UNUSABLE Broadcast 0's 192.168.1.3 - UNUSABLE Broadcast 1's ............. ............. 192.168.1.252 - UNUSABLE Broadcast 0's 192.168.1.253 - UNUSABLE Broadcast 1's 192.168.1.254 UNUSABLE NETMASK 111111's 192.168.1.255 UNUSABLE NETMASK 111111's

192.168.1.2 192.168.1.4 250 192.168.1.252

0000001x

192.168.1.2? to 192.168.1.3? .............................. 192.168.1.252 to 192.168.1.253

...

1111110x

192.168.1.254

1111111x

192.168.1.254 to 192.168.1.255

11.Variable subnetting example 1 (insert /30 into /28 from above) Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each. Is there any way we can get back some of those addresses? Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries: Network part 192.168.1.0 192.168.1.4 192.168.1.8 192.168.1.12 192.168.1.16 252 Subnet.host Host addresses 000000xx 000001xx 000010xx 000011xx ... 192.168.1.1 to 192.168.1.2 192.168.1.5 to 192.168.1.6 192.168.1.9 to 192.168.1.10 192.168.1.13 to 192.168.1.14 .............................. Broadcast Address 192.168.1.3 - UNUSABLE NETMASK ALL 000000's 192.168.1.7 192.168.1.11 192.168.1.15 .............

Apart from the first one, these are all perfectly valid subnets, and if we were to configure machines using them, they will look just like normal addresses in a /30 subnet. We can do exactly the same thing for the 192.168.1.240-255 addresses. These small subnets - they only have 2 IP addresses that are usable - are actually just what you need when you are setting up a point to point link between different subnets (in different locations). So by using the 'slop' at the end of the range, you can get your point to point links

for free. 12.Variable subnetting example 2 (insert /28 from above into /26) Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations. The following table tells you how many workstations and how many offices you can have for each size of subnet mask: Bit Split Subnet Mask Block Size Max Useable Subnets (number of offices) 2 6 14 30 62

# C IPs/Subnet (number of workstation 62 30 14 6 2

2/6 3/5 4/4 5/3 6/2

192 (/26) 224 (/27) 240 (/28) 248 (/29) 252 (/30)

64 32 16 8 4

You see, with one office of size 50, we're forced with a simple subnet scheme to use a /26 (2 bits subnet, 6 bits host). However, we have three offices, so this won't work. With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28 (16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station office. Well, the solution is simple: Treat it as a /26, allocate the large office, then extract from a table of /28's enough smaller subnets to fit in the one remaining /26 slot. Like this: Network part Subnet.host Host addresses 192.168.1.0 192.168.1.64 00xxxxxx 01xxxxxx 192.168.1.1 to 192.168.1.62 192.168.1.65 to 192.168.1.126 192.168.1.129 to 192.168.1.190 Broadcast Address 192.168.1.63 UNUSABLE NETMASK ALL 00's 192.168.1.127 ALLOCATE THIS TO BE FURTHER SUBNETTED 192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE

192.168.1.128 10xxxxxx 192.168.1.192 11xxxxxx

192.168.1.193 to 192.168.1.255 UNUSABLE 192.168.1.254 NETMASK ALL 11's (note: with a simple /26, you lose HALF of your potential IP addresses to the broadcast network addresses) And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here:

192.168.1.63 Network part Subnet.host Host addresses 192.168.1.64 192.168.1.80 192.168.1.96 0100xxxx 0101xxxx 0110xxxx 192.168.1.65 to 192.168.1.78 192.168.1.81 to 192.168.1.94

Broadcast Address 192.168.1.79 192.168.1.95

192.168.1.97 to 192.168.1.110 192.168.1.111 192.168.1.113 to 192.168.1.126 192.168.1.127

192.168.1.112 0111xxxx

Now we simply put the two tables together, and we have a variable subnet solution for our three offices. Plus some spares! Network part Subnet.host Host addresses Broadcast Address 192.168.1.0 192.168.1.64 192.168.1.80 192.168.1.96 00xxxxxx 0100xxxx 0101xxxx 0110xxxx 192.168.1.1 to 192.168.1.62 192.168.1.65 to 192.168.1.78 192.168.1.81 to 192.168.1.94 192.168.1.97 to 192.168.1.110 192.168.1.113 to 192.168.1.126 192.168.1.129 to 192.168.1.190 192.168.1.193 to 192.168.1.254 192.168.1.63 UNUSABLE NETMASK ALL 00's 192.168.1.79 ALLOCATE THIS TO THE 10-PC OFFICE 192.168.1.95 ALLOCATE THIS TO THE 9-PC OFFICE 192.168.1.111 SPARE 192.168.1.127 SPARE 192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE 192.168.1.255 UNUSABLE NETMASK ALL 11's

192.168.1.112 0111xxxx 192.168.1.128 10xxxxxx 192.168.1.192 11xxxxxx

and don't forget the trick of grabbing the end IP's for the point to point networks to link these offices together. 13.Preference to finer resolution routes - don't need to fully enumerate Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other. To route this properly you would issue 29 routing commands to one address and 1 to the other. This is wasteful of router table space. The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere. More specific routes take precedence in most routers. Occasionally you will find some brand of router which does require nonoverlapping routes, and if this happens to you, just issue all 30 explicit commands. 14."Supernetting", aka CIDR (Classless InterDomain Routing) The world has a big problem with too many route table entries in the big backbone routers. To solve that problem, people realised they could aggregate network routing commands, eg a network 192.168.2.0/24 and a neighboring network 192.168.3.0/24 could be represented by merging them like this: 192.168.2.0/23 This would be fine, except we know the problems of subnetting and all-zeroes and all-ones

masks. The same problems would start showing up here. The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless" When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing. That's really all you need to know about CIDR. It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down. 15.Calculators Once you understand subnetting as described above, you'll probably be able to do it in your head. However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s. Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet. The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark. 16.Final test :-) You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation (equivalent to 32 Class C networks). You were given the following: 167.114.209.0 through 167.114.240.0. Will these do what you want? (If we have time left, we'll work this example on paper) 17.References Some of the info above was cribbed from:
IP Address Subnetting Tutorial http://www.ralphb.net/IPSubnet/ Daryl's TCP/IP Primer http://ipprimer.windsorcs.com/addressing.cfm http://ipprimer.windsorcs.com/bitbybit.cfm IP Subnet Calculations (Check here for a quick refresher in binary arithmetic) http://www.swcp.com/~jgentry/topo/unit3.htm Subnet masking, definition and summary http://www.exabyte.net/lambert/subnet/subnet_masking_definition.htm http://www.exabyte.net/lambert/subnet/subnet_masking_summary.htm A reasonable subnet calculator that makes some attempt to warn about unusable subnets http://www.agt.net/public/sparkman/netcalc.htm