Вы находитесь на странице: 1из 26

Understanding TCP/IP addressing and

subnetting basics
INTRODUCTION

When you configure the TCP/IP protocol on a Microsoft Windows computer, an IP address,
subnet mask, and usually a default gateway are required in the TCP/IP configuration settings.
To configure TCP/IP correctly, it is necessary to understand how TCP/IP networks are addressed
and divided into networks and subnetworks. This article is intended as a general introduction to
the concepts of IP networks and subnetting. A glossary is included at the end of article.
MORE INFORMATION

The success of TCP/IP as the network protocol of the Internet is largely because of its ability to
connect together networks of different sizes and systems of different types. These networks are
arbitrarily defined into three main classes (along with a few others) that have predefined sizes,
each of which can be divided into smaller subnetworks by system administrators. A subnet mask
is used to divide an IP address into two parts. One part identifies the host (computer), the other
part identifies the network to which it belongs. To better understand how IP addresses and subnet
masks work, look at an IP (Internet Protocol) address and see how it is organized.

IP addresses: Networks and hosts


An IP address is a 32-bit number that uniquely identifies a host (computer or other device, such
as a printer or router) on a TCP/IP network.
IP addresses are normally expressed in dotted-decimal format, with four numbers separated by
periods, such as 192.168.123.132. To understand how subnet masks are used to distinguish
between hosts, networks, and subnetworks, examine an IP address in binary notation.
For example, the dotted-decimal IP address 192.168.123.132 is (in binary notation) the 32 bit
number 110000000101000111101110000100. This number may be hard to make sense of, so
divide it into four parts of eight binary digits.
These eight bit sections are known as octets. The example IP address, then, becomes
11000000.10101000.01111011.10000100. This number only makes a little more sense, so for
most uses, convert the binary address into dotted-decimal format (192.168.123.132). The
decimal numbers separated by periods are the octets converted from binary to decimal notation.
For a TCP/IP wide area network (WAN) to work efficiently as a collection of networks, the
routers that pass packets of data between networks do not know the exact location of a host for
which a packet of information is destined. Routers only know what network the host is a member
of and use information stored in their route table to determine how to get the packet to the

destination host's network. After the packet is delivered to the destination's network, the packet is
delivered to the appropriate host.
For this process to work, an IP address has two parts. The first part of an IP address is used as a
network address, the last part as a host address. If you take the example 192.168.123.132 and
divide it into these two parts you get the following:
192.168.123.
Network
.132 Host

-or192.168.123.0 - network address.


0.0.0.132
- host address.

Subnet mask
The second item, which is required for TCP/IP to work, is the subnet mask. The subnet mask is
used by the TCP/IP protocol to determine whether a host is on the local subnet or on a remote
network.
In TCP/IP, the parts of the IP address that are used as the network and host addresses are not
fixed, so the network and host addresses above cannot be determined unless you have more
information. This information is supplied in another 32-bit number called a subnet mask. In this
example, the subnet mask is 255.255.255.0. It is not obvious what this number means unless you
know that 255 in binary notation equals 11111111; so, the subnet mask is:
11111111.11111111.11111111.0000000

Lining up the IP address and the subnet mask together, the network and host portions of the
address can be separated:
11000000.10101000.01111011.10000100 -- IP address (192.168.123.132)
11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)

The first 24 bits (the number of ones in the subnet mask) are identified as the network address,
with the last 8 bits (the number of remaining zeros in the subnet mask) identified as the host
address. This gives you the following:
11000000.10101000.01111011.00000000 -- Network address (192.168.123.0)
00000000.00000000.00000000.10000100 -- Host address (000.000.000.132)

So now you know, for this example using a 255.255.255.0 subnet mask, that the network ID is
192.168.123.0, and the host address is 0.0.0.132. When a packet arrives on the 192.168.123.0
subnet (from the local subnet or a remote network), and it has a destination address of
192.168.123.132, your computer will receive it from the network and process it.
Almost all decimal subnet masks convert to binary numbers that are all ones on the left and all
zeros on the right. Some other common subnet masks are:
Decimal
255.255.255.192
255.255.255.224

Binary
1111111.11111111.1111111.11000000
1111111.11111111.1111111.11100000

Internet RFC 1878 (available from http://www.internic.net ) describes the valid subnets and
subnet masks that can be used on TCP/IP networks.

Network classes
Internet addresses are allocated by the InterNIC (http://www.internic.net ), the organization that
administers the Internet. These IP addresses are divided into classes. The most common of these
are classes A, B, and C. Classes D and E exist, but are not generally used by end users. Each of
the address classes has a different default subnet mask. You can identify the class of an IP
address by looking at its first octet. Following are the ranges of Class A, B, and C Internet
addresses, each with an example address:

Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first
octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is between
1 and 126, inclusive.

Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their
first octet. The address 172.16.52.63 is a class B address. Its first octet is 172, which is
between 128 and 191, inclusive.

Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their
first octet. The address 192.168.123.132 is a class C address. Its first octet is 192, which
is between 192 and 223, inclusive.

In some scenarios, the default subnet mask values do not fit the needs of the organization,
because of the physical topology of the network, or because the numbers of networks (or hosts)
do not fit within the default subnet mask restrictions. The next section explains how networks
can be divided using subnet masks.

Subnetting
A Class A, B, or C TCP/IP network can be further divided, or subnetted, by a system
administrator. This becomes necessary as you reconcile the logical address scheme of the
Internet (the abstract world of IP addresses and subnets) with the physical networks in use by the
real world.
A system administrator who is allocated a block of IP addresses may be administering networks
that are not organized in a way that easily fits these addresses. For example, you have a wide
area network with 150 hosts on three networks (in different cities) that are connected by a
TCP/IP router. Each of these three networks has 50 hosts. You are allocated the class C network
192.168.123.0. (For illustration, this address is actually from a range that is not allocated on the
Internet.) This means that you can use the addresses 192.168.123.1 to 192.168.123.254 for your
150 hosts.
Two addresses that cannot be used in your example are 192.168.123.0 and 192.168.123.255
because binary addresses with a host portion of all ones and all zeros are invalid. The zero

address is invalid because it is used to specify a network without specifying a host. The 255
address (in binary notation, a host address of all ones) is used to broadcast a message to every
host on a network. Just remember that the first and last address in any network or subnet cannot
be assigned to any individual host.
You should now be able to give IP addresses to 254 hosts. This works fine if all 150 computers
are on a single network. However, your 150 computers are on three separate physical networks.
Instead of requesting more address blocks for each network, you divide your network into
subnets that enable you to use one block of addresses on multiple physical networks.
In this case, you divide your network into four subnets by using a subnet mask that makes the
network address larger and the possible range of host addresses smaller. In other words, you are
'borrowing' some of the bits usually used for the host address, and using them for the network
portion of the address. The subnet mask 255.255.255.192 gives you four networks of 62 hosts
each. This works because in binary notation, 255.255.255.192 is the same as
1111111.11111111.1111111.11000000. The first two digits of the last octet become network
addresses, so you get the additional networks 00000000 (0), 01000000 (64), 10000000 (128) and
11000000 (192). (Some administrators will only use two of the subnetworks using
255.255.255.192 as a subnet mask. For more information on this topic, see RFC 1878.) In these
four networks, the last 6 binary digits can be used for host addresses.
Using a subnet mask of 255.255.255.192, your 192.168.123.0 network then becomes the four
networks 192.168.123.0, 192.168.123.64, 192.168.123.128 and 192.168.123.192. These four
networks would have as valid host addresses:
192.168.123.1-62
192.168.123.65-126
192.168.123.129-190
192.168.123.193-254

Remember, again, that binary host addresses with all ones or all zeros are invalid, so you cannot
use addresses with the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.
You can see how this works by looking at two host addresses, 192.168.123.71 and
192.168.123.133. If you used the default Class C subnet mask of 255.255.255.0, both addresses
are on the 192.168.123.0 network. However, if you use the subnet mask of 255.255.255.192,
they are on different networks; 192.168.123.71 is on the 192.168.123.64 network,
192.168.123.133 is on the 192.168.123.128 network.

Default gateways
If a TCP/IP computer needs to communicate with a host on another network, it will usually
communicate through a device called a router. In TCP/IP terms, a router that is specified on a
host, which links the host's subnet to other networks, is called a default gateway. This section
explains how TCP/IP determines whether or not to send packets to its default gateway to reach
another computer or device on the network.
When a host attempts to communicate with another device using TCP/IP, it performs a

comparison process using the defined subnet mask and the destination IP address versus the
subnet mask and its own IP address. The result of this comparison tells the computer whether the
destination is a local host or a remote host.
If the result of this process determines the destination to be a local host, then the computer will
simply send the packet on the local subnet. If the result of the comparison determines the
destination to be a remote host, then the computer will forward the packet to the default gateway
defined in its TCP/IP properties. It is then the responsibility of the router to forward the packet to
the correct subnet.

Troubleshooting
TCP/IP network problems are often caused by incorrect configuration of the three main entries in
a computer's TCP/IP properties. By understanding how errors in TCP/IP configuration affect
network operations, you can solve many common TCP/IP problems.
Incorrect Subnet Mask: If a network uses a subnet mask other than the default mask for its
address class, and a client is still configured with the default subnet mask for the address class,
communication will fail to some nearby networks but not to distant ones. As an example, if you
create four subnets (such as in the subnetting example) but use the incorrect subnet mask of
255.255.255.0 in your TCP/IP configuration, hosts will not be able to determine that some
computers are on different subnets than their own. When this happens, packets destined for hosts
on different physical networks that are part of the same Class C address will not be sent to a
default gateway for delivery. A common symptom of this is when a computer can communicate
with hosts that are on its local network and can talk to all remote networks except those that are
nearby and have the same class A, B, or C address. To fix this problem, just enter the correct
subnet mask in the TCP/IP configuration for that host.
Incorrect IP Address: If you put computers with IP addresses that should be on separate subnets
on a local network with each other, they will not be able to communicate. They will try to send
packets to each other through a router that will not be able to forward them correctly. A symptom
of this problem is a computer that can talk to hosts on remote networks, but cannot communicate
with some or all computers on their local network. To correct this problem, make sure all
computers on the same physical network have IP addresses on the same IP subnet. If you run out
of IP addresses on a single network segment, there are solutions that go beyond the scope of this
article.
Incorrect Default Gateway: A computer configured with an incorrect default gateway will be able
to communicate with hosts on its own network segment, but will fail to communicate with hosts
on some or all remote networks. If a single physical network has more than one router, and the
wrong router is configured as a default gateway, a host will be able to communicate with some
remote networks, but not others. This problem is common if an organization has a router to an
internal TCP/IP network and another router connected to the Internet.
REFERENCES

Two popular references on TCP/IP are:


"TCP/IP Illustrated, Volume 1: The Protocols," Richard Stevens, Addison Wesley, 1994
"Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture," Douglas E.
Comer, Prentice Hall, 1995
It is strongly recommended that a system administrator responsible for TCP/IP networks have at
least one of these references available.

Glossary
Broadcast address -- An IP address with a host portion that is all ones.
Host -- A computer or other device on a TCP/IP network.
Internet -- The global collection of networks that are connected together and share a common
range of IP addresses.
InterNIC -- The organization responsible for administration of IP addresses on the Internet.
IP -- The network protocol used for sending network packets over a TCP/IP network or the
Internet.
IP Address -- A unique 32-bit address for a host on a TCP/IP network or internetwork.
Network -- There are two uses of the term network in this article. One is a group of computers on
a single physical network segment; the other is an IP network address range that is allocated by a
system administrator.
Network address -- An IP address with a host portion that is all zeros.
Octet -- An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range of
00000000-11111111 that correspond to the decimal values 0- 255.
Packet -- A unit of data passed over a TCP/IP network or wide area network.
RFC (Request for Comment) -- A document used to define standards on the Internet.
Router -- A device that passes network traffic between different IP networks.
Subnet Mask -- A 32-bit number used to distinguish the network and host portions of an IP
address.
Subnet or Subnetwork -- A smaller network created by dividing a larger network into equal parts.

TCP/IP -- Used broadly, the set of protocols, standards and utilities commonly used on the
Internet and large networks.
Wide area network (WAN) -- A large network that is a collection of smaller networks separated
by routers. The Internet is an example of a very large WAN.

IP Addresses And Subnet Masks


Addressing for intranets (and the Internet) explained
TCP/IP is the networking protocol of the Internet, and by extension of intranets. For TCP/IP to work, your
network interfaces need to be assigned IP addresses. Note that we said network interfaces and not
computers. The IP addresses are assigned to interfaces and not to computers. So, one computer can
have more than one IP address. For example, if you have two network cards on your computer, then
each of them can have a different IP address either static or dynamic (more about that in a minute).
Similarly, if you have a proxy server running, then the machine on which it is installed should have a static
IP address. Now, the same machine has to establish a dial-up link to the Internet through, say VSNL.
Then the dial-up adapter would be assigned a different dynamic address.
What's an IP address?
An IP address is a number that represents a device like a network card uniquely on the Internet or on
your company's intranet. This number is actually a binary one, but for convenience it's normally written as
four decimal numbers. For instance, a typical IP address would be something like 192.168.1.1. The four
constituent numbers together represent the network that the computer is on and the computer (interface)
itself. Let us first look at the network address part.
The IP addresses for networks on the Internet are allocated by the InterNIC. If you have an Internet
connection (a registered domain and a permanent link to the Internet, and not just a dial-up connection),
then you would be allocated a network address by the agency that registered you, like the InterNIC. Let
us assume this to be 192.6.132.0, a class C network. Then all the machines on this network would have
the same network address. And the last 0 will be replaced by a number from 1 to 254 for the node
address. So, nodes will have addresses 192.6.132.1, 192.6.132.2, and so on up to 192.6.132.254.It
would be worth mentioning here that IP address calculations and concepts make sense only when done
in binary.
Types of networks and corresponding IP addresses
Depending on the size of the network, IP-based networks are
divided into three classes.
Class A- Class A networks are mega monster networks with
up to 224 nodes 16 million plus. Class A networks have their
network addresses from 1.0.0.0 to 126.0.0.0, with the zero's
being replaced by node addresses.
Class B- Class B networks are smaller networks in
comparison they can have only about 65,000 nodes! Network
addresses for these ranges from 128.0.0.0 to 191.0.0.0. Here
the last two zeros get replaced by the node addresses.
Class C- These are the baby networks that can have only
254 nodes at the maximum. The network IP addresses for
these range from 192.0.0.0 to 223.0.0.0.

For a given network address, the last node address is the broadcast address. For example, for the C
class network with address 192.168.1.0, the address 192.168.1.255 is the broadcast address, used to
transmit to all nodes in that network. So, this address along with the network address itself should not be
used as node address.If you want your network to be permanently on the Internet, then you need to be
allocated a network address by the InterNIC. Most of the network addresses now available for allocation
are class C addresses.There are other classes of networks class D and class E. These are primarily used
for experimental purposes.
Introducing subnet masks
In an IP network, every machine on the same physical network sees all the data packets sent out on the
network. As the number of computers on a network grows, network traffic will grow many fold, bringing
down performance drastically. In such a situation, you would divide your network into different
subnetworks and minimize the traffic across the different subnetworks. Interconnectivity between the
different subnets would be provided by routers, which will only transmit data meant for another subnet
across itself. To divide a given network address into two or more subnets, you use subnet masks. The
default subnet masks for class A networks is 255.0.0.0, for class B is 255.255.0.0, and for class C is
255.255.255.0, which signify a network without subnets.
Which class of network? Which IP address?
The InterNIC has (RFC 1597 Address Allocation for Private Internets) allocated particular blocks of
network addresses for use in intranets. These IP addresses don't conflict with those of existing Internet
hosts and will not be handed out for use on the Internet.
The address blocks are:
Class A: 10.0.0.0
Class B: From 172.16.0.0 to 172.31.0.0
Class C: From 192.168.0.0 to 192.168.255.0
Computers on networks using the above IP addresses will be treated as private ones and they can
communicate only within the company intranet. However, they can still access the outside world using
proxy servers. This adds to the security of your intranet. So, your intranet should always use addresses
from these reserved groups only.
Now, which IP address class should you use for your intranet?The answer depends on the number of
hosts that are going to be connected to the intranet. Any machine connected to the network, whether
server or client, is called a host.
Without subneting, you can have the following configurations.
No of machines to be connected

Class of network

Network addresses

254 or less

92.168.0.0 to 192.168.255.0

255 to 65,534

172.16.0.0 to 172.31.0.0

65,535 to 16,777,214

10.0.0.0

Thus, if you are having a class C network that is not permanently connected to the Internet, your network
address can be any one from 192.168.1.0 to 192.168.255.0, and without subneting, you can have 254
hosts having addresses 192.168.1.1 to 192.168.1.254, if you have selected 192.168.1.0 as your network
address; 192.168.1.255 is the broadcast address and 192.168.1.0 is the network address for this
network.
Dynamic IP addressing Vs Static IP addressing
In assigning IP addresses to machines, you have two choices. You can either go around typing in the
individual address on each machine or you can setup one machine to assign IP addresses to the others.
The second one called dynamic addressing is preferred for three reasons. First, it makes the job of
administering the network such as adding new clients, avoiding IP clashes, etc a lot easier. And second,
since only those machines that are switched on will need an IP address, you could potentially have more
machines on your network with dynamic addressing, than you could with static addressing. Finally,
mobile computing has become an everyday reality, and notebook computers have a likelihood of moving
from one network to another or from one subnet to another. In such a situation, if you have static IP
addressing, you have to reconfigure the machine every time you move it something that is eminently
avoidable.
You do dynamic addressing with DHCP (Dynamic Host Configuration Protocol). To make DHCP work on
your network you have to set up a DHCP server.
Calculation of IP addresses and subnet masks is no job for the binary challenged. A handy tool which will
do all this for you is the IP Subnet calculator, a freeware tool from the Net3 Group. It is available on the
PCQ July 97 CD-ROM.
An example in subnet design
Warning: You can safely ignore this section and use the IP subnet calculator instead. Remember
that all this is done in binary. If you are curious as to what happens behind the scenes, here it
goes.
We will consider a class C network being subneted.
First of all you have to decide how many subnets you want to have. This can be along functional lines like
different subnets for accounts, sales, and marketing etc. You also need to know the number of hosts that
the largest subnet is to support. And remember to keep future needs in mind.
Assume that the network address chosen for your intranet is 192.168.1.0, and that you want seven
subnets, with the largest one having 20 hosts.Since you are dealing with binary numbers, subnets can be
created only in blocks of powers of two. That is you can have two subnets, four, eight, 16, and so on. In
this case you choose eight subnets, which will also give you one free subnet for future use. Your IP
address is a 32-bit binary number. Out of this the first 24 bits (8 x 3) have already gone for the network
address. Now you have to set aside the next three (8 = 23 ) for subneting. That leaves you with 32-24-3 =
5 bits for host addresses. With five bits you can have 25 = 32 individual IP addresses for the hosts. Of
these, two all 1s and all 0s cannot be assigned to hosts. The all 0s host number identifies the base
network or the subnet while the all 1s host number identifies the broadcast address of the network or
subnetwork. So, you can have a maximum of 30 hosts on each subnet.
If you want more than 30 hosts on a subnet, what would you do? Reduce the number of subnets or go for
a higher class of network. Remember that the maximum number of hosts on a class C network is 254

(after subtracting the broadcast address and the network address), and with every subnet, you are
reducing that number by two. (8 x 30) + (7x2) = 240 + 14 = 254.
Now we come to the binary numbers.
Network address = 192.168.1.0 = 11000000.10101000.00000001.00000000
Default subnet for class C = 255.255.255.0 = 11111111.11111111.11111111.00000000
Adding 8 subnets = 11111111.11111111.11111111.11100000
Converting this to binary, the required subnet mask is 255.255.255.224 (11100000 in binary is 224 in
decimal notation).
The subnets are numbered 0 to 7. The subnet is defined by replacing the three most significant digits
( first three from left) of the last octet in the network address with the binary representation of the subnet
number. Thus,
Subnet 0 will be 11000000.10101000.00000001.00000000 = 192.168.1.0
Subnet 1 will be 11000000.10101000.00000001.00100000 = 192.168.1.32
Subnet 2 will be 11000000.10101000.00000001.01000000 = 192.168.1.64
Subnet 3 will be 11000000.10101000.00000001.01100000 = 192.168.1.96
Subnet 4 will be 11000000.10101000.00000001.10000000 = 192.168.1.128
Subnet 5 will be 11000000.10101000.00000001.10100000 = 192.168.1.160
Subnet 6 will be 11000000.10101000.00000001.11000000 = 192.168.1.192
Subnet 7 will be 11000000.10101000.00000001.11100000 = 192.168.1.224
A quick check on your calculations is that the fourth octet (in decimal) of all subnets will be multiples of
the fourth octet (in decimal) of subnet 1.As originally defined, subnets with all 0s and all 1s subnets 0 and
7 in this case were not to be used. But today's routers can overcome this limitation.
Now we come to the host address for each of the subnets. Hosts are numbered from 1 onwards as
against subnets which as we saw are numbered from 0 onwards. In this case, we have 30 hosts in each
subnet, and they will be numbered from 1 to 30. To arrive at the host IP address, replace the host portion
of the relevant subnet address (the last five digits of the fourth octet in this case) with the binary
equivalent of the host number.Thus, the IP address of host number 3 on subnet 1 will be
11000000.10101000.00000001.00000011 = 192.168.1.3 and that for host number 30 in subnet 6 will be
11000000.10101000.00000001.11011110 =192.168.1.222.The broadcast address for subnet 4 is
11000000.10101000.00000001.10011111 = 192.168.1.159, which is one less than the subnet address of
subnet 5.

Introduction
This document gives you basic information needed in order to configure your router for routing
IP, such as how addresses are broken down and how subnetting works. You learn how to assign
each interface on the router an IP address with a unique subnet. There are many examples to help
tie everything together.

Prerequisites
Requirements

Cisco recommends that you have knowledge of these topics:

Basic understanding of binary and decimal numbers.

Components Used

This document is not restricted to specific software and hardware versions.


Additional Information

If definitions are helpful to you, use these vocabulary terms to get you started:

AddressThe unique number ID assigned to one host or interface in a network.

SubnetA portion of a network sharing a particular subnet address.

Subnet maskA 32-bit combination used to describe which portion of an address refers
to the subnet and which part refers to the host.

InterfaceA network connection.

If you have already received your legitimate address(es) from the Internet Network Information
Center (InterNIC), you are ready to begin. If you do not plan to connect to the Internet, Cisco
strongly suggests that you use reserved addresses from RFC 1918 .
Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Understanding IP Addresses
An IP address is an address used in order to uniquely identify a device on an IP network. The
address is made up of 32 binary bits, which can be divisible into a network portion and host
portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8

bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP
address is said to be expressed in dotted decimal format (for example, 172.16.81.100). The value
in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary.
Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an
octet holds a value of 20. The bit just to the left of that holds a value of 21. This continues until
the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one,
the decimal equivalent would be 255 as shown here:
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.
0 1 0 0 0 0 0 1
0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)

And this is sample shows an IP address represented in both binary and decimal.
10.
1.
23.
19 (decimal)
00001010.00000001.00010111.00010011 (binary)

These octets are broken down to provide an addressing scheme that can accommodate large and
small networks. There are five different classes of networks, A to E. This document focuses on
addressing classes A to C, since classes D and E are reserved and discussion of them is beyond
the scope of this document.
Note: Also note that the terms "Class A, Class B" and so on are used in this document to help
facilitate the understanding of IP addressing and subnetting. These terms are rarely used in the
industry anymore because of the introduction of classless interdomain routing (CIDR).
Given an IP address, its class can be determined from the three high-order bits. Figure 1 shows
the significance in the three high order bits and the range of addresses that fall into each class.
For informational purposes, Class D and Class E addresses are also shown.
Figure 1

In a Class A address, the first octet is the network portion, so the Class A example in Figure 1 has
a major network address of 1.0.0.0 - 127.255.255.255. Octets 2, 3, and 4 (the next 24 bits) are for
the network manager to divide into subnets and hosts as he/she sees fit. Class A addresses are
used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!).
In a Class B address, the first two octets are the network portion, so the Class B example in
Figure 1 has a major network address of 128.0.0.0 - 191.255.255.255. Octets 3 and 4 (16 bits) are
for local subnets and hosts. Class B addresses are used for networks that have between 256 and
65534 hosts.
In a Class C address, the first three octets are the network portion. The Class C example in
Figure 1 has a major network address of 192.0.0.0 - 223.255.255.255. Octet 4 (8 bits) is for local
subnets and hosts - perfect for networks with less than 254 hosts.

Network Masks
A network mask helps you know which portion of the address identifies the network and which
portion of the address identifies the node. Class A, B, and C networks have default masks, also
known as natural masks, as shown here:
Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0

An IP address on a Class A network that has not been subnetted would have an address/mask pair
similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you identify the network and node
parts of the address, convert the address and mask to binary numbers.
8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000

Once you have the address and the mask represented in binary, then identifying the network and
host ID is easier. Any address bits which have corresponding mask bits set to 1 represent the
network ID. Any address bits that have corresponding mask bits set to 0 represent the node ID.
8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
----------------------------------net id |
host id
netid = 00001000 = 8
hostid = 00010100.00001111.00000001 = 20.15.1

Understanding Subnetting
Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or
C network. If you do not subnet, you are only able to use one network from your Class A, B, or
C network, which is unrealistic.
Each data link on a network must have a unique network ID, with every node on that link being a
member of the same network. If you break a major network (Class A, B, or C) into smaller
subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on
this network would then have a unique network/subnetwork ID. Any device, or gateway,
connecting n networks/subnetworks has n distinct IP addresses, one for each network /
subnetwork that it interconnects.
In order to subnet a network, extend the natural mask using some of the bits from the host ID
portion of the address to create a subnetwork ID. For example, given a Class C network of
204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
204.17.5.0 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
--------------------------|sub|----

By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub")
from the original host portion of the address and used them to make subnets. With these three
bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can
have up to 32 host addresses, 30 of which can actually be assigned to a device since host ids of
all zeros or all ones are not allowed (it is very important to remember this). So, with this in
mind, these subnets have been created.
204.17.5.0 255.255.255.224
204.17.5.32 255.255.255.224
204.17.5.64 255.255.255.224
204.17.5.96 255.255.255.224
204.17.5.128 255.255.255.224
204.17.5.160 255.255.255.224
204.17.5.192 255.255.255.224
204.17.5.224 255.255.255.224

host
host
host
host
host
host
host
host

address
address
address
address
address
address
address
address

range
range
range
range
range
range
range
range

1 to 30
33 to 62
65 to 94
97 to 126
129 to 158
161 to 190
193 to 222
225 to 254

Note: There are two ways to denote these masks. First, since you are using three bits more than
the "natural" Class C mask, you can denote these addresses as having a 3-bit subnet mask. Or,
secondly, the mask of 255.255.255.224 can also be denoted as /27 as there are 27 bits that are set
in the mask. This second method is used with CIDR. With this method, one of these networks
can be described with the notation prefix/length. For example, 204.17.5.32/27 denotes the
network 204.17.5.32 255.255.255.224. When appropriate the prefix/length notation is used to
denote the mask throughout the rest of this document.
The network subnetting scheme in this section allows for eight subnets, and the network might
appear as:
Figure 2

Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is
common to both routers. Also, each router has an IP address for each subnetwork to which it is
attached. Each subnetwork could potentially support up to 30 host addresses.
This brings up an interesting point. The more host bits you use for a subnet mask, the more
subnets you have available. However, the more subnets available, the less host addresses

available per subnet. For example, a Class C network of 204.17.5.0 and a mask of
255.255.255.224 (/27) allows you to have eight subnets, each with 32 host addresses (30 of
which could be assigned to devices). If you use a mask of 255.255.255.240 (/28), the break down
is:
204.17.5.0 11001100.00010001.00000101.00000000
255.255.255.240 - 11111111.11111111.11111111.11110000
--------------------------|sub |---

Since you now have four bits to make subnets with, you only have four bits left for host
addresses. So in this case you can have up to 16 subnets, each of which can have up to 16 host
addresses (14 of which can be assigned to devices).
Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then
you know that its natural mask is 255.255.0.0 or 172.16.0.0/16. Extending the mask to anything
beyond 255.255.0.0 means you are subnetting. You can quickly see that you have the ability to
create a lot more subnets than with the Class C network. If you use a mask of 255.255.248.0
(/21), how many subnets and hosts per subnet does this allow for?
172.16.0.0 10101100.00010000.00000000.00000000
255.255.248.0 - 11111111.11111111.11111000.00000000
-----------------| sub |-----------

You are using five bits from the original host bits for subnets. This allows you to have 32 subnets
(25). After using the five bits for subnetting, you are left with 11 bits for host addresses. This
allows each subnet so have 2048 host addresses (211), 2046 of which could be assigned to
devices.
Note: In the past, there were limitations to the use of a subnet 0 (all subnet bits are set to zero)
and all ones subnet (all subnet bits set to one). Some devices would not allow the use of these
subnets. Cisco Systems devices allow the use of these subnets when theip subnet zero command
is configured.

Examples
Sample Exercise 1

Now that you have an understanding of subnetting, put this knowledge to use. In this example,
you are given two address / mask combinations, written with the prefix/length notation, which
have been assigned to two devices. Your task is to determine if these devices are on the same
subnet or different subnets. You can do this by using the address and mask of each device to
determine to which subnet each address belongs.
DeviceA: 172.16.17.30/20
DeviceB: 172.16.28.15/20

Determining the Subnet for DeviceA:

172.16.17.30 255.255.240.0 subnet =

10101100.00010000.00010001.00011110
11111111.11111111.11110000.00000000
-----------------| sub|-----------10101100.00010000.00010000.00000000 = 172.16.16.0

Looking at the address bits that have a corresponding mask bit set to one, and setting all the other
address bits to zero (this is equivalent to performing a logical "AND" between the mask and
address), shows you to which subnet this address belongs. In this case, DeviceA belongs to
subnet 172.16.16.0.
Determining the Subnet for DeviceB:
172.16.28.15 255.255.240.0 subnet =

10101100.00010000.00011100.00001111
11111111.11111111.11110000.00000000
-----------------| sub|-----------10101100.00010000.00010000.00000000 = 172.16.16.0

From these determinations, DeviceA and DeviceB have addresses that are part of the same
subnet.
Sample Exercise 2

Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in
Figure 3 with the host requirements shown.
Figure 3

Looking at the network shown in Figure 3, you can see that you are required to create five
subnets. The largest subnet must support 28 host addresses. Is this possible with a Class C
network? and if so, then how?
You can start by looking at the subnet requirement. In order to create the five needed subnets you
would need to use three bits from the Class C host bits. Two bits would only allow you four
subnets (22).
Since you need three subnet bits, that leaves you with five bits for the host portion of the address.
How many hosts does this support? 25 = 32 (30 usable). This meets the requirement.

Therefore you have determined that it is possible to create this network with a Class C network.
An example of how you might assign the subnetworks is:
netA:
netB:
netC:
netD:
netE:

204.15.5.0/27
204.15.5.32/27
204.15.5.64/27
204.15.5.96/27
204.15.5.128/27

host
host
host
host
host

address
address
address
address
address

range
range
range
range
range

1 to 30
33 to 62
65 to 94
97 to 126
129 to 158

VLSM Example
In all of the previous examples of subnetting, notice that the same subnet mask was applied for
all the subnets. This means that each subnet has the same number of available host addresses.
You can need this in some cases, but, in most cases, having the same subnet mask for all subnets
ends up wasting address space. For example, in the Sample Exercise 2 section, a class C network
was split into eight equal-size subnets; however, each subnet did not utilize all available host
addresses, which results in wasted address space. Figure 4 illustrates this wasted address space.
Figure 4

Figure 4 illustrates that of the subnets that are being used, NetA, NetC, and NetD have a lot of
unused host address space. It is possible that this was a deliberate design accounting for future
growth, but in many cases this is just wasted address space due to the fact that the same subnet
mask is being used for all the subnets.
Variable Length Subnet Masks (VLSM) allows you to use different masks for each subnet,
thereby using address space efficiently.
VLSM Example

Given the same network and requirements as in Sample Exercise 2 develop a subnetting scheme
with the use of VLSM, given:
netA:
netB:
netC:
netD:
netE:

must
must
must
must
must

support
support
support
support
support

14 hosts
28 hosts
2 hosts
7 hosts
28 host

Determine what mask allows the required number of hosts.


netA: requires a /28 (255.255.255.240) mask to support 14 hosts
netB: requires a /27 (255.255.255.224) mask to support 28 hosts
netC: requires a /30 (255.255.255.252) mask to support 2 hosts
netD*: requires a /28 (255.255.255.240) mask to support 7 hosts
netE: requires a /27 (255.255.255.224) mask to support 28 hosts
* a /29 (255.255.255.248) would only allow 6 usable host addresses
therefore netD requires a /28 mask.

The easiest way to assign the subnets is to assign the largest first. For example, you can assign in
this manner:
netB:
netE:
netA:
netD:
netC:

204.15.5.0/27
204.15.5.32/27
204.15.5.64/28
204.15.5.80/28
204.15.5.96/30

host
host
host
host
host

address
address
address
address
address

range
range
range
range
range

1 to 30
33 to 62
65 to 78
81 to 94
97 to 98

This can be graphically represented as shown in Figure 5:


Figure 5

Figure 5 illustrates how using VLSM helped save more than half of the address space.

CIDR
Classless Interdomain Routing (CIDR) was introduced to improve both address space utilization
and routing scalability in the Internet. It was needed because of the rapid growth of the Internet
and growth of the IP routing tables held in the Internet routers.
CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and so on). In CIDR
, an IP network is represented by a prefix, which is an IP address and some indication of the
length of the mask. Length means the number of left-most contiguous mask bits that are set to
one. So network 172.16.0.0 255.255.0.0 can be represented as 172.16.0.0/16. CIDR also depicts
a more hierarchical Internet architecture, where each domain takes its IP addresses from a higher
level. This allows for the summarization of the domains to be done at the higher level. For
example, if an ISP owns network 172.16.0.0/16, then the ISP can offer 172.16.1.0/24,
172.16.2.0/24, and so on to customers. Yet, when advertising to other providers, the ISP only
needs to advertise 172.16.0.0/16.
For more information on CIDR, see RFC 1518

and RFC 1519

Appendix
Sample Config

Routers A and B are connected via serial interface.


Router A
hostname routera
!
ip routing
!
int e 0
ip address 172.16.50.1 255.255.255.0
!(subnet 50)
int e 1 ip address 172.16.55.1 255.255.255.0
!(subnet 55)
int t 0 ip address 172.16.60.1 255.255.255.0
!(subnet 60) int s 0
ip address 172.16.65.1 255.255.255.0 (subnet 65)
!S 0 connects to router B
router rip
network 172.16.0.0

Router B
hostname routerb
!
ip routing
!
int e 0
ip address 192.1.10.200 255.255.255.240
!(subnet 192)
int e 1
ip address 192.1.10.66 255.255.255.240
!(subnet 64)
int s 0
ip address 172.16.65.2 (same subnet as router A's s 0)
!Int s 0 connects to router A
router rip
network 192.1.10.0
network 172.16.0.0

Host/Subnet Quantities Table


Class B
# bits
------1
2
3
4
5
6
7
8
9
10
11

Mask
--------------255.255.128.0
255.255.192.0
255.255.224.0
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224

Effective
Subnets
--------2
4
8
16
32
64
128
256
512
1024
2048

Effective
Hosts
--------32766
16382
8190
4094
2046
1022
510
254
126
62
30

12
13
14

255.255.255.240
255.255.255.248
255.255.255.252

Class C
# bits
------1
2
3
4
5
6

Mask
--------------255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252

4096
8192
16384
Effective
Subnets
--------2
4
8
16
32
64

14
6
2
Effective
Hosts
--------126
62
30
14
6
2

*Subnet all zeroes and all ones included. These


might not be supported on some legacy systems.
*Host all zeroes and all ones excluded.

IP Default Subnet Masks For Address Classes A, B and C


Subnetting is the process of dividing a Class A, B or C network into subnets, as we've
seen in the preceding topics. In order to better understand how this division of the
whole is accomplished, it's worth starting with a look at how the whole class A, B and
C networks are represented in a subnetted environment. This is also of value because
there are situations where you may need to define an unsubnetted network using
subnetting notation.
This might seem like a strange conceptif you aren't going to bother creating subnets,
why do you need to consider how the old-fashioned classes are used under subnetting?
The answer is that after subnetting became popular, most operating systems and
networking hardware and software were designed under the assumption that subnetting
would be used. Even if you decide not to subnet, you may need to express your
unsubnetted network using a subnet mask.
In essence, a non-subnetted class A, B or C network can be considered the default
case of the more general, custom-subnetted network. Specifically, it is the case where
we choose to divide the host ID so that zero bits are used for the subnet ID and all the
bits are used for the host ID. I realize that this seems like a bit of a semantic game.
However, this default case is the basis for the more practical subnetting we will examine
in the next topic.

Just as is always the case, the subnet mask for a default, unsubnetted class A, B or C
network has ones for each bit that is used for network ID or subnet ID, and zeroes for
the host ID bits. Of course, we just said we aren't subnetting, so there are no subnet ID
bits! Thus, the subnet mask for this default case has 1s for the network ID portion and
0s for the host ID portion. This is called the default subnet mask for each of the IP
address classes.
Since classes A, B and C divide the network ID from the host ID on octet boundaries,
the subnet mask will always have all ones or all zeroes in an octet. Therefore, the
default subnet masks will always have 255s or 0s when expressed in decimal notation.
Table 51 summarizes the default subnet masks for each of the classes; they are also
shown graphically in Figure 68.

Table 51: Default Subnet Masks for Class A, Class B and Class C Networks

Default Subnet Mask


IP Address Total # Of Bits For
Class
Network ID / Host ID

First
Octet

Second
Octet

Third
Octet

Fourth
Octet

Class A

8 / 24

11111111
(255)

00000000
(0)

00000000
(0)

00000000
(0)

Class B

16 / 16

11111111
(255)

11111111
(255)

00000000
(0)

00000000
(0)

Class C

24 / 8

11111111
(255)

11111111
(255)

11111111
(255)

00000000
(0)

Figure 68: Default Subnet Masks for Class A, Class B and Class C Networks

So, the three default subnet masks are 255.0.0.0 for Class A, 255.255.0.0 for class B,
and 255.255.255.0 for Class C. Note that while all default subnet masks use only 255
and 0, not all subnet masks with 255 and 0 are defaults. There are a small number
of custom subnets that divide on octet boundaries as well. These are:
o 255.255.0.0:,This is the default mask for Class B, but can also be the custom
subnet mask for dividing a Class A network using 8 bits for the subnet ID (leaving
16 bits for the host ID).
o 255.255.255.0: This is the default subnet mask for Class C, but can be a custom
Class A with 16 bits for the subnet ID or a Class B with 8 bits for the subnet ID.

Key Concept: Each of the three IP unicast/broadcast address classes, A, B and C,


has a default subnet mask defined that has a one for each bit of the classs network

ID, a zero bit for each bit of its host ID, and no subnet ID bits. The three default subnet
masks are 255.0.0.0 for Class A, 255.255.0.0 for class B, and 255.255.255.0 for Class
C.

IP Custom Subnet Masks


(Page 1 of 4)
It's important to understand what default subnet masks are and how they work. A default
subnet mask doesn't really represent subnetting, however, since it is the case where we
are assigning zero bits to the subnet ID. To do real subnetting we must dedicate at
least one of the bits of the pre-subnetted host ID to the subnet ID, as shown in the
example in the topic that introduced subnet masks.
Since we have the ability to customize our choice of dividing point between subnet ID
and host ID to suit the needs of our network, this is sometimes called customized
subnetting. The subnet mask that we use when creating a customized subnet is, in turn,
called a custom subnet mask. The custom subnet mask is used by network hardware to
determine how we have decided to divide the subnet ID from the host ID in our network.
Deciding How Many Subnet Bits to Use
The key decision in customized subnetting is how many bits to take from the host ID
portion of the IP address to put into the subnet ID. Recall that the number of subnets
possible on our network is two to the power of the number of bits we use to express the
subnet ID, and the number of hosts possible per subnet is two to the power of the
number of bits left in the host ID (less two, which I will explain later in this topic).
Thus, the decision of how many bits to use for each of the subnet ID and host ID
represents a fundamental trade-off in subnet addressing:
o Each bit taken from the host ID for the subnet ID doubles the number of subnets
that are possible in the network.
o Each bit taken from the host ID for the subnet ID (approximately) halves the
number of hosts that are possible within each subnet on the network.
Subnetting Bit Allocation Options
Let's take a brief example or two to see how this works. Imagine that we start with a
Class B network with the network address 154.71.0.0. Since this is Class B, 16 bits are
for the network ID (154.71) and 16 are for the host ID. In the default case there are no

subnets (well, one subnet that is the whole network) and 65,534 hosts total. To subnet
this network, we have a number of choices:
1

We can decide to use 1 bit for the subnet ID and 15 bits for the host ID. If we do
this, then the total number of subnets is 21 or 2: the first subnet is 0 and the
second is 1. The number of hosts available for each subnet is 2 15-2 or 32,766.

We can use 2 bits for the subnet ID and 14 for the host ID. In this case, we
double the number of subnets: we now have 22 or 4 subnets: 00, 01, 10 and 11
(subnets 0, 1, 2 and 3). But the number of hosts is now only 2 14-2 or 16,382.

We can use any other combination of bits that add up to 16, as long as they allow
us at least 2 hosts per subnet: 4 and 12, 5 and 11, and so on.