Вы находитесь на странице: 1из 8

IP Subnetting

IP Subnetting
Introduction
The Internet Protocol (IP) is the de facto standard when it comes to routing network communications in the world today. Although other networking protocols still exist, it is extremely difficult to find a network that is not running IP. A critical skill for any network administrator or security admin that supports a network environment is IP subnetting. This paper discusses why subnetting is important, IP addressing basics, decimal to binary conversion, early subnetting, and variable length subnetting.

Why Is Subnetting Important?


Subnetting is important for several reasons. Subnetting helps to reduce the number of routes needed in a routing table. This was extremely important to the Internet. In the early days of the Internet, companies were directly assigned IP address ranges by the Internet Assigned Numbers Authority (IANA). As the Internet grew, each of the uniquely assigned ranges had to be included in the Internet routing table, and this quickly resulted in huge routing tables. At this point, IANA decided that instead of issuing IP address ranges directly to companies, it would set up regional authorities that would distribute IP addresses. These regional authorities are ARIN (North America), RIPE (Europe), LACNIC (Latin America), APNIC (Asia), and AFRINIC (Africa). Each of these agencies is assigned a large block of addresses by IANA; the agency then subnets these blocks and assigns them to the various Internet service providers (ISPs). The ISPs subnet their addresses even further and assign them to their customers. Now when packets are routed through the Internet, the main Internet routers need to know only which region to get it to instead of every company or network connected to the Internet. The region can then get it to the ISP and the ISP knows where it is supposed to go from there. Subnetting allows you to make efficient use of your address space. If you only have a network of two hosts, such as a wide area network (WAN) link, why would you waste an IP address range of 254 addresses? Subnetting can also aid with troubleshooting an issue. If you have one large flat network, when problems arise it is often difficult to physically track down where the problem is coming from. If you subnet your network intelligently, you can more easily determine where, in the physical network, problems exist. From a security perspective, subnetting can also help you isolate networks that may be high risk or process sensitive or critical data. With subnetting, you can isolate wireless networks, research and development, finance and human resource networks, internet facing networks, and so on. By utilizing firewalls and intrusion detection systems, you can more easily regulate who has access in and out of a particular network.

IP Addressing Basics
Before we start dive into subnetting, we need to cover some basics. The first item for discussion is the IP address. An IP address is a 32-bit number typically represented in four sections called octets. These sections are segregated by a dot or period, and you ,hear this format referred to as dotted decimal notation. A sample IP address is 172.16.10.15. This IP address is what identifies a system or resource on a particular IP network. The IP address itself is actually made up of two parts. One part identifies the network that the host belongs to, and the other part identifies the host. To figure out where the network portion stops and the

host part begins you need a subnet mask. A subnet mask is also represented in dotted decimal notation. An example of a subnet mask would be 255.255.255.0. You will see later how the subnet mask is used to identify the network and the host parts of the IP address.

Decimal and Binary


No discussion on IP subnetting would be complete without mentioning decimal to binary conversion, and vice versa. This is not a math paper, so I will keep this section as brief as possible. Computers speak binary. This means the computer knows only two modes for each bit of data, on or off, or 1 or 0. Alternatively, humans like to see numbers in a base 10 format or 0 through 9 and multiples thereof. In IP subnetting, it is important that we know how to convert IP addresses and subnet masks from their humanfriendly decimal form to the computer-friendly binary form because the locations of the 1s and 0s is extremely important, as you will see later. If we use the sample IP address from before, 172.16.10.15, and represent it in binary format, it would look like this: 10101100.00010000.000001010.00001111. So, how do we get from the decimal form to the binary form, and vice versa? First, lets convert from binary to decimal. If we take the first octet of our sample IP address and map it to the binary numbering system, it looks like this: Binary IP Address 27 1 26 0 25 1 24 0 23 1 22 1 21 0 20 0

If we then add in the decimal equivalents of the binary, it looks like this Binary=Decimal 27=128 IP Address 1 26=64 0 25=32 1 24=16 0 23=8 1 22=4 1 21=2 0 20=1 0

Now all we have to do is add the decimal numbers together where a 1 appears and we will get the decimal equivalent of the binary number. In this case it looks like this: 128 + 32 + 8 + 4 = 172. That wasnt so bad. Now that you know how to convert from binary to decimal, how do you go from decimal to binary? I thought you would never ask. To convert from decimal to binary, you use division and remainders. Lets take our 172 example from previously. The formula for conversion is as follows. 1. First divide the number by 2. The remainder will be either 0 or 1. 2. Write down the remainder. 3. Divide the remaining number without the remainder by 2. Again, the remainder will be either 1 or 0. 4. Write down the remainder to the left of the previous remainder. 5. Repeat this until you end up with 0. For 172, the formula would look like this: 172 2 = 86 remainder 0 86 2 = 43 remainder 0 43 2 = 21 remainder 1

21 2 = 10 remainder 1 10 2 = 5 remainder 0 5 2 = 2 remainder 1 2 2 = 1 remainder 0 1 2 = 0 remainder 1 So our binary number for 172 = 10101100. Remember that each section of an IP address is 8 bits long. In the previous example, the conversion worked out to 8 bits exactly, so that was easy. If we used a smaller number such as 15, we would have reached 0 before we had 8 bits. If this occurs, fill in the remaining bits with 0s. For example: 15 2 = 7 remainder 1 7 2 = 3 remainder 1 3 2 = 1 remainder 1 1 2 = 0 remainder 1 Because we got to 0 in only four steps, the remaining bits are 0--so the binary of 15 is 00001111. Okay, enough math; lets talk about IP subnetting.

Early Subnetting
In the beginning, IP addresses were traditionally broken up into five classes lettered A through E. Classes A, B, and C were used for your average IP networks; Class D was used for multicast networking; and Class E was for experimental usage. The determination of which class a particular network fell in was determined by the first octet of the IP address, specifically by the first few bits of the first octet. This is represented in the following table. First Bits Class A Class B Class C Class D Class E 0 10 110 1110 11110 1st Octet 1-126 128-191 192-223 224-239 240-254 Number of Networks 126 16,384 2,097,152 n/a n/a Hosts per Network 16,777,214 65,534 254 n/a n/a

Because Classes D and E are special classes, we will focus our discussion on Classes A, B, and C. Each of these classes has a default subnet mask and a private address range. The private address ranges are utilized on internal networks, and addresses in these ranges cannot be routed in the public network of the Internet. These defaults and private ranges are shown here: Default Subnet Mask Class A Class B Class C 255.0.0.0 255.255.0.0 255.255.255.0 Private Address Range 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0-192.168.255.255

As we mentioned before, the subnet mask is used to identify which portion of the IP address is the network and which portion of the IP address is the host. To visually see how this works, we need to represent our IP address and subnet mask in binary format. See, I told you the binary stuff would come in handy. Lets take our initial sample IP address of 172.16.10.15. As you can see from the previous table, this is a Class B address with a default subnet mask of 255.255.0.0. Lets represent that in binary. 172.16.10.15 255.255.0.0 10101100 11111111 00010000 11111111 00001010 00000000 00001111 00000000

As you can see, there are two very distinct sections to the subnet mask; one section is represented by all 1s and the other is all 0s. This is how you tell the network portion of the IP address from the host portion. The piece of the IP address that lines up with the 1s is the network portion, and the piece that lines up with the 0s is the host portion. So in our example, the network is 172.16 and the host is 10.15. In addition to the dotted decimal notation, you might also see the subnet mask represented in a /# format where the # represents the number of bits in the network portion of the subnet mask. In the previous example, you might see it written 172.16.10.15/16. When the Internet was small, this class-based method of subnetting worked fine. It was easy to understand and administer. If you were a large company that had more than 65,536 hosts, you were given a Class A address, if you were a small company with fewer than 254 hosts, you were given a Class C address; and so on. As the Internet grew, and networks grew more complex, it was quickly discovered that this class-based system was not going to be sufficient and the IP address space would be depleted quickly. This began the discussion of IPv6, but because the Internet and networks were growing at such rapid rates and IPv6 would take time to develop and adopt, along came Variable Length Subnet Masking (VLSM), which is primarily what is used today when discussing subnetting.

VLSM
Before we discuss VLSM, we need to cover some rules with regard to subnetting. They are as follows. 1. The network ID cannot be 127. The 127.0.0.0 network is reserved for loop-back and was originally designed for testing purposes. 2. In binary format, the network ID and the host ID cannot be all 1s. These are special designators for what are called broadcast addresses. 3. In binary format, the network ID and the host ID cannot be all 0s. When the host ID is all 0s, this is used to represent the network ID for the hosts in that network. In VLSM, we are stealing bits from the host portion of the subnet mask to create subnetworks. As a simple example, we will use the Class B network of 172.16.0.0 with a 255.255.0.0 subnet mask. As written, this is one network that has a host range of 172.16.0.1 through 172.16.255.254 (remember you cannot have all 1s in the host portion, so 172.16.255.255 not a valid host address). If you need to create a large number of networks that will not have more than 254 hosts in each network, you can modify your subnet mask to 255.255.255.0. This changes 8 host bits to network bits; now instead of one large network, you have 254 networks each with 254 addresses, as shown here. Network Address Host Range Broadcast Address

172.16.1.0 172.16.2.0 172.16.253.0 172.16.254.0

172.16.1.1 172.16.1.254 172.16.2.1 172.16.2.254 172.16.253.1 172.16.253.254 172.16.254.1 172.16.254.254

172.16.1.255 172.16.2.255 .. 172.16.253.255 172.16.254.255

That is basic subnetting; now lets get a little more creative. Lets say we have a number of small field offices that have no more than 20 hosts. If we issue a Class C network to each office, we are going to waste approximately 230 addresses in each network. If we use VLSM, however, we can get a more efficient use of our subnets. The first question we need to ask is how many host bits do we need to leave in the subnet mask to give us more than 20 hosts per network. This is very simple to determine. The formula to determine the number of hosts per network is 2 raised to the number of host bits in the subnet mask 2. The reason we subtract 2 is because the host ID cannot be all 1s or 0s. So if we look at a class C subnet mask in binary form (11111111.11111111.11111111.00000000), we can see that there are 8 host bits. 28-2 = 254 host addresses. In the following table you can see the number of hosts per network if we were to change the host bits in a Class C subnet mask. Host Bits Changed 1 2 3 4 5 6 Binary Notation of Last Octet 10000000 11000000 11100000 11110000 11111000 11111100 Dotted Decimal Notation 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 /# Format /25 /26 /27 /28 /29 /30 Number of Hosts 27-2 = 126 26-2 = 62 25-2 = 30 24-2 = 14 23-2 = 6 22-2 = 2

Because we need 20 addresses, we can see from the table that we will need to change 3 host bits. It is important to remember that when you change the host bits, you always start from the far left and work your way to the right. We have decided that we are going to use the 192.168.10.0 network as our starting point for our subnetting. We know that our subnet mask is going to be 255.255.255.224. From this point, there are three final items that we need to determine. 1. What are the networks we have created with our new subnet mask? 2. What are the host ranges in those networks? 3. What is the broadcast address for each network? The first step is to determine what our networks will be. To do this, we need to look at the subnet mask in binary notation where we changed host bits to network bits. This is shown below.

Binary=Decimal 27=128

26=64

25=32

24=16

23=8

22=4

21=2

20=1

Subnet Mask

If you take the decimal representation of the first network bit to the far right, that is your first network. In our example the first network bit to the far right is in the 25 position, so our first network is 192.168.10.32. To determine our next network, we simply add that first network value to the last octet until we reach the subnet mask number, which in our case is 224. So our networks are as follows Network Address 192.168.10.32 192.168.10.64 192.168.10.96 192.168.10.128 192.168.10.160 192.168.10.192 Because technology now enables you to use 192.168.10.0, I typically try to refrain from doing so as it may cause problems with legacy technology because of the rule regarding all 0s in the network portion. We also cannot use 192.168.10.224 because that would have all 1s in the network portion, which is also against the rules. The easiest item to figure out next is the broadcast address. Because this is always the last number in the network range, it is always going to be the number just before the next network address. So, if we fill in the broadcast portion of our table, it will look like this. Network Address 192.168.10.32 192.168.10.64 192.168.10.96 192.168.10.128 192.168.10.160 192.168.10.192 Host Range Broadcast Address 192.168.10.63 192.168.10.95 192.168.10.127 192.168.10.159 192.168.10.191 192.168.10.223 Host Range Broadcast Address

The last step in the process is to determine the host range for each network. We now know the beginning of the network and the end of the network, so the host range simply falls in between. The following table shows all the information filled in. Network Address 192.168.10.32 Host Range 192.168.10.33 192.168.10.65 Broadcast Address 192.168.10.63

192.168.10.64 192.168.10.96 192.168.10.128 192.168.10.160 192.168.10.192

192.168.10.65 192.168.10.94 192.168.10.97 192.168.10.126 192.168.10.129 192.168.10.158 192.168.10.161 192.168.10.190 192.168.10.193 192.168.10.222

192.168.10.95 192.168.10.127 192.168.10.159 192.168.10.191 192.168.10.223

Summary
As you have seen, IP subnetting is an important skill to acquire because it offers many benefits in any networked environment. Using the information in this paper, you should be able to subnet any network to take full advantage of the IP address space you utilize.