IPv4 Subnet Masking Explained
Quicklinks:
Determining number of available hosts on a network
Default Subnet Masks (Natural Masks)
CIDR (Classless InterDomain Routing)
IP addresses are 32 bit numbers
representing network and host information. The 32 bits are dotted-decimal
numbers in four different groupings (commonly referred to as octets). This
essentially divides the 32-bit number by 4. Each octet contains 8 binary
numbers which translate to decimal numbers, the decimal value of each bit in an
octet is located below:
Decimal by octet
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
Decimal by 32-bit IP
address
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
When all numbers in an octet are
added together it equals a total decimal
number of 255. Using the chart above, a dotted-decimal IP address of
255.255.255.255 would look like this in binary:
|
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
. |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
. |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
. |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
Each octet would consist of 128+64+32+16+8+4+2+1 =255
So the full dotted-decimal IP address would be
255.255.255.255
The binary IP address of 128.64.32.129 is:
10000000.01000000.00100000.10000001
|
1 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
. |
0 |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
. |
0 |
0 |
1 |
0 |
0 |
0 |
0 |
0 |
. |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
1 |
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
128+0 = 128 64+0
= 64 32+0 =
32 128+1 =
129
The binary Address of 192.48.15.99 is:
11000000.00110000.00001111.01100011
|
1 |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
. |
0 |
0 |
1 |
1 |
0 |
0 |
0 |
0 |
. |
0 |
0 |
0 |
0 |
1 |
1 |
1 |
1 |
. |
0 |
1 |
1 |
0 |
0 |
0 |
1 |
1 |
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
. |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
128+64 = 192 32+16=48 8+4+2+1
= 15 64+32+2+1 =
99
An IP address will always be unique
to a host (except in a cluster or NAT environment). For example, Microsoft’s
web server IP address is 207.46.131.137, while Yahoo’s web server IP address is
204.71.200.68. No other machine will have the same IP address as Microsoft’s
web server on the Internet, think of IP addresses as social security numbers
for machines. No one has the same social security number as you because if they
did, how would the SSA differentiate you from
the other person (machines can have more then one IP address). IP addresses
identify more than just a host; they also identify what network the host is on.
IP addresses are divided into
classes. A large network can benefit by having an address class that
allows more hosts. A smaller network could get by with fewer host addresses so
they wouldn’t need the same class as a larger network. IP addresses can cost
big bucks nowadays and it’s important to get a class address that is
appropriate for your network. The larger the number of available hosts in an IP
address, the more you can expect to pay. Only classes A through C will be
covered in this document.
|
Class A |
1.x.x.x – 126.x.x.x |
00000001.x.x.x
- 1111110.x.x.x |
|
Class B |
128.x.x.x – 191.x.x.x |
10000000.x.x.x
- 10111111.x.x.x |
|
Class C |
192.x.x.x – 223.x.x.x |
11000000.x.x.x
- 11011111.x.x.x |
Red = network portion of IP address Blue = host
portion of IP address
A router will typically use only the network portion of the
IP address to route packets.
You may have noticed that the network IP addresses
127.x.x.x and 0.x.x.x are missing, here’s why:
The 127.x.x.x network is used for
loop back testing. A loop-back test usually consists of pinging the IP address
127.0.0.1 but you can ping anything in the 127.x.x.x
network and it will consider it local-host and respond with the loop back echo.
This ping will “send” or exit the transmit pair of the network interface
and loop onto the receive pair of the same network interface. This test will
tell you if TCP/IP has been properly bound to your network interface card. This
is essentially like talking to your self in French. If you can speak it and
understand it; then you know you can communicate with other people who speak
the same language.
0.x.x.x
& 255.x.x.x (Class A example)
A value of zero in an address means
same network or “this wire”. A “0” network is what is defined in a routers
routing table (e.g. a router knows that network 125.0.0.0 with subnet mask of
255.0.0.0 is located on its Ethernet interface 1). A router will also route
packets to unknown networks if a classless default route (default route) is
added to the routing table (0.0.0.0 in binary). For example, it would be
impossible to enter every network into the routers routing table, so instead, a
route of 0.0.0.0 with a subnet mask of 0.0.0.0 is entered into the routing
table (with a default gateway IP address), this is telling the router “if you
do not know where the destination is, send it to
this default gateway”. This forces the routers upstream from your router to
deduce where to send the packet, they in turn will probably send it to their
default gateway, and so on until the packet reaches the router containing the
desired network destination. A network or host address can never be 255 (all
1’s in binary.) All ones specify a
“broadcast” address; which would be everything on that network.
Determining
number of available hosts on a network:
The number of hosts can be
determined by using a simple mathematical formula of 2N– 2 (2 to the power of bits in the host portion minus 2). N
= the number of bits in the host portion. For example in a class B address
(195.1.0.0) with a default subnet mask (255.255.0.0), the host portion is the
last 2 octets (or 16 bits); to determine the number of hosts simply use the
formula 216-2, which equals 65,534 usable hosts.
Remember that the binary address cannot consist of all 0’s or all 1’s that is
why we subtract 2. If you actually did the math you would see that 216 =
65,536, however; two of the hosts are reserved, one host IP (195.1.0.0) is
reserved for the network and one host IP (195.1.255.255) is reserved for the
broadcast address.
Class A maximum number of hosts = 16,777,214
Class B maximum number of hosts = 65,534
Class C maximum number of hosts = 254
Subnet masks are used by networking
devices to determine which portions of the IP address is the network and which
portion is the host. External networking devices do not see a subnet mask. The subnet mask is
merely an aid in further segmenting the network and hosts. When masking, subnet
bits are taken from the host portion of the IP address. For
example, if we wanted to subnet a class B address (180.170.0.0) given to us by
our ISP, we would not subnet the 180.170. network portion.
Default
Subnet Masks (Natural Masks)
Class A = 255.0.0.0 (this is also commonly written in bit
count 255.0.0.0 = /8)
Class B = 255.255.0.0 (this is also commonly written in bit
count 255.255.0.0 = /16)
Class C = 255.255.255.0 (this is also commonly written in
bit count 255.255.255.0 = /24)
So our default class B mask would be written in bit count
as 180.170.0.0/16 which specifies an IP address of 180.170.0.0 with a subnet
mask of 255.255.0.0
The first step in subnet masking is
determining what address class our IP address resides in. In the example
of 195.170.16.0 we know that 195 falls into the class C range. So we know we
will not subnet the first three octets (network portion) of the address, we can
only mask the remaining HOST portion.
|
195.170.16.0 = |
11000011.10101010.00010000.00000000 |
|
255.255.255.0 = |
11111111.11111111.11111111.00000000 |
Host portion in blue
Notice the portion in blue. This is what
determines what bits we can use to further subnet our network. We can determine
what our network portion is by realizing that the mask of 255.255.255.0 is 24
bits of the IP address given to us.
Second, we must determine the
number of hosts or networks needed. In our example we will need 5 networks
(subnets) and a minimum of 20 hosts in each subnet. A question that always
comes up is “how do I know which subnet mask to use?” The answer is really up
to you. You may find that there are 10 different possible masks you could use
but if you meet your required needs, that’s
what’s really important, however; the more bits you use in the subnet mask, the
less you can use in the host portion (meaning you get less hosts but more
networks.) Think of your network and hosts growth pattern; do you have 50 sites
with 5 people (50 networks of 5 hosts) and growing; or do you have only one
site with 10,000 users (1 network with 10,000 hosts)? What will happen if your
company with one site of 10,000 users buys two other companies with one site
and 10,000 users? It always pays to plan for growth; running out of options is
something no network administrator wants to deal with.
Remember how we figured out how
many hosts we could have?
1. We converted our given IP
address to binary.
|
195.170.16.0 = |
11000011.10101010.00010000.00000000 |
.
2. We looked at the subnet mask
given to us by our ISP.
|
255.255.255.0 = |
11111111.11111111.11111111.00000000 |
3.
We
realized that we could only subnet the last octet (or 8 bits) of the IP
address. This is the portion in blue above. To determine what the mask the ISP
gave us (to figure out where to we can mask), just convert it into binary and
look at the ones…when the ones stop that’s where the subnet mask stops.
4.
We
counted the number of 0 bits (all in blue), which equals 8. We then use the
formula 2N-2 (where N is the number of zero bits). 28-2
= 256-2 = 254, we can have a maximum of 254 hosts with this IP address. This
would mean we purchased a class C address from our ISP and it has the default
subnet mask. Remember that “bits”, not octets, define subnets.
|
195.170.16.0 = |
11000011.10101010.00010000.00000000 |
|
255.255.255.0 = |
11111111.11111111.11111111.00000000 |
Host
portion, which we can use to subnet, is in Blue.
Let’s say we wanted to mask the address
given to us by our ISP and we wanted to know how many subnets we could have (we
need 5). Just use the same calculation you used to figure out the number of
hosts but with a new twist, instead of using
N to represent the number host bits; use it instead for the
number of masked bits. For example, this is what was given to us:
|
195.170.16.0 = |
11000011.10101010.11111111.00000000 |
|
255.255.255.0 = |
11111111.11111111.11111111.00000000 |
Host portion of IP address is in Blue.
We need 5 networks, so let’s
start by masking only 2 bits.
|
195.170.16.0 = |
11000011.10101010.00011111.11000000 |
|
255.255.255.192 = |
11111111.11111111.11111111.11000000 |
Masked bits are displayed in Red.
We have 2 bits so we calculate the
number of subnets to see if it will be sufficient (22 = 4).
2 in this case, is representative of
the number of “borrowed” bits (in red). The highlighted number is the
number of subnets we will have if we use this mask. We need 5 subnets, so this
mask will not fit our needs.
What if we try 3 bits (224) as a
subnet mask, hopefully we will get at least five networks and hopefully allow
for some growth at the same time
|
180.170.16.0 = |
10110100.10101010.00011111.11100000 |
|
255.255.255.224 = |
11111111.11111111.11111111.11100000 |
Masked bits are displayed in Red.
We have 3 bits so we use the
“magic” calculation to figure out how many subnets (networks) we can have. The highlighted number is the
answer.
23= 8
We can have
8 different subnets
(networks) with this mask.
Now comes the very scary part. We
are going to figure out what ranges our networks will be in. Hopefully, you
really have your thinking cap on for this challenge.
Take the
number 2 powered by the number of borrowed bits to get a subnet total (this is how
many networks we will have) and then divide
the total number of
subnets into 256 for a range total – 2 = the number of hosts per subnet.
23 = 8 subnets (networks) 256 divided by 8 = 32 –2 = 30 hosts per
subnet
This means
our networks will be 0, 32, 64, 96, 128, 160,192, and 224.
Blue = an address that cannot be used
as a host (because it is used as a network or broadcast address)
|
Network (Subnet) |
Hosts per subnet |
Host Range |
Broadcast |
|
195.170.16.0 |
30 |
195.170.16.1 |