Ch. 7 Subnetting and Other Masking Acrobatics

Bruce HartpenceThe Packet Guide to Core Network

Protocols

Introduction

• Let’s start with the idea of a network– The 10,000 foot view is that it is a bunch of

computers connected together– But the technical view is a little more precise

• Computers on the same network– Share the same IP address range– Have the same default gateway (router)– Have the same broadcast address

What is a Mask?

• 192.168.100.0 255.255.255.0• Used to determine the network for a host• Also used by routers to determine forwarding

information• The normal or natural network mask

(netmask) is defined by address class type• Not much flexibility

How do we use the mask?

•Classes vary in size and the number of hosts.•Each class has it’s own address range and mask.

•Early networks could be given an entire class. •For example, RIT has a Class B network address.

•But, this is inefficient and with more and more folks desiring connectivity, was not sustainable.

Logical AND

AND gate

Example: Class C network host200.150.100.95

• Steps 1 & 2: Convert the address and mask to binary11001000.10010110.01100100.0101111111111111.11111111.11111111.00000000

• Perform the ANDing operation from RT to LT11001000.10010110.01100100.00000000

• Convert back to base 10 numbers200.150.100.0

• Easy right?

IP packets

• Network Masks are not included in the IP packet

• All of the processing is done on devices

• But, you never know the mask for the other end

Revisiting the mask structure

• From the class structure– for a class A address: 255.0.0.0– for a class B address: 255.255.0.0– for a class C address: 255.255.255.0

• When we convert to binary– There 1’s indicate the network portion– The 0’s indicate the host portion

From an earlier chapter

• So for our example, the network address is 200.150.100.0 (all 0’s) and the broadcast address is 200.150.100.255 (all 1’s)

• This also means that after ANDing, the host addresses from 200.150.100.1 to 200.150.100.254 are on the same network.

What is a subnet?

• “Logically visible sub-sections” RFC 917

• Work exactly like the classful network and they still have:– Network (subnetwork)

address– Broadcast address– All hosts on the subnet

typically use the same gateway

• Created by manipulating the network mask

• This splits the network into smaller networks

• Bits are “stolen” from the host portion of the network

• A third portion is added to the IP address

OK, we can subnet but why?

• As a network grows in terms of the number of hosts, the traffic grows as well– Broadcast (ARP, Windows, DHCP, etc.)

• Users or departments may have varying security concerns

• The desire to provide different quality of service options

• Other overhead: SNMP, routing• Rule of thumb: 100/30

Subnet behavior

• Local traffic is limited to the subnet– ARP traffic (and everything else) is now limited– Limited broadcast address 255.255.255.255– Broadcast frame address ff-ff-ff-ff-ff-ff

• MAC addresses belong to the subnet, not the classful network

• A router (or routing function) is required to get traffic between subnets

So how do you decide?

• First, how many subnets do you need?– Organization of the groups– Addresses required– Growth– Current equipment

• Once this has been determined, “steal the bits”– Number of bits stolen is determined by the number of

required subnets– In the host portion, work to the right, converting 0s to

1’s as you go

Common subnet patterns

• As bits are stolen, the number of subnets increases and the number of hosts/subnet decreases

Simple example

• A company desires 4 internal subnets within their 200.150.100.0 network

• This requires 2 bits to be stolen because there are four possibilities in 2 bits– 00, 01, 10, 11– These are seen in the subnet field– Stolen bits are revealed in the mask

• New mask– Instead of 255.255.255.0 we have 255.255.255.192

Wait, how did this work?

• The classful network characteristics– Network 200.150.100.0 mask 255.255.255.0– Low useable address 200.150.100.1– High useable address 200.150.100.254

• Often for the router

– Broadcast address 200.150.100.255• ANDing puts everyone on the same network• Mask binary

11111111.11111111.11111111.00000000 Network portion Host portion

Con’t• Stealing 2 bits changes the mask– 255.255.255.192– 11111111.11111111.11111111.11000000

• The red bits represent the subnet field• But what about the binary patterns?– The classful network address– 200.150.100.0– 11001000.10010110.01100100.00000000– The red bits are affected by the change to the mask

New subnet values

• Mask for all: 255.255.255.192• Network ranges– Subnet ID Subnet broadcast– 200.150.100.0 – 200.150.100.63– 200.150.100.64 – 200.150.100.127– 200.150.100.128 – 200.150.100.191– 200.150.100.192 – 200.150.100.255

Let’s look at an example address

• Node IP address: 200.150.100.137• Binary: 11001000.10010110.01100100.10001011

• Subnet mask: 255.255.255.192• Binary: 11111111.11111111.11111111.11000000

• AND• 11001000.10010110.01100100.10001011• 11111111.11111111.11111111.11000000• 11001000.10010110.01100100.10000000

• Base 10: 200.150.100.128• This is the new subnet for this node

Binary value details

• Node 200.150.100.137• 11001000.10010110.01100100.10001011

• Subnet mask: 255.255.255.192• 11111111.11111111.11111111.11000000

• Put all 0’s in for the host portion, you get the subnet ID• 11001000.10010110.01100100.10000000

• Put all 1’s in the host portion, you get the broadcast address• 11001000.10010110.01100100.10111111

Another look at the binary patterns

• Subnet address and binary• 200.150.100.0: 11001000.10010110.01100100.00000000• 200.150.100.64: 11001000.10010110.01100100.01000000• 200.150.100.128: 11001000.10010110.01100100.10000000• 200.150.100.192: 11001000.10010110.01100100.11000000

• So, where are the routers?– 200.150.100.62– 200.150.100.126– 200.150.100.190– 200.150.100.254

Another problem: 2 techniques

• Problem: Class B network 172.30.0.0, 8 subnets desired– Another way to ask this is “How many hosts do you need in

each subnet?”• Method 1 – Algebra– How many hosts total? 65536– How many subnets? 8– Hosts/subnet? 65536/8 = 8192– Bits for subnets? 3– Mask? 255.255.224.0– Always start at the classful network address.

Subnets• The only tough question: What does 8191 look like in dotted quad

notation?• 172.30.0.0 - 172.30.31.255• What is the next possible value?

– 172.30.32.0 – this is the next subnet? Follow the pattern.• 172.30.32.0 – 172.30.63.255• 172.30.64.0 – 172.30.95.255• 172.30.96.0 – 172.30.127.255• 172.30.128.0 – 172.30.159.255• 172.30.160.0 – 172.30.191.255• 172.30.192.0 – 172.30.223.255• 172.30.224.0 – 172.30.225.255

Method 2 – to the binary!

• Having selected the mask, start at the classful address and work through the binary patterns (172.30.0.0)– 172.30.00000000.00000000– 172.30.00100000.00000000– 172.30.01000000.00000000– 172.30.01100000.00000000– 172.30.10000000.00000000– 172.30.10100000.00000000– 172.30.11000000.00000000– 172.30.11100000.00000000

• Remember that these are the subnet addresses

Upper end of the range

• Broadcast addresses insert 1’s in the host portion– 172.30.00011111.11111111 (172.30.31.255)– 172.30.00111111.11111111– 172.30.01011111.11111111– 172.30.01111111.11111111– 172.30.10011111.11111111– 172.30.10111111.11111111– 172.30.11011111.11111111– 172.30.11111111.11111111

• Routers would typically be high/low in the range

Review and other ideas

• You should be able to go back to the simpler example and work both techniques

• Related ideas– Supernetting (combining networks)– Classless inter-domain routing (CIDR)– Variable length subnet masks (VLSM)– Aggregation

• All of these represent different ways to manipulate address space via the subnet mask

Thanks!

• Questions?• Bruce.hartpence@rit.edu• Keep an eye out for podcasts on itunes

Special OfferVisit http://oreilly.com to purchase your copy of Core Network Protocols and enter code 4CAST to save 40% off print book & 50% off ebook with special code 4CAST

Visit http://oreilly.com webcasts to view upcoming webcasts and online events.