...

Why?

Subnetting an IP Network can be done for a variety of reasons, including organization, use of different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space, and security. The most common reason is to control network traffic. In an Ethernet network, all nodes on a segment see all the packets transmitted by all the other nodes on that segment. Performance can be adversely affected under heavy traffic loads, due to collisions and the resulting retransmissions. A router is used to connect IP networks to minimize the amount of traffic each segment must receive. 

Example: 140.179.220.200

It is sometimes useful to view the values in their binary form.

140     .179     .220     .200
10001100.10110011.11011100.11001000

Every IP address consists of two parts, one identifying the network and one identifying the node. The Class of the address and the subnet mask determine which part belongs to the network address and which part belongs to the node address.

Address Classes

There are 5 different address classes. You can determine which class any IP address is in by examining the first 4 bits of the IP address.

• Class A addresses begin with 0xxx, or 1 to 126 decimal.
• Class B addresses begin with 10xx, or 128 to 191 decimal.
• Class C addresses begin with 110x, or 192 to 223 decimal.
• Class D addresses begin with 1110, or 224 to 239 decimal.
• Class E addresses begin with 1111, or 240 to 254 decimal.

Addresses beginning with 01111111, or 127 decimal, are reserved for loopback and for internal testing on a local machine. [You can test this: you should always be able to ping 127.0.0.1, which points to yourself] Class D addresses are reserved for multicasting. Class E addresses are reserved for future use. They should not be used for host addresses.

Now we can see how the Class determines, by default, which part of the IP address belongs to the network (N) and which part belongs to the node (n).

• Class A -- NNNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH
• Class B -- NNNNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH
• Class C -- NNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH

Default subnet masks:

• Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000
• Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000
• Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000

In the example, 140.179.220.200 is a Class B address so by default the Network part of the address (also known as the Network Address) is defined by the first two octets (140.179.x.x) and the node part is defined by the last 2 octets (x.x.220.200).

In order to specify the network address for a given IP address, the node section is set to all "0"s. In our example, 140.179.0.0 specifies the network address for 140.179.220.200. When the node section is set to all "1"s, it specifies a broadcast that is sent to all hosts on the network. 140.179.255.255 specifies the example broadcast address. Note that this is true regardless of the length of the node section.

Private Subnets

Bring on the Fun

Here is where starts  there are some rules that you need to know so let start 

X - Number of bits you borrowing (I like to call them "Stolen") from host bits  

Y - Number of host bits available for that class address (in red pic above) Class A - 24 ,Class B - 16 , Class C - 8

# Number of Subnetworks   =  2^X - 2

#of Hosts/Subnetwork         =   2^(Y-X) - 2 

So  202.100.92.0 /27  would be C class because  first octet  is 202 and  class C addresses begin with 110x, or 192 to 223 decimal.

Default Subnet mask is 255.255.255.0 or 11111111.11111111.11111111.00000000 or 24 bit (First 3 octets  so 3 x 8 = 24) and we got 27 so that means that in this case we are stilling  3 bits from host part to create subnet (Blue S ) .

NNNNNNNN.NNNNNNNN.NNNNNNNN.SSSHHHHH

Now if you use the formula above are X will be  3 so the number of Subnetworks is  2³ - 2 = 8 - 2 = 6  so total nr of networks will be  6  .

Now we need to know how many hosts we will have per subnetwork Here we go    2^(8-3) - 2 = 2⁵ - 2 = 32 - 2 = 30

That means that I could create 6 different networks with 30 hosts in each of them by borrowing 3 bits from hosts.

Now we need to get the new Subnet mask  Default mask is 24 so we calculate difference between default and this one (27)

NNNNNNNN.NNNNNNNN.NNNNNNNN.NNNHHHHH

N  N  N  H H H H H

If you take look at last octet we can see that  3  bits that we borrowed will sum to  224  so your new subnets mask will be 255.255.255.224

Pfff....CDIR - Classless InterDomain Routing

Now that you understand "classful" IP Subnetting principals, you can forget them ;). The reason is CIDR -- Classless InterDomain Routing. CIDR was invented several years ago to keep the internet from running out of IP addresses. The "classful" system of allocating IP addresses can be very wasteful; anyone who could reasonably show a need for more that 254 host addresses was given a Class B address block of 65533 host addresses. Even more wasteful were companies and organizations that were allocated Class A address blocks, which contain over 16 Million host addresses! Only a tiny percentage of the allocated Class A and Class B address space has ever been actually assigned to a host computer on the Internet.

People realized that addresses could be conserved if the class system was eliminated. By accurately allocating only the amount of address space that was actually needed, the address space crisis could be avoided for many years. This was first proposed in 1992 as a scheme called Supernetting. Under supernetting, the classful subnet masks are extended so that a network address and subnet mask could, for example, specify multiple Class C subnets with one address. For example, If I needed about 1000 addresses, I could supernet 4 Class C networks together:

192.60.128.0   (11000000.00111100.10000000.00000000)  Class C subnet address
192.60.129.0   (11000000.00111100.10000001.00000000)  Class C subnet address
192.60.130.0   (11000000.00111100.10000010.00000000)  Class C subnet address
192.60.131.0   (11000000.00111100.10000011.00000000)  Class C subnet address
--------------------------------------------------------
192.60.128.0   (11000000.00111100.10000000.00000000)  Supernetted Subnet address
255.255.252.0  (11111111.11111111.11111100.00000000)  Subnet Mask
192.60.131.255 (11000000.00111100.10000011.11111111)  Broadcast address

Under CIDR, the subnet mask notation is reduced to a simplified shorthand. Instead of spelling out the bits of the subnet mask, it is simply listed as the number of 1s bits that start the mask. In the above example, instead of writing the address and subnet mask as

192.60.128.0, Subnet Mask 255.255.252.0 

192.60.128.0/22

The use of a CIDR notated address is the same as for a Classful address. Classful addresses can easily be written in CIDR notation (Class A = /8, Class B = /16, and Class C = /24)

It is currently almost impossible for an individual or company to be allocated their own IP address blocks. You will simply be told to get them from your ISP. The reason for this is the ever-growing size of the internet routing table. Just 5 years ago, there were less than 5000 network routes in the entire Internet. Today, there are over 90,000. Using CIDR, the biggest ISPs are allocated large chunks of address space (usually with a subnet mask of /19 or even smaller); the ISP's customers (often other, smaller ISPs) are then allocated networks from the big ISP's pool. That way, all the big ISP's customers (and their customers, and so on) are accessible via 1 network route on the Internet. But I digress.

It is expected that CIDR will keep the Internet happily in IP addresses for the next few years at least. After that, IPv6, with 128 bit addresses, will be needed. Under IPv6, even sloppy address allocation would comfortably allow a billion unique IP addresses for every person on earth!

Example

Say you're responsible for administering the IP network of a small university. You begin with an address prefix for the entire campus, say 10.10/16. Next, you subnet that prefix into longer prefixes for buildings within the campus. Perhaps 10.10.1/24 will be assigned to Einstein Hall, 10.10.2/24 is designated for Wilson Hall, 10.10.3/24 for Steinbeck Hall, etc.

Of course, it isn't quite that simple. Wilson Hall may have 300 computers in it. A 24-bit prefix, which only matches 256 addresses (254 assignable), won't work! So maybe we'll have to use 10.10.2/23 for Wilson Hall, which means 10.10.3/24 won't be available for Steinbeck Hall (the prefixes overlap). Subnetting must be planned.

Ultimately, the campus buildings will be interconnected with routers, which will use the prefixes to direct traffic among the buildings. Those routers connecting the campus to other networks will advertise a single route, 10.10/16, for the entire university. Among themselves, the campus routers will use the longer subnet prefixes (like 10.10.1/24) to route traffic between the buildings

Within Einstein Hall, there are several computer laboratories. The address prefix can be subnetted further. Assuming there are no more than 30 computers in each lab, 27 bit prefixes can be used. 10.10.1.0/27 will be used by Newton Lab, 10.10.1.32/27 by Faraday Lab, etc.

Consider packet for another university addressed to 10.10.1.20. First, routers outside this campus would match the packet's address against 10.10/16 and directed it towards the university. Having reached a campus router, the address would then be matched against 10.10.1/24 and be forwarded towards Einstein Hall. Having reached a router within the building, a match against 10.10.1.0/27 would point to routers attached to Newton Lab. Finally, a router directly connected to the Newton Lab Ethernet would determine 10.10.1.20's Ethernet address and deliver the packet to its final destination.

Count hosts on each subnet

The most important planning information available to the subnet designer is a count of how many addresses are required per subnet. Don't forget that each router requires a unique IP address, too, and don't overlook the two reserved addresses on each subnet. Of course, if router and reserved addresses can break your subnetting scheme, then it's probably too tight already. Allow for future expansion, both in general by padding all the subnets, and also in specific cases where future growth can be predicted.

 

Do a mock planning first

Before assigning or even requesting anything, go through the entire planning process using fictitious IP addresses. For example, if you expect to use an overall 20-bit address prefix, do a mock planning with 10.10.16/20. If everything works out, then an almost identical plan will work with any 20-bit prefix. If you're not satisfied with the resulting plan, then try again with a 19-bit prefix (if the mock plan was too tight), or perhaps a 22-bit prefix (if the mock plan was too wasteful). Then you'll be able to go to an Internet provider and say with confidence, "I need a 21-bit address prefix."

 

Plan ahead for address summarization

In the university example, I could have assigned a prefix of 128.74.29/24 to Einstein Hall, 192.177.13/24 to Wilson Hall, and 208.150.133/24 to Steinbeck Hall. In practice, this situation could come about by using multiple Internet Service Providers for the different halls. If we then wanted to come along later and announce a single summary address for the entire university, we'd be out of luck. The longest matching prefix would be 128/1, and that's simply too short (matching half of all IP addresses!) to be usable.

Another example: consider a company with two offices, each using about a dozen subnets, and an overall 192.177.32/19 address. A naive approach might be to assign even numbered subnets to the Washington office, and odd subnets to the Tampa office, so Washington would use 192.177.32/24, 192.177.34/24, 192.177.36/24, etc, while Tampa was numbered 192.177.33/24, 192.177.35/24, 192.177.37/24, etc. The most logical summarization scheme would be to have one summary for each office, but this addressing design precludes that! A better approach would assign 192.177.32/24, 192.177.33/24, 192.177.34/24 to Washington, and 192.177.48/24, 192.177.49/24, 192.177.50/24 to Tampa, so now we can summarize 192.177.32/20 for Washington and 192.177.48/20 for Tampa.

So, plan ahead for address summarization. Even if you're not presently summarizing, plan your IP addresses as if you were. Develop a likely summarization strategy, if only on paper, then assign subnets based on that design.

 

Assign summary blocks first

Work from the top down. Assign the large summary blocks first. If you anticipate the need for future summary blocks, allocate them as well. In the last example above, the company might have an additional office in Chicago, so a summarization block should be planned for it, even if there are no immediate plans to connect it:

Washington	192.177.32/21
Chicago	192.177.40/21
Tampa	192.177.48/21
SPARE	192.177.52/21

 

Assign largest subnets next

Assign larger subnets before smaller ones, since it is much easier to wedge small subnets in between large ones than vice versa.

 

Assign serial links last

Serial links, which can be assigned 30-bit subnets, should be assigned last.

Yet Another Example

The network in this diagram might belong to a mid-sized company with a headquarters and three branch offices. Let's apply each step in the subnetting process.

Step One. Count hosts on each subnet, and refer back to the chart showing how many addresses can be assigned for each prefix length. Two of the branch offices have 20 hosts (21 including the router), and the other has 25 hosts (26 including the router). Each of these subnets will require a /27 prefix, since these can handle up to 30 addresses. Of the headquarters subnets, the one with 30 hosts will require another /27, the one with 50 hosts will require a /26, and the two 10 host subnets each require a /28.

Don't forget the three WAN links, each requiring a /30, and the Ethernet connecting the two routers together, which also requires a /30. However, since more hosts might later be added to the Ethernet, we'll assign it a /29 for expansion purposes.

Step Two. Assign largest subnets first. The largest subnet is the headquarters subnet with 50 hosts, requiring a /26 prefix. We'll assign to it 192.77.33.0/26, using numbers from 0 to 63 in the fourth byte.

Next we need four /27s (one in the headquarters, and one for each of the branch offices). We'll assign 192.77.33.64/27, 192.77.33.96/27, 192.77.33.128/27, and 192.77.33.160/27. We've now used numbers from 0 to 191 in the fourth byte.

The two /28s will be 192.77.33.192/28 and 192.77.33.208/28. That leaves 192.77.33.224/29 for the Ethernet between the two headquarters routers, and the remaining address space for the three WAN links: 192.77.33.232/30, 192.77.33.236/30 and 192.77.33.240/30.

Tricks of the Trade:

Once you've mastered the theory of IP address prefixes, you quickly grow tired of all the binary conversions. Sometimes you have no choice but to convert a number into binary, but often there is a simpler way. Here are some common cases that simplify IP prefix calculations.

Rule 1: A prefix length of 0 matches anything

A prefix of 0.0.0.0/0, or 0/0, is the shortest possible IP address prefix and matches any IP address. We'll see later how this prefix can used to construct default routes to handle routing in cases where no other information is available.

 

Rule 2: A prefix length of 32 is an exact match

A prefix length of 32 bits, the width of a complete IP address, is the longest possible address prefix and matches one IP address exactly. 32 bit prefixes are used to construct host routes, which specify routing behavior for a single IP address.

 

Rule 3: Prefix lengths of 8, 16, and 24 match whole bytes

Any prefix length that's a multiple of 8 matches on byte boundaries. For example, a prefix of 172.30/16 matches any IP address that begins with 172.30 in the first two bytes, and ends with anything in the last two bytes. Similarly, an 8 bit prefix matches the first byte exactly and a 24 bit prefix matches the first three bytes exactly.

 

Rule 4: You never have to manipulate more than one byte in binary

The prefix boundary must fall within one of the IP address' four bytes, and this is the only byte that must be converted into binary. Prefix lengths less than 8 require the first byte to be examined in binary; the remaining three bytes of the address are ignored since they lie completely beyond the address prefix. Likewise, prefix lengths between 8 and 16 require a binary decomposition on the second byte; the first byte matches exactly and the last two bytes are ignored. Prefix lengths from 16 to 24 fall within the third byte, so the first two bytes match exactly and the last one is ignored. The final case, prefix lengths greater than 24 exactly match the first three bytes and require the fourth to be broken down into ones and zeros.

For example, upon seeing the address prefix 208.130.28/22, you can immediately know that the first two bytes of any matching address must be 208.130, and the fourth byte can be anything. Only the third byte must be studied in detail.