(originated in 1985 with RFC 950)
This is one of the few long, detailed explanations of subnets that you will find - so stick with it and read through it slowly. The concept is very important !! Subnets are for LAN's only, and the Internet has no idea that subnets exist - and continues addressing the same way, with the same network address. But behind the router, the network address is broken up into 2 or more subnets. If the LAN did not subnet, and the customer needed the separate networks, then the Internet would have to do all the work of routing to those networks. Instead it only has to route to one network, and the LAN preforms the subnetting.
Subnets do not add any addresses !!! They only take the existing addresses and split them up into groups. For example, if a customer had one Class C block - they could take the 256 addresses and split them up into two subnets, each with 128 addresses (although only 126 are usable in each subnet).
Subnets are all based on Classful addressing !!! Do not be confused by the new Internet CIDR (Classless Inter-Domain Routing). CIDR is only for the Internet backbone, and it is also referred to as “supernets” – not subnets.
Subnets are all local !!! The internet has no idea that subnets are included within the IP addresses, and it only delivers based on the Classful portion (the Network prefix), which is not part of the subnet bits, not is it part of the host bits.
Classes of IP networks can be divided into smaller networks called subnetworks
(or subnets). This becomes extremely complex, and therefore only the
basic concept will be discussed here.
Dividing the major class network is called subnetting. Subnetting provides network administrators with several benefits. It provides extra flexibility, makes more efficient use of network address utilization, and contains broadcast traffic because a broadcast will not cross a router.
Subnets are under local administration. As such, the outside world sees an organization as a single network, and has no detailed knowledge of the organization's internal network structure. A given network address can be broken up into many subnetworks. For example, 172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all subnets of the Class B network 184.108.40.206.
IP Subnet Mask:
A subnet address is created by "borrowing" bits from the host field and designating them as the subnet field. The number of borrowed bits is variable and specified by the subnet mask. The following figure shows how bits are "borrowed" from the host address field to create the subnet address field:
Subnet masks use the same format and representation technique as network mask format, the subnet mask has binary 1s in all bits specifying the network and subnetwork fields, and binary 0s in all bits specifying the host field. The following figure shows a sample subnet mask:
Subnet Masks when there are no Subnets
This is very common - the majority of IP customers have no subnets - but still need the subnet masks. For a simple example of a non-subnetted customer, suppose a corporation orders a T1 Internet circuit, and is given one Class C block of addresses (144.223.26.xxx) for a total of 254 usable addresses (.111 and .000 are reserved). Even though the customer does not have any subnets, there are still two subnet masks required!!
Subnet Mask for T1 Serial Interface
This is the serial link between customer and provider, and only requires two static IP addresses . . . one for the customer's router, and one for the provider's router. This is always 255.255.255.252 (for the customers). This is configured within their router. The .252 mask defines a /30 prefix, and therefore has 4 addresses, of which only 2 are usable. The 2 addresses are the WAN Interface addresses of the two routers. Here is an example of the two addresses for the serial interfaces for the a T1 link:
Local Subnet Mask - cust has his own local subnet mask,
which for a Class C block of addresses, is:
In general, the host address of a subnet IP space can be any combination of bits, except all 0's or all 1's.
all 0’s - refers to the host portion as all 0's, not the network portion !!!! This is called the “Network” address (also called "this computer" or "this networks"). It is called "this network" when dealing with all 0's in the Host portion. For example, a Class C network 220.127.116.11 - the fourth byte of that address is the host byte, and the 8 bits are all 0's (i.e. 00000000). All actual host addresses in that byte will be 1,2,3, . . . 254. The network is 194.7.4 but the full 32-bit address of the network is usually stated as 18.104.22.168 - this is not an actual physically accessible address. This is a virtual address used to define a network. Useful to show the area where all IP addresses from that network reside.
all 1’s - broadcast - these packets will be received by all stations
Both network and host address representations have two special cases, all 0’s and all 1’s which are often said to be reserved, and often said to be not reserved. Therefore the equation for maximum representations (max networks or max hosts) becomes either 2n (some rare books say that all 1’s and all 0’s are ok) or 2n –2. ALWAYS ASSUME 2n –2
Cisco’s tables at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/subnets.htm - xtocid17414 include all the subnets, including 000 and 111 for this example. The Sybex book says do not use the all zero’s and all 1’s subnets.
Number of Subnets = 2n (Cisco) or 2n-2 (Sybex and Cisco Press) n=no. of subnet bits
Number of Hosts = 2n-2 n = no. of host bits
Conclusion – to be safe do not use the zero and broadcast subnets. Therefore for both subnets and hosts, the total number can be found by using 2n-2. However, for the CCNA Exam – keep that option open !! Note that the subnet mask will always have all 1’s in the subnet numbert portion. For example a mask of 255.255.255.240, for the last octet, has 4 bits that are all 1’s, and that is the subnet number portion of the IP addresses – the last octet is 11110000, where the first 4 bits is where the subnet number resides, and the 1’s of the mask let it come through when “AND’ed” (the last 4 bits is the host address and that is masked out to all 0’s during the AND operation).
*** this inclusion-exclusion of all 0’s and all 1’s is bery confusing, since sources do not agree at all on it !!!
OSPF and IS-IS routing protocols look for the existence of an extended-prefix whenever the prefix is all 0’s or all 1’s. If the extended-prefix exists, then a network address of all 0’s or 1’s is tolerated and seen as a routable packet. However, RIP does not look for an extended prefix, and cannot route all 0’s or all 1’s prefixes. Fortunately, RIP is not used on the Internet, so these are generally legal.
For CCNA Tests always assume all 0’s and all 1’s are not allowed – for both number of subnets and number of hosts !!! But this is not even certain !!!
With Classful addressing, the Network portion is called the “prefix”, which is either 1, 2, or 3 bytes. With subnetting, an “extended-prefix” is comprised of the concatenation of the network-prefix and the subnet bits. The extended-prefix is so common, that it is now simply called the prefix.
The lenght of the prefix can theoretically consist of any number of bits from 1 up to 32. However, there are some constraints . . .
Prefix minimum/maximum – since you cannot have a network larger than a Class A, the smallest prefix is /8. The largest is 30 bits. Prefix cannot be 31 - of course, there will always be both a network, and a host address, You cannot have just a single bit for the host address. This would leave only two host addresses – 1 or 0. The case of all 0’s and all 1’s are disallowed ( reserved)
NOTE: Sybex states one odd instance – A prefix length of 32 bits, the width of a complete IP address, is possible because it matches one IP address exactly.
No, it is simply a method of notation. However, subnets are often given in prefix notation. For example, you have a private campus network. You decide to use classless addresses using 10.10 /16 (it must be Classless, because 10. is Class A and that would be /8 ). So far we have given an address range using prefix notation, and there are no subnets. Then you decide to create a subnet at one of the buildings 10.10.1 /24. You have just given a subnet in prefix notation. It dictates that all addresses in that building are addressed in the following range:
You could then further subnet the building, routing packets to two different subnets. These are now subnets of a subnet of a network (10.10 /16).
The diagram shows a subnetted IP address. This is not the subnet address, which is the extended network prefix with the host field all zeros!! The Network-Prefix is the standard Classful prefix which in this case is /16. The subnet number increases the prefix to /24, which means there are 8 bits used for subnetting. The extended network address is classless. Therefore, with subnets, you typically have a combination of classful (Internet routing) and classless (local routing) adressing, as the example shows.
The Internet uses the network prefix to route, and subnetting has no effect on the network prefix !!! All it does it break down the host address space into two parts, so that locally, a subnet (local network address) is made available. The subnet number is also viewed as an extension of the network address, but this extension is only used by the local router.
The Internet has no idea or concept of subnets!! Packets are addressed the same way they always have been, and the subnets create no new addresses. The subnet is of local significance only. When a packet is addressed to a destination that contains subnets, the following occurs:
Cisco Nomenclature – whenever they say you have an “n” bit subnet mask, assume that it is the number of bits in the subnet number. Therefore you must add it to a Classful address to get the total 1 bits in the mask. For example, they say you have a 19-bit subnet mask and ask you how many possible hosts. The 19-bits will be added to a Class C (24 bits), Class B (16 bits) or Class A (8 bits). The only possible Class it can be added to without exceeding the total of 32 bits, is a Class A subnet mask (8 “1-bits”). So 19+8 = 27, and the mask will be 27 bits long: 11111111.11111111.11111111.11100000, which has 5 bits for the hosts. Therefore you can have 2n – 2 hosts = 25 – 2 = 32-2 = 30 hosts
Extended Prefix Lengths for:
Cannot be less than classful prefix lengths:
TIP: to see if a given subnet with prefix is valid, look at the first octet to figure out the Class, and then make sure the Classful prefix is greater than the subnet prefix. If the Classsful prefix is the same as the subnet prefix, then it is not subnetted at all and it is not a subnet. For example, the “subnet” 22.214.171.124 /24 is not a subnet – it is Class C, which is /24, and the subnet is /24 which means there are no bits to ther right in which to form subnets.
Subnets also can't intrude into the classful network boundaries, so the prefix (which includes the subnet bits) cannot be less than the Classful prefix – however, it must be larger. Each subnet must be fully contained with a single classful network. For example, 210.22.74 /23 is not a valid subnet. :
First of all, 210 defines it as Class C addressing, which means a 24-bit classful prefix, which the subnet prefix must exceed . Second, you can see that there are many possible hosts that will cause the network ID of 74 (3rd octet) to change to 75 by placing “1” in the 9th bit:
On the other hand, 150.22.74 /23 is a valid subnet, because 150 in the first octet means that it is Class B addressing and the host bits are fully contained within the class B network 126.96.36.199:
No matter what combination of host bits are used, the Class B network ID remains unchanged
What about the classless addressing you mentioned earlier with 10.10 /16 ?? In this case, you first notice that the first octet of 10 (00001010) means it is Class A (first bit=0). But /16 is Class B !!! Also, the prefix with Class A addressing must be /8, not /16 - therefore this must be a classless address:
In addition, just as they were for Classful addressing host numbers - all 1’s and all 0’s are disallowed, as follows :
This subnet, assigned the prefix 10.10.1.32/27 would have 10.10.1.32 and 10.10.1.63 as its reserved addresses.
When divvying up the address space that you have – the addresses are precious resources, and you always want to use the smallest number of them as possible (unless you need to plan for growth). The serial link interfaces between two routers will rarely grow – so you can save on address space by assigning the two addresses in a /30 range. This is the world’s smallest subnet. Note that /30 prefix leaves you with 2 bits for the host (the address assigned to the router interface). 2 bits gives you 4 addresses, but all 1’s and all 0’s are not allowed – so you have 2 addresses available. The “network” is simply the link between the two routers, and since there are only 2 devices on it – the small subnet is often used (Sprint provisions Internet customers with way).
Never do this for Ethernet links, even if there is only one PC connected to a router!! The network will grow.
The subnet mask is used to filter out and separate the extended network prefix (includes the Network prefix and the subnet bits) and the Host bits. Usually, a logical AND is performed between the IP address and the mask. The 1’s in the mask allow the prefix bits to come trhough – the 0’s in the mask, filter out the Host bits. This leaves the network address intact. The following shows you the various syntax used when stating an IP address with a prefix. Just by seeing these forms with a prefix does not mean that there are subnets – but it does tell you where the boundaries of a subnet mask are, and how many bits are in the prefix.
Each octet of a valid mask begins with a string of one bits, then changes to a string of zero bits. There are only a handful of eight bit numbers that fit this requirement. In fact, there are only nine such numbers,
Just as there are nine possible eight bit numbers that meet the requirements for a subnet mask, so there are only thirty three such thirty two bits numbers.
Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. Performing a bitwise logical AND operation between the IP address and the subnet mask results in the Network Address or Number.
For example, using our test IP address and the default Class B subnet mask, we get:
10001100.10110011.11110000.11001000 188.8.131.52 Class B IP Address
11111111.11111111.00000000.00000000 255.255.000.000 Default Class B Subnet Mask
10001100.10110011.00000000.00000000 140.179.000.000 Network Address
Default subnet masks:
Class A (/8) - 255.0.0.0 - 11111111.00000000.00000000.00000000
Class B (/16) - 255.255.0.0 - 11111111.11111111.00000000.00000000
Class C (/24) - 255.255.255.0 - 11111111.11111111.11111111.00000000
When a bitwise logical AND operation is performed between the subnet mask and IP address, the result defines the Subnet Address. There are some restrictions on the subnet address. Node addresses of all "0"s are reserved for specifying the local network (when a host does not know it's network address) and all 1’s to reach all hosts on the network (broadcast address). This also applies to subnets. A subnet address cannot be all "0"s or all "1"s. This also implies that a 1 bit subnet mask is not allowed. This restriction is required because older standards enforced this restriction. Recent standards that allow use of these subnets have superceded these standards, but many "legacy" devices do not support the newer standards. If you are operating in a controlled environment, such as a lab, you can safely use these restricted subnets.
To calculate the number of subnets or nodes, use the formula (2^n - 2) where n = number of bits in either field. Multiplying the number of subnets by the number of nodes available per subnet gives you the total number of nodes available for your class and subnet mask. Also, note that although subnet masks with non-contiguous mask bits are allowed they are not recommended.
Example of subnet mask. The IP address begins with 140, and therefore it is a Class B address. The normal 255.255.0.0 mask is extended by adding 3 bits which allow subnets. Although all 32 bits shown below form the “subnet mask” – the 3 bits that start the 3rd octet are also referred to as the “subnet mask” – so it can be confusing :
10001100.10110011.11011100.11001000 184.108.40.206 IP Address
AND 11111111.11111111.11100000.00000000 255.255.224.000 Subnet Mask
10001100.10110011.11000000.00000000 140.179.192.000 Subnet Address
10001100.10110011.11011111.11111111 220.127.116.11 Broadcast Address
Number of Subnets - in this example a 3 bit subnet mask was used (shown in bold), and 13 bits represent the node address. For older, legacy equipment the subnet address could not be all 0’s or all 1’s - however all new routers allow them. Using 2n-2 = 8-2 = 6, there are 6 subnets available with this size mask for legacy equipment and 8 subnets for new equipment.
Number of nodes (Hosts) - we have 13 bits in the node address. Again, using 2n-2 the total number of possibilities is 213 –2 = 8192 –2 = 8190. So each subnet has 8190 nodes. Each subnet can have nodes assigned to any address between the Subnet address and the Broadcast address. This gives a total of 6 subnets x 8190 = 49,140 nodes for the entire class B address subnetted for use with legacy equipment. Notice that this is substantially less than the 65,534 nodes an unsubnetted class B address would have. If we use all 8 subnets, which new equipment allows, we would have 8 x 8190 = 65,520.
Broadcast Address – this is defined as an IP address where the Host is all 1’s. You keep the network address as-is and do not fill it with ones, since you do not want to broadcast to the entire Internet. For the example :
Network/Host - 10001100.10110011.11011100.11001000
Broadcast Address - 10001100.10110011.11011111.11111111
The network in this diagram might belong to a mid-sized company with a headquarters and three branch offices. Let's apply each step in the subnetting process.
Step One. Count hosts on each subnet, and refer back to the chart showing how many addresses can be assigned for each prefix length. Two of the branch offices have 20 hosts (21 including the router), and the other has 25 hosts (26 including the router). Each of these subnets will require a /27 prefix, since these can handle up to 30 addresses. Of the headquarters subnets, the one with 30 hosts will require another /27, the one with 50 hosts will require a /26, and the two 10 host subnets each require a /28.
Don't forget the three WAN links, each requiring a /30, and the Ethernet connecting the two routers together, which also requires a /30. However, since more hosts might later be added to the Ethernet, we'll assign it a /29 for expansion purposes.
Step Two. Assign largest subnets first. The largest subnet is the headquarters subnet with 50 hosts, requiring a /26 prefix. We'll assign to it 18.104.22.168/26, using numbers from 0 to 63 in the fourth byte.
Next we need four /27s (one in the headquarters, and one for each of the branch offices). We'll assign 22.214.171.124/27, 126.96.36.199/27, 188.8.131.52/27, and 184.108.40.206/27. We've now used numbers from 0 to 191 in the fourth byte.
The two /28s will be 220.127.116.11/28 and 18.104.22.168/28. That leaves 22.214.171.124/29 for the Ethernet between the two headquarters routers, and the remaining address space for the three WAN links: 126.96.36.199/30, 188.8.131.52/30 and 184.108.40.206/30.
Finding Subnets and Valid Hosts (given the subnet mask)
Assuming the mask’s subnet number portion is contained within one byte (for example, 255.255.255.240, would have the subnet number within the last octet).
The Trick – find the “subnet multiplier – or base number”. The valid subnets will be a multiple of a base number in the “interesting octet), which :
Finding the Interesting octet (examples) :
Given Class C addressing and a subnet mask 255.255.255.240 (the last byte = 11110000), the subnet multiplier is 16 (256 – 240 = 16). This is your base number, or multiple - each successive subnet is multiples of 16. Include 0, that subnet counts !!
mask 11111111.11111111.11111111.11110000 (subnet number in Bold)
Entire address = NNNNNNNN.NNNNNNNN.NNNNNNNN.SSSSHHHH
Network (Internet) Number = N’s, Subnet Number = S’s, Host Number = H’s
Local Network Number = N’s and S’s
So, for the mask 255.255.255.240, the IP Network address that is routed across the Internet is in the first 3 octets (we were told it is a Class C address). In addition, the mask AND operation includes the first four bits in the last octet, so they can be anything from 0000 to 1111. The last 4 bits in the 4th octet are masked out by the zeros so the valid subnet numbers will always end in 0000 . Therefore the subnet number range is in the SSSS bits = 0000 (4th octet = 00000000) to 1111 (4th octet = 11110000) which counts as follows – 0, 16, 32, 48, . . . 240
Valid Subnets (S) addresses (using 16 as the interval) – the 4th octet value :
0000 (0) Subnet address = xxx.xxx.xxx.0
0001 (16) Subnet address = xxx.xxx.xxx.16
0010 (32) etc
0011 (48) etc
1111 (240) Subnet Address = xxx.xxx.xxx.240
Valid Hosts (H) addresses (the actual valid host bits are 1 to 14 no matter what), but the IP address of the host includes the subnet bits :
for subnet =0, hosts 1 – 14 (exclude 0 which is all zero’s and 15 which is all 1’s)
for subnet=16, hosts 17-30 (16 is all zero’s and 31 is all 1’s)
so for the valid hosts of 17-30, the subnet is 16 and therefore their IP addresses are:
x.x.x.17, x.x.x.18, etc, etc x.x.x.30
As a check, use subnet 16 with host 18 :
Host = xxx.xxx.xxx.00010010 (if IP address is given as 220.127.116.11, then this host address = 18.104.22.168 and the subnet is 22.214.171.124
IP Address 11000000.00111100.10000001.00010010
Subnet 11000000.00111100.10000001.00010000 (126.96.36.199)
If a subnet becomes full, you can add another subnet on the same data link – two subnets on one link is called secondary addresses. The router will have to have multiple addresses assigned to the same Interface attached to that segment. To configure this, you must add the word “secondary” to the IP Address command. example:
ip address 10.2.7.252 255.255.255.0 secondary
ip address 10.2.2.252 255.255.255.0
You can also have multiple subnets off of the same “subinterfaces” with Frame relay, using for example, s0.1, s0.2, etc. Subinterfaces always have a decimal point.