Anyone that works with computers should learn about subnetting and what it means. A subnet is a portion of a network that operates as a separate network. Logically, it exists separately from other networks even if hosts on those other networks share the same network ID. Typically, such networks are also physically separated by a router. This ensures the subnet is isolated and doesn't affect other subnets.
Subnetting is designed to make more efficient use of the IP address space. Thus, rather than having networks with hundreds, thousands, or millions of nodes, you have a subnet that is sized appropriately for the number of nodes that you use. This is important, especially for the crowded public IP address space where it doesn't make sense to assign the complete IP address range for a network to an individual organization. Thus, instead of getting a complete network address for the public Internet, your organization is more likely to get a block of consecutive IP addresses to use.
You use a 32-bit value known as a subnet mask to configure nodes in a subnet to communicate only with other nodes on the same subnet. The mask works by blocking areas outside the subnet so that they aren't visible from within the subnet. Because it is a 32-bit value, subnet masks can be expressed as an address for which each 8-bit value (octet) is written as four separate decimal values delimited by a period (dot). As with IP addresses, the basic form is w.x.y.z.
The subnet mask identifies which bits of the IP address belong to the network ID and which bits belong to the host ID. Nodes can see only the portions of the IP address space that aren't masked by a bit with a value of 1. If a bit is set to 1, it corresponds to a bit in the network ID that isn't accessible from within the subnet. If a bit is set to 0, it corresponds to a bit in the host ID that is accessible from within the subnet.
Because a subnet mask must be configured for each IP address, nodes on both classful and nonclassful networks have subnet masks. On a classful network, all the bits in the network ID portion of the IP address are set to 1 and can be presented in dotted decimal as shown in Table 24-3.
Table 24-3. Standard Subnet Masks for Classful Networks
Address Class | Bits for Subnet Mask | Subnet Mask |
|---|---|---|
Class A | 11111111 00000000 00000000 00000000 | 255.0.0.0 |
Class B | 11111111 11111111 00000000 00000000 | 255.255.0.0 |
Class C | 11111111 11111111 11111111 00000000 | 255.255.255.0 |
Inside Out: Blocks of IP addresses on the public Internet
For internal networks that use private IP addresses, you'll often be able to use the standard subnet masks. This isn't true, however, when you need public IP addresses. Most of the time, you'll be assigned a small block of public IP addresses to work with. For example, you might be assigned a block of eight (six usable) addresses. In this case, you must create a subnet that uses the subnet mask to isolate your nodes as appropriate for the number of nodes you've been assigned. I say there are six usable addresses out of eight because the lowest address is reserved as the network number and the highest address is reserved as the broadcast address for the network. This is always the case, as any good Cisco Certified Network Associate (CCNA) will tell you.
With subnetting, an IP address alone doesn't help you understand how the address can be used. To be sure, you must know the number of bits in the network ID. As discussed, the subnet mask provides one way to determine which bits in the IP address belong to the network ID and which bits belong to the host ID. If you have a block of IP addresses, writing out each IP address and the subnet mask is rather tedious. A shorthand way to do this is to use network prefix notation, which is also referred to as the Classless Inter-Domain Routing (CIDR) notation.
In network prefix notation, the network ID is seen as the prefix of an IP address, and the host ID as the suffix. To write a block of IP addresses and specify which bits are used for the network ID, you write the network number followed by a forward slash and the number of bits in the network ID, as in
NetworkNumber/# of bits in the network ID
The slash and the number of bits in the network ID are referred to as the network prefix. Following this, you could rewrite Table 24-3 as shown in Table 24-4.
Table 24-4. Standard Network Prefixes for Classful Networks
Address Class | Bits for Subnet Mask | Network Prefix |
|---|---|---|
Class A | 11111111 00000000 00000000 00000000 | /8 |
Class B | 11111111 11111111 00000000 00000000 | /16 |
Class C | 11111111 11111111 11111111 00000000 | /24 |
You now have two ways of detailing which bits are used for the network ID and which bits are used for the host ID. With the network number 192.168.1.0, you could use either of the following to specify that the first 24 bits identify the network ID:
192.168.1.0, 255.255.255.0
192.168.1.0/24
With either entry, you know that the first 24 bits identify the network ID and the last 8 bits identify the host ID. This in turn means the usable IP addresses are 192.168.1.1 through 192.168.1.254.
When you use subnetting, nodes no longer follow the class rules for determining which bits in the IP address are used for the network ID and which bits are used for the host ID. Instead, you set the 32 bits of the IP address as appropriate to be either network ID bits or host ID bits based on the number of subnets you need and then number nodes for each subnet. There is an inverse relationship between the number of subnets and the number of nodes per subnet that can be supported. As the number of subnets goes up by a factor of 2, the number of hosts per subnet goes down by a factor of 2.
Because Class A, B, and C networks have a different number of host ID bits to start with, borrowing bits from the host ID yields different numbers of subnets and hosts. The technique is the same, however. Each bit represented as a 1 in the subnet mask corresponds to a bit that belongs to the network ID. This means the value of each bit can be represented as shown in Figure 24-4.
You start with the high-order bits and work your way to the low-order bits. When you borrow 1 bit of the host ID, you raise the number of possible subnets by a factor of 2 and reduce the number of possible hosts by a factor of 2.
The network entry mask for a standard Class A network can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class A | 11111111 00000000 00000000 00000000 | /8 | 255.0.0.0 |
If you want to divide a Class A network into two separate subnets, you can borrow the high-order bit from the host ID in the second octet and add this bit to the network ID. Because the value of this bit taken from the host ID is 128, the corresponding subnet mask is 255.128.0.0. Thus, the network entry for the subnetted Class A network can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class A | 11111111 10000000 00000000 00000000 | /9 | 255.128.0.0 |
If you take an additional bit from the host ID bits, you allow the Class A network to be divided into up to four subnets. The value of this bit taken from the host ID is 64. When you add this value to the value of the previous bit taken from the host ID, the sum is 192 (128 + 64) and the corresponding subnet mask is 255.192.0.0. This means the network entry for a subnetted Class A network that can be divided into up to four subnets can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class A | 11111111 11000000 00000000 00000000 | /10 | 255.192.0.0 |
Table 24-5 shows how Class A networks can be subnetted and how this affects the number of possible subnets and hosts per subnet.
Table 24-5. Subnetting Class A Networks
Maximum Subnets | Bits for Subnet Mask | Network Prefix | Decimal | Maximum Nodes |
|---|---|---|---|---|
1 | 11111111 00000000 00000000 00000000 | /8 | 255.0.0.0 | 16,777,214 |
2 | 11111111 10000000 00000000 00000000 | /9 | 255.128.0.0 | 8,388,606 |
4 | 11111111 11000000 00000000 00000000 | /10 | 255.192.0.0 | 4,194,302 |
8 | 11111111 11100000 00000000 00000000 | /11 | 255.224.0.0 | 2,097,150 |
16 | 11111111 11110000 00000000 00000000 | /12 | 255.240.0.0 | 1,048,574 |
32 | 11111111 11111000 00000000 00000000 | /13 | 255.248.0.0 | 524,286 |
64 | 11111111 11111100 00000000 00000000 | /14 | 255.252.0.0 | 262,142 |
128 | 11111111 11111110 00000000 00000000 | /15 | 255.254.0.0 | 131,070 |
256 | 11111111 11111111 00000000 00000000 | /16 | 255.255.0.0 | 65,534 |
512 | 11111111 11111111 10000000 00000000 | /17 | 255.255.128.0 | 32,766 |
1,024 | 11111111 11111111 11000000 00000000 | /18 | 255.255.192.0 | 16,382 |
2,048 | 11111111 11111111 11100000 00000000 | /19 | 255.255.224.0 | 8,190 |
4,096 | 11111111 11111111 11110000 00000000 | /20 | 255.255.240.0 | 4,094 |
8,192 | 11111111 11111111 11111000 00000000 | /21 | 255.255.248.0 | 2,046 |
16,384 | 11111111 11111111 11111100 00000000 | /22 | 255.255.252.0 | 1,022 |
32,768 | 11111111 11111111 11111110 00000000 | /23 | 255.255.254.0 | 510 |
65,536 | 11111111 11111111 11111111 00000000 | /24 | 255.255.255.0 | 254 |
131,072 | 11111111 11111111 11111111 10000000 | /25 | 255.255.255.128 | 126 |
262,144 | 11111111 11111111 11111111 11000000 | /26 | 255.255.255.192 | 62 |
524,288 | 11111111 11111111 11111111 11100000 | /27 | 255.255.255.224 | 30 |
1,048,576 | 11111111 11111111 11111111 11110000 | /28 | 255.255.255 240 | 14 |
2,097,152 | 11111111 11111111 11111111 11111000 | /29 | 255.255.255 248 | 6 |
4,194,304 | 11111111 11111111 11111111 11111100 | /30 | 255.255.255252 | 2 |
The network entry mask for a standard Class B network can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class B | 11111111 11111111 00000000 00000000 | /16 | 255.255.0.0 |
A standard Class B network can have up to 65,534 hosts. If you want to divide a Class B network into two separate subnets, you can borrow the high-order bit from the host ID in the third octet and add this bit to the network ID. Because the value of this bit taken from the host ID is 128, the corresponding subnet mask is 255.255.128.0. Thus, the network entry for the subnetted Class B network can be defined as follows: If you take an additional bit from the host ID bits, you allow the Class B network to be divided into up to four subnets. The value of this bit taken from the host ID is 64. When you add this value to the value of the previous bit taken from the host ID, the sum is 192 (128 + 64) and the corresponding subnet mask is 255.255.192.0. This means the network entry for a subnetted Class B network that can be divided into up to four subnets can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class B | 11111111 11111111 10000000 00000000 | /17 | 255.255.128.0 |
If you take an additional bit from the host ID bits, you allow the Class C network to be divided into up to four subnets. The value of this bit taken from the host ID is 64. When you add this value to the value of the previous bit taken from the host ID, the sum is 192 (128 + 64) and the corresponding subnet mask is 255.255.255.192. This means the network entry for a subnetted Class C network that can be divided into up to four subnets can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class B | 11111111 11111111 11000000 00000000 | /18 | 255.255.192.0 |
Table 24-6 shows how Class B networks can be subnetted and how this affects the number of possible subnets and hosts per subnet.
Table 24-6. Subnetting Class B Networks
Maximum Subnets | Bits for Subnet Mask | Network Prefix | Decimal | Maximum Nodes |
|---|---|---|---|---|
1 | 11111111 11111111 00000000 00000000 | /16 | 255.255.0.0 | 65,534 |
2 | 11111111 11111111 10000000 00000000 | /17 | 255.255.128.0 | 32,766 |
4 | 11111111 11111111 11000000 00000000 | /18 | 255.255.192.0 | 16,382 |
8 | 11111111 11111111 11100000 00000000 | /19 | 255.255.224.0 | 8,190 |
16 | 11111111 11111111 11110000 00000000 | /20 | 255.255.240.0 | 4,094 |
32 | 11111111 11111111 11111000 00000000 | /21 | 255.255.248.0 | 2,046 |
64 | 11111111 11111111 11111100 00000000 | /22 | 255.255.252.0 | 1,022 |
128 | 11111111 11111111 11111110 00000000 | /23 | 255.255.254.0 | 510 |
256 | 11111111 11111111 11111111 00000000 | /24 | 255.255.255.0 | 254 |
512 | 11111111 11111111 11111111 10000000 | /25 | 255.255.255.128 | 126 |
1,024 | 11111111 11111111 11111111 11000000 | /26 | 255.255.255.192 | 62 |
2,048 | 11111111 11111111 11111111 11100000 | /27 | 255.255.255.224 | 30 |
4,096 | 11111111 11111111 11111111 11110000 | /28 | 255.255.255.240 | 14 |
8,192 | 11111111 11111111 11111111 11111000 | /29 | 255.255.255.248 | 6 |
16,384 | 11111111 11111111 11111111 11111100 | /30 | 255.255.255.252 | 2 |
The network entry mask for a standard Class C network can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class C | 11111111 11111111 11111111 00000000 | /24 | 255.255.255.0 |
A standard Class C network can have up to 254 hosts. If you want to divide a Class C network into two separate subnets, you can borrow the high-order bit from the host ID in the fourth octet and add this bit to the network ID. Because the value of this bit taken from the host ID is 128, the corresponding subnet mask is 255.255.255.128. Thus, the network entry for the subnetted Class C network can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class C | 11111111 11111111 11111111 10000000 | /25 | 255.255.255.128 |
If you take an additional bit from the host ID bits, you allow the Class C network to be divided into up to four subnets. The value of this bit taken from the host ID is 64. When you add this value to the value of the previous bit taken from the host ID, the sum is 192 (128 + 64) and the corresponding subnet mask is 255.255.255.192. This means the network entry for a subnetted Class C network that can be divided into up to four subnets can be defined as follows:
Address Class | Bits for Subnet Mask | Network Prefix | Decimal |
|---|---|---|---|
Class C | 11111111 11111111 11111111 11000000 | /26 | 255.255.255.192 |
Table 24-7 shows how Class C networks can be subnetted and how this affects the number of possible subnets and hosts per subnet.
Table 24-7. Subnetting Class C Networks
Maximum Subnets | Bits for Subnet Mask | Network Prefix | Decimal | Maximum Nodes |
|---|---|---|---|---|
1 | 11111111 11111111 11111111 00000000 | /24 | 255.255.255.0 | 254 |
2 | 11111111 11111111 11111111 10000000 | /25 | 255.255.255.128 | 126 |
4 | 11111111 11111111 11111111 11000000 | /26 | 255.255.255.192 | 62 |
8 | 11111111 11111111 11111111 11100000 | /27 | 255.255.255.224 | 30 |
16 | 11111111 11111111 11111111 11110000 | /28 | 255.255.255.240 | 14 |
32 | 11111111 11111111 11111111 11111000 | /29 | 255.255.255.248 | 6 |
64 | 11111111 11111111 11111111 11111100 | /30 | 255.255.255.252 | 2 |