Introduction to Subnetting

Subnetting, as this process is more commonly called, is a remarkably logical and mathematical process. Understanding the mathematics of subnetting helps you develop and implement efficient subnetting schemes that make better use of available address spaces. That is the explicit goal of subnetting: to use an address space more efficiently. Unfortunately, subnetting is the most confusing and least-understood aspect of IPv4 . This is largely due to the fact that it makes sense only when viewed in binary numbers, yet most people think in terms of decimal numbers. For that reason alone I rely extensively on the use of binary-to-decimal translations to demonstrate the concept and applications of subnetting throughout this chapter.

Some of the specific topics we'll examine include

• The rationale for developing a third tier of addressing

• The logic and mathematics that form the basis of a subnet

• The subnet mask that is used to specifically identify which bits of the IP address are used for network and subnetwork identification

• The concept of an extended network prefix

Examining these topics prepares you for a more thorough investigation of fixed-length subnetting. In the last half of this chapter you will see how subnetting works in different-sized networks and with different-sized subnets.

The Need for a Third Tier of Addressing

In essence, subnetting offers a third tier within the IP addressing hierarchy. The need for a third tier of addressing became apparent fairly early on in the Internet's development. The Internet's two-level hierarchy assumed that each site connected to the Internet would contain only a single network. Therefore, each site would contain only a single local-area network (LAN) that could be satisfied by a single block of IP addresses (characterized by multiple contiguous host addresses within a single network address). Consequently, only a single connection to the Internet would suffice for interconnectivity needs.

By 1985, this was no longer a safe assumption. Although most organizations connected to the Internet could continue to operate with just one connection to the Internet, few organizations had just one LAN. The dawn of the client/server era was at hand, and a two-level address hierarchy was suddenly obsolete. Organizations suddenly began experiencing the effects of reaching either the technological or scalability limits of their technology platforms.

In other words, some networks needed to be broken into subcomponents to improve performance. This was particularly true of early, shared Ethernet LANs. Other organizations found themselves with different LAN technologies within the same location. That's not uncommon when budgets are distributed and each group in the organization makes its own purchasing decisions. Other organizations might have found themselves simply trying to span too great a distance with their LAN.

Thus, several motivating forces pointed in the same direction: An enhancement to the IP address architecture was neededspecifically, a third, local, hierarchical tier of addressing.

To better appreciate why this is the case, consider Figure 3-1.

In Figure 3-1, you can see that the router in Location B hosts two different LANs. Each network must have its own network address; otherwise, other networks won't be able to communicate with devices connected to it. This holds true for the two networks at the same location. They are connected to different interfaces on the same router, and the router is responsible for governing and/or facilitating communications between them. Depending on how that router is configured, it has several main responsibilities. Without getting into a dissertation on the mechanics and functions of routing protocols, suffice it to say that the router is responsible for the following:

• Advertising the presence of the two networks directly connected to it

• Forwarding outbound traffic

• Enabling communications between its two directly-connected networks

• Forwarding inbound traffic to the appropriate network

Implicit in these responsibilities is the assumption that the router has a means of discriminating between the two local networks. In other words, they must each have their own network address. In the Classical IP environment, each of these networks would have required its own address space. So, if you assume that each LAN consisted of just 40 total devices, two Class C networks would have been required. That translates into the assignment of 512 IP addresses when just 100 would have sufficed, with a bit of room to spare. That's a remarkable waste of addresses. It doesn't take a tremendous amount of imagination to envision how such waste could rapidly deplete a finite supply of addresses. Clearly, a better approach was required.

In theory, both networks could easily share a single Class C network address and still have a lot of room for growth, if only there were a way to split up a network address locally. This is where subnetting comes in.

Each network at a location requires its own network address in order to internetwork, but that network address (which is really just a subnetwork address) needs to be unique only locally. So, if you assigned a single Class C network, such as network 192.168.9.0, to this location, the entire Internet would use the address 192.168.9 to communicate with machines at this location, regardless of which LAN they were on. That address192.168.9is the network address. It remains the basis of reaching all the subnetworks within this network. Addresses from 192.168.9.1 through 192.168.9.128 could be assigned to the Ethernet LAN shown in Figure 3-1, and 192.168.9.129 through 192.168.9.255 could be assigned to the Token Ring LAN. However, that puts the onus on the router at that location to determine which interface to use in forwarding inbound packets. How the router does this requires a closer look at the mathematics of subnetting.

The Concept of Subnetting

The problem described in the preceding section demonstrates why a third tier of addressing is necessary. What the example didn't provide is an explanation of how to develop that tier. Subnetting was first explored and defined in a series of loosely-related RFCs numbered 917, 940, and 950. These RFCs called for the creation of a third, logical, but local tier of addressing to be created from the existing address architecture. Recall from Chapter 2 that IP addresses are 32 bits in length and consist of two componentsa network address and a host address. The network address cannot be touched, because it is used globally for routing to and from the network it identifies. That leaves the host address as the only viable means of developing a third tier of addressing.

Per RFC 950, the host address may be carved up to create a subnetwork address. Thus, the three tiers of addressing are

• Network address

• Subnet address

• Host address

Your ability to subnet depends directly on the number of bits allocated between a network and host address. That's because the subnet address is carved from the host address. The more host bits an IP address has, the more subnets that can be created. However, there is an inverse correlation between the number of subnets that are created and the number of hosts that can be supported in each subnet. In effect, you borrow bits from the host address to create the subnet address. Logically, the more bits you borrow from the host field to create subnets, the fewer bits that remain for the identification of hosts. Of course, not all IP address spaces were created equal. The Class A address space offers more than 16 million host addresses. Borrowing bits from a field of that size wouldn't appreciably reduce the available pool of addresses. In fact, subnetting a Class A address space would have the tremendous benefit of making more efficient use of the available pool of addresses. Subnetting a Class C network address spacewith just 256 total available host addressesmakes you quickly aware of the finite nature of those addresses. We'll delve into more examples of subnetting later in this chapter. The next significant concept to acknowledge is that it is crucial to have a means of tracking how many bits are borrowed. IP addresses that are subnetted look exactly like IP addresses that aren't subnetted, so another mechanism is required to keep track of subnet sizes. This mechanism is called the subnet mask. Subnet masks are statically defined on each endpoint device (such as a printer or desktop computer) connected to the network. The concept of a mask can be difficult to grasp. Many people gain a working appreciation of how to make networked devices function without really understanding masks. We'll look at subnet masks in much more detail in the following section.

The Subnet Mask

A subnet mask is a 32-bit binary number that can be expressed in either dotted-decimal or dotted-binary form. In this regard, a subnet mask is structurally similar to an IP address. However, there are some important distinctions. For example, a mask is not routable, nor does it have to be unique. However, a subnet mask does serve an important function: It is used to tell end systems (including routers and hosts in the LAN) how many bits of the IP address's host field have been borrowed to identify the subnet. The bits in the mask that identify the network address, as well as the subnet address, are set to 1s. The remaining bits, which are used for host addresses within each subnet, are set to 0s.

One potentially confusing point about masks is that they can be used to identify a network, a subnetwork, or both. A network mask identifies just the bits used to identify a network address. A subnet mask identifies all the bits used for network and subnetwork identification. This leads us to the concept of the extended network prefix, which we'll examine in the next section.

Extended Network Prefix

It is important to note that the borrowed bits are always the leftmost bits in the host field. Thus, the subnet address is numerically contiguous with the network address. Together, they form the extended network prefix. The remaining bits are used for host identification.

To better demonstrate this concept of an extended network prefix, consider the contents of Table 3-1, which shows the dotted-binary and dotted-decimal equivalents of network (not subnet) masks for the various classes of IP addresses. Note that the masks in this table are just network masks.

Because the masks in Table 3-1 are network masks, not subnetwork masks, only those bits that are used to identify the network address are set to 1s. Thus, a network mask lets you see that, in the old Class A network address space, exactly 8 bits are used to identify the network and 24 are used for host identification. Similarly, the Class C network space features 24 bits for network identification, but only 8 for host identification.

Designing a Subnet

The next step is to take a basic network mask and add a subnet field to create the extended network prefix. Table 3-2 shows the dotted-decimal and dotted-binary forms of subnet masks that are permissible when you subnet a Class C address. The borrowed bits are indicated in bold.

You can better appreciate the concept of an extended network prefix by comparing the dotted-decimal notations in Table 3-2 to the entry for a Class C network in Table 3-1. The next thing to notice is the dotted-decimal notation for each dotted-binary string. Recalling the principles of converting binary to decimal from Chapter 2, it should be much easier to understand those strange strings of numbers called subnet masks. A mask of 255.255.255.192 means that only 2 bits have been borrowed from the host field to create the subnet field. These 2 bits (in this specific context) carry the decimal equivalents of 128 and 64, which add up to 192. A mask of 255.255.255.192, when applied to a Class C network address, yields exactly four subnets of equal size. Each subnet has exactly 64 mathematically possible host addresses. If you multiply 4 x 64, you get 256, which is the total number of IP addresses contained in Class C.

This leads to the inevitably confusing notion that the larger the decimal number in the mask, the smaller the number of hosts available in the defined subnet. This is caused by that inverse relationship I mentioned earlier: The more bits you allocate for subnet identification, the fewer bits that are left for host identification. Thus, the number of bits used for subnetting determines both how many subnets are mathematically possible and how many hosts can be defined within each of those subnets. Later in this chapter, we will explore this trade-off in much more detail. Before we do that, you need to understand some other minor details. These include the rules for forming subnets.

Subnetting Rules

Having seen how useful subnetting can be, it is important to understand that FLSMs are severely limited in that they all must be the same size. RFC 950 stipulates that a network address space could be (an important caveat that we'll explore later) split up locally into subnets. However, the Internet Engineering Task Force (IETF) knew that any mechanism developed had to be readily backward-compatible, should not impose a punishing load on routers, and yet should still offer enough benefit to warrant broad acceptance.

One Size Must Fit All

In the world of fixed-length subnets, one size truly must fit all. Under the rules of FLSM, a network can be subdivided into only equal-sized subnetworks. I don't think many people would believe, even for a second, that LANs are so homogenous that they are all the exact same size. Instead, they come in all different shapes, sizes, and technologies. The practical implication of this criterion is that the mask selected must accommodate the largest of the LANs being addressed out of an FLSM address block. Thus, those subnets all had to be the same sizehence the term fixed-length subnet masks.

Ostensibly, this was originally a simplifying assumption. Routers were still fairly immature by today's standards, and every effort was made to reduce their workload. Sticking to just one size of subnet helped reduce the CPU and memory intensity of supporting subnets, which meant that those resources remained as unencumbered as possible so that they could be applied to routing and packet forwarding.

The more immediate impact of this policy was that much space was wasted. Seldom, if ever, can all subnetting needs be solved with the same size mask. So, designing a subnetting scheme became either a matter of picking a mask arbitrarily or surveying the subnetworks and selecting a mask that accommodated the largest of them. With the benefit of hindsight, it becomes evident that FLSM was inefficient and wasted a significant number of addresses. However, you must temper that realization with the fact that FLSM was a tremendous improvement over the previous method of operation.

All 0s and All 1s

Conventional thinking today holds that Classical IP rules reserved "all 0s" and "all 1s" in an IP address for establishing the network's identity and broadcasting within a network, respectively. However, if you read RFC 950, you'll see that its authors went out of their way to ensure backward compatibility for subnetting, and this extended to support for the technical shorthand in use at the time.

That shorthand called for using 0 to mean "this" and all 1s to mean "all." That might not seem very useful, but consider how it would have helped in specific situations. For example, the term 0.0.0.37 translates into "just host 37 on this network." Translating the first three octets depended completely on your location. This is a very useful tool. It is still used to develop rule sets for routers and firewalls.

The "all-1s" address was equally useful. Rather than specifically enumerating all hosts on a network, you could use this convention as follows: The address 128.9.255.255 means "all hosts on network 128.9." Again, this is a remarkably useful shorthand that is still in use today.

Unfortunately, preserving this shorthand also had a direct and costly impact on subnetting. In the immortal words of J. Mogul and Jon Postel in RFC 950:

It is useful to preserve and extend the interpretation of these special addresses in subnetted networks. This means the values of all zeros and all ones in the subnet field should not be assigned to actual (physical) subnets.

This statement has significant implications for fixed-length subnetting. In Table 3-2, you might have noticed that even though 8 bits are available in the host field, a maximum of 6 bits and a minimum of 2 bits can be borrowed. The reason for these limitations is mathematical. If you limit yourself to just two digits, counting in binary is as follows: 00, 01, 10, 11. That's it. That's the entire universe of numerically possible combinations and, consequently, numerically possible addresses. If you adhere to Mogul and Postel's admonition, only two of the four numerically possible subnets with a 2-bit mask are usable. In the simplest of terms, you've wasted half your available number of subnets just for the sake of maintaining tradition and not muddling nomenclature.

NOTE

Times have changed, and subnets previously reserved from use can now be used. In fact, given how close some portions of the IPv4 address space came to depletion, it was inevitable that some changes be made. One of these was support for Subnet 0. Subnet 0 is aptly named: It is the first subnet created from a network, and it bears a subnet address of all 0s. Although introducing support for Subnet 0 affords some relief from the inefficiencies of fixed-length subnet masking, it is far from a panacea. This is still very much a gray area, and it can still generate disagreement even among networking professionals. A large part of the reason for this disagreement is caused by the consensus-driven nature of the IETF's RFC process.

The RFCs contain suggestive guidelines that are embraced because they make sense. They are not edicts carved in stone and handed down from on high. Thus, they can beand areinterpreted differently by different parties. Consequently, the way subnetting logic is implemented on network hardware varies from vendor to vendor. In some cases, such disparities are introduced intentionally as a means of differentiating one's products from the competition. Subnet 0 is certainly not an exception. Before attempting to use Subnet 0 in your network environment, research the issue thoroughly with your hardware vendor (such as Cisco Systems) and make certain you understand all the implications.

A slightly more subtle implication of this example is that a 2-bit mask is the absolute minimum size. If you drop to a 1-bit mask, your range of mathematically feasible addresses becomes just 0 and 1. Both are reserved values, so a mask of 255.255.255.254 yields no usable subnets.

This logic also works when applied to the maximum number of bits that can be allocated to a subnet address. Allocating 6 bits to the subnet address results in just four host addresses within that subnet. The 00 address would be used to identify that subnet, and the 11 address is reserved for broadcasts within that subnet. Thus, a subnet of 6 bits in a Class C-sized network would yield only two usable host addresses. In other words, with a mask of that size (255.255.255.252), you would get lots (2⁶) of tiny subnets. Increasing the size of the mask would result in unusable subnets. Thus, the largest permissible mask is 255.255.255.252.

The mathematically inverse correlation between the number of fixed-length subnets and hosts per subnet is the key to understanding the concept of subnetting. Why this mathematical correlation is so critical is explored throughout the remainder of this chapter.