Ok so subnetting, or the ability to subnet a network is actually fairly simple. However its a technique that seems to elude many networking students/admins when they first try to learn it.
I've had this explained to me many times over the years, by colleagues, engineers, trainers etc.. but my 'eureka' moment was in a hotel room in Wokingham, all alone, just looking at some example calculations and trying to figure out how the hell they fit together!
I'm going to assume a ground level understanding of IP addressing - if you don't have this already then really you're starting in the wrong place. Hopefully you'll be at least vaguely familar with the following:
192.168.0.1
255.255.255.0
Recognise that? Good.
What you have here is an IP address (a private one in this example) and a subnet mask. These are shown above in what is known as dotted decimal format. To really understand subnetting, you need to understand that this format can be translated into other formats - and in particular you need to understand how it can be translated into hexadecimal format. So lets look at what we've got:
192.168.0.1
You can see that there are four sections separated by dots (the clues is in the name..) Each of these sections is made up of eight 'bits' (if your lost now you need to go and read up on the basics really...). So in total this address has 32 bits (4 sections of 8 'bits' each). Each bit has its own value starting at 128, with the next bit being half the size of the previous bit value So the representation of one octet (8 bits) looks like this:
128 64 32 16 8 4 2 1
So each section (called an octet) has 8 bits as above. Each of these bits is either 'on' or 'off' (simple binary..)
So if we focus on just the first octet of our example:
We can see in decimal it is written 192. In hexadecimal you simply turn on the bits that equal 192:
128 64 32 16 8 4 2 1
ON ON OFF OFF OFF OFF OFF OFF
In binary:
1 1 0 0 0 0 0 0
So we've turned on 128 and 64 only and together they equal 192. Simple right?
Ok so now that we understand that we can look into the subnet mask. Now the mask is where a lot of people who have a bit of experience with IP addresses get lost. All IP addresses comprise of two parts - the first part being the network portion, and the second part being the host portion. All the subnet mask does is tells us which part is the network, and which part is the host.
So lets apply this to our example.
192.168.0.1
255.255.255.0
Lets translate the mask (255.255.255.0) into hexadecimal so we can see what we're doing.
128 64 32 16 8 4 2 1. 128 64 32 16 8 4 2 1. 128 64 32 16 8 4 2 1. 128 64 32 16 8 4 2 1.
ON ON ON ON ON ON ON ON. ON ON ON ON ON ON ON ON. ON ON ON ON ON ON ON ON. OFF OFF OFF OFF OFF OFF OFF OFF
and binary:
1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1. 0 0 0 0 0 0 0 0
Ok thats the subnet mask. So you can see that of the 32 total bits - in this example 24 of them are turned 'on', and 8 of them are turned 'off'. The ones that are turned on shows us the network portion, and the ones that are turned off shows us the host part. Simple!
You'll often see subnet masks represented like this:
192.168.0.1/24
So all that means is that the mask uses the first 24 bits as per our example above for the network (leaving 8 free for the hosts). So if you saw a /27 mask - that just means its using the first 27 bits for the network portion, leaving 5 bits for the host and so on. Making sense?
Ok - hopefully this will have made sense and you get what the addresses are showing us. But in order to subnet a network we need to use this information in specific ways. If you don't understand the concept of subnetting or why we do it - I'd suggest some further reading theres tons of websites dedicated to it. I'll try and summarise briefly...
Sticking with our example we know that the network portion is the first 24 bits and the host portion is the final 8. If we add up the values of all the bits available for hosts it would give us 255 hosts on this network. So we could have 255 PC's all connected and chatting away (its actually 254 but we'll worry about that later...) However we might not want to do that - thats a lot of broadcast chatter to deal with, but more importantly we might have 30 guys in sales that don't want the 30 guys in accounts to be able to access their computers. So we separate sections off into (da da!) SUBNETS of the network. What we're essentially doing (in this scenario) is giving some of those 255 hosts to sales, and some to accounts - but they'll be seperated off from each other. We do this by changing the mask to alter which portion of the address is used for network and which part for hosts.
I'll give a quick example of what I mean and then I'll list some different ways of determining what you need.
So we need 2 networks of 30 hosts each. Lets start with the hosts. For each bit that is used - we apply it to a calculation - 2 to the power of - 'the number of bits used' minus 2. This tells us how many hosts we can get on the network.
The best way to explain this is to show the maths. If we make a little table we can see the progression for the power of 2
:
So for each bit used you can see how many hosts it gives you. Remember the end of the calculation is minus 2 so the actual number of hosts is 0, 2, 6, 14, 30, 62 etc...
In this case we know both sales and accounts need 30 hosts each. If we look at the chart 2^5 gives us 32 -2 = 30 hosts. Perfect! Since its 5 bits used we know that we need to apply a mask that uses 5 bits for the host portion. So if theres 32 bits in total in a subnet mask, and 5 are being used for the host ports, that leaves 27 bits being used for the network. So using the translations we've learned we can see that /27 is:
192.168.0.1
255.255.255.224
The way we use this information to actually give us our subnets is as follows:
We know that our mask is /27 and that equals 32 on our little 'to the power of 2' table above. This number represents the number by which you have to jump up in order to find the next network.
So our first network is 192.168.0.0
Our second network is 192.168.0.32
Third - 192.168.0.64
... 192.168.0.96 and so on,,,,
So they are the available networks - and to work out the available hosts you simply ignore the first address because its the network address (i.e. all the ones just listed above) and ignore the address that is the previous one before the next network.
So if the networks are 192.168.0.32 and 192.168.0.64 the broadcast addresses are 192.168.0.31 ans 192.681.0.63 respectively. You can't use these because these are the addresses that the network uses for broadcasts and so they are unavailable to be allocated to hosts,
So to break down and make it clear your hosts ranges for each network in this example are:
NETWORK HOSTS
192.168.0.0 192.168.0.1 - 192.168.0.30 (.31 is broadcast) - We could allocate this subnetwork to SALES as it has 30 hosts
192.168.0.32 192.168.0.33 - 192.168.0.62 (.63 is broadcast) - We could allocate this subnetwork to ACCOUNTS as it has 30 hosts
192.168.0.64 192.168.0.65 - 192.168.0.94
192.168.0.96 192.168.0.7 - 192.168.0.126
192.168.0.128.......
.....
And thats it. Hopefully that makes sense - I think most people need to read/hear this explained by several people in various ways before it really drills home and clicks but I hope this helps you on your way. If you need to do some calculations or are wondering how various things are figured out I've listed below some general questions and how you go about figuring them out!
GOOD LUCK!!
This chart is pretty useful for reference:
TO WORK OUT NUMBER OF NETWORKS FROM MASK
Its 2 to the power of - the number of bits used to create the MASK.
Example a CIDR of /22 = x.x.252.0 = uses 6 bits to create the mask.
2 to the power of 6 =
2
4
8
16
32
64 = 64 networks
TO WORK OUT NUMBER OF HOSTS PER SUBNET
The number of bits NOT used in the mask to the power of 2, minus 2.
So same example - 6 bits used FOR the mask = 2 remaining (but REMEMBER the 8 bits from the final octet in this example!!) so + 8 = 10 bits
2 to the power of 10 =
2
4
8
16
32
64
128
256
512
1024 = 1024 - minus 2 = 1022 hosts per subnet.
WHAT IS THE BROADCAST ADDRESS OF THE NETWORK 172.17.91.0/27?
27 = 3 bits used. 3rd bit = 32.
Networks are 172.17.21.0, 172.17.91.32, ...64 etc..
Therefore broadcast address of the .0 network is .31
Answer: 172.17.91.31
WHICH SUBNET DOES THE HOST 172.22.249.185 255.255.255.224 BELONG TO?
224 = 3 bits used.
3rd bit is 32
Networks are 32, 64, 96, 128, 160, 192 etc..
There for the host 172.22.249.185 fits into the subnetwork 172.22.249.160 - 172.22.249.191
Answer: 172.22.249.160
WHAT IS THE FIRST VALID HOST ON THE SUBNET THAT THE NODE 172.26.65.154/23 BELONGS TO?
23 = 7 bits used (from the third octet not the 4th...)
7th bit is 2 so networks go 2,4,6,8,10 etc.. but IN THE THIRD OCTET NOT THE 4TH!!
so we get the networks:
172.26.0.0
172.26.2.0
172.26.4.0
172.26.6.0
172.26.8.0
172.26.10.0
this goes on until we reach the network 172.26.64.0 with hosts from .64.1 - 65.254 (broadcast .255)
Answer: 172.26.64.1
IF APPLYING A CLASS C MASK TO A CLASS B NETWORK IT WILL ONLY AFFECT THE LAST OCTET.
WHAT VALID HOST RANGE IS THE NODE 192.168.148.55/27 A PART OF?
/27 = x.x.x.224 and uses 3 bits for the mask. 3rd bit is 32
Networks are 0,32,64,96,128 etc..
192.168.148.55 fits into the .32 network.
Answer: 192.168.148.33 through to 192.168.148.62
You are designing a subnet mask for the 172.30.0.0 network. You want 70 subnets with up to 400 hosts on each subnet. What subnet mask should you use?
Ok you need 400 hosts. If we use the 2 to the power of rule it goes:
2
4
8
16
32
64
128
256
512 - so this is 2 to the power of 9 and is the first one to support 400 hosts.
If 9 bits are used for hosts this means 15 bits is used for the network, and /15 = x.x.254.x as the mask.
9 bits for the hosts has used 1 bit from the third octet - leaving us with 7 bits for the network. 2 to the power of 7 is 128 which gives us enough hosts per subnet to cover the 70 required hence we know this mask will work.
Answer: 255.255.254.0