SUBNETTING

Outline –Unit II
IP Subnetting
Subnets & Subnet Masks,
Network Prefix Notation
Default Subnets
IP Block Addresses
Private/Public IP Addresses
Network Address Translation
(NAT)
IPv6

Network Layer
IP Subnetting
 Subnetting is a technique
that lets network
administrators use the 32
bits available in an IP
address more efficiently by
creating networks that aren't
limited to the scales
provided by Class A, B, and
C IP addresses.
 With subnetting, you can
create networks with more
realistic host limits.
 Subnetting provides a more
flexible way to designate
which portion of an IP
address represents the
network ID and which
portion represents the host
ID.
 With standard IP address
classes, only three possible
network ID sizes exist: 8 bits
for Class A, 16 bits for Class
B, and 24 bits for Class C.
Network Layer
IP Subnetting…
 Subnetting lets you select an
arbitrary number of bits to
use for the network ID.
 Two reasons compel people
to use subnetting.
• The first is to allocate the
limited IP address space more
efficiently.
 If the Internet were limited
to Class A, B, or C
addresses, every network
would be allocated 254, 64
thousand, or 16 million IP
addresses for host devices.
 Although many networks
with more than 254 devices
exist, few (if any) exist with
64 thousand, let alone 16
million.
 Unfortunately, any network
with more than 254 devices
would need a Class B
allocation and probably
waste tens of thousands of IP
addresses.
Network Layer
IP Subnetting…
• The second reason for
subnetting is that even if a
single organization has
thousands of network devices,
operating all those devices
with the same network ID
would slow the network to a
crawl.
 The way TCP/IP works
dictates that all the
computers with the same
network ID must be on the
same physical network.
 The physical network
comprises a single broadcast
domain, which means that a
single network medium must
carry all the traffic for the
network.
 For performance reasons,
networks are usually
segmented into broadcast
domains that are smaller than
even Class C addresses
provide
Network Layer
Subnets and Subnet Masks
 A subnet is a network that
falls within a Class A, B, or
C network.
 Subnets are created by
using one or more of the
Class A, B, or C host bits to
extend the network ID.
 Thus, instead of the
standard 8-, 16-, or 24-bit
network ID, subnets can
have network IDs of any
length.
 For subnetting to work, the
router must be told which
portion of the host ID
should be used for the
subnet network ID.
 This is accomplished by
using another 32-bit
number, known as a subnet
mask.
 Those IP address bits that
represent the network ID
are represented by a 1 in
the mask, and those bits
that represent the host ID
appear as a 0 in the mask.
Network Layer
Subnets and Subnet Masks…
 As a result, a subnet mask
always has a consecutive
string of ones on the left,
followed by a string of
zeros
 For example, the network
ID consists of the 16-bit
network ID plus an
additional 4-bit subnet ID,
would look like this:
11111111 11111111 11110000 00000000
 In other words, the first 20
bits are ones, and the
remaining 12 bits are zeros.
 Thus, the complete network
ID is 20 bits in length, and
the actual host ID portion
of the subnetted address is
12 bits in length.
Network Layer
Subnets and Subnet Masks…
 To determine the network
ID of an IP address, the
router must have both the
IP address and the subnet
mask.
 The router then performs a
bitwise operation called a
logical AND on the IP
address in order to extract
the network ID.
 To perform a logical AND,
each bit in the IP address is
compared with the
corresponding bit in the
subnet mask.
 If both bits are 1, the
resulting bit in the network
ID is set to 1.
 If either of the bits is 0, the
resulting bit is set to 0.
Network Layer
Subnets and Subnet Masks…
 For example, here's how the network address is extracted
from an IP address using the 20-bit subnet mask from the
previous example:

144 . 28 . 16 . 17
IP address: 10010000 00011100 00010000 00010001
Subnet mask: 11111111 11111111 11110000 00000000
Network ID: 10010000 00011100 00010000 00000000
144 . 28 . 16 . 0

 Thus, the network ID for this subnet is 144.28.16.0.

Network Layer
Subnets and Subnet Masks…
 The subnet mask itself is usually represented in dotted-
decimal notation. As a result, the 20-bit subnet mask used
in the previous example would be represented as
255.255.240.0:

Subnet mask: 11111111 11111111 11110000 00000000

255 . 255 . 240 . 0
 Don't confuse a subnet mask with an IP address.
• A subnet mask doesn't represent any device or network on the
Internet.
• It's just a way of indicating which portion of an IP address should
be used to determine the network ID. (You can spot a subnet mask
right away because the first octet is always 255, and 255 is not a
valid first octet for any class of IP address.)

Network Layer
Network Prefix Notation
 Because a subnet mask  The network prefix is
always begins with a indicated with a slash
consecutive sequence of immediately after the IP
ones to indicate which address, followed by the
bits to use for the number of network ID
network ID, you can use bits to use.
a shorthand notation - a  For example, the IP
network prefix - to address 144.28.16.17
indicate how many bits with the subnet mask
of an IP address 255.255.240.0 can be
represent the network represented as
ID. 144.28.16.17/20 because
the subnet mask
255.255.240.0 has 20
network ID bits.
Network Layer
Network Prefix Notation…
 Network Prefix notation
is also called Classless
InterDomain Routing
notation (CIDR, for
short) because it
provides a way of
indicating which portion
of an address is the
network ID and which is
the host ID without
relying on standard
address classes.

Network Layer
Note
In IPv4 addressing, a block of
addresses can be defined as
x.y.z.t /n
in which x.y.z.t defines one of the addresses and
the /n defines the mask.

Network Layer
Default Subnets
 The default subnet masks are three subnet masks
that correspond to the standard Class A, B, and C
address assignments. These default masks are
summarized in Table-2.

Table-2 The Default Subnet Masks

Network Layer
Default Subnets…
 Keep in mind that a subnet mask is not actually
required to use one of these defaults because the
IP address class can be determined by examining
the first three bits of the IP address.

 If the first bit is 0, the address is Class A, and the

subnet mask 255.0.0.0 is applied. If the first two
bits are 10, the address is Class B, and 255.255.0.0
is used. If the first three bits are 110, the Class C
default mask 255.255.255.0 is used

Network Layer
Restrictions on Subnets and Masks
 You should know about a few additional
restrictions that are placed on subnets and subnet
masks. In particular:
• The minimum number of network ID bits is eight. As a
result, the first octet of a subnet mask is always 255.
• Because the network ID portion of a subnet mask is
always composed of consecutive bits set to 1, only
eight values are possible for each octet of a subnet
mask: 0, 128, 192, 224, 248, 252, 254, and 255.

Network Layer
Restrictions on Subnets and Masks…
• The maximum number of network ID bits is 30.
Why?
• You have to leave at least two bits for the host ID
portion of the address to allow for at least two hosts.
If you use all 32 bits for the network ID, that leaves
no bits for the host ID. Obviously, that won't work.
Leaving just one bit for the host ID won't work,
either, because a host ID of all ones is reserved for a
broadcast address, and all zeros refers to the
network itself.
• Thus, if you use 31 bits for the network ID and leave
only 1 for the host ID, host ID 1 would be used for
the broadcast address, and host ID 0 would be the
network itself, leaving no room for actual hosts.
That's why the maximum network ID size is 30 bits.

Network Layer
Restrictions on Subnets and Masks…
• A subnet address can't be all zeros or all ones.

• Thus, the number of unique subnet addresses is two

raised to the number of subnet address bits minus
two For example, with three subnet address bits, six
unique subnet addresses are possible (2^3 - 2 = 6).

• This implies that you must have at least two subnet

bits. (If a single-bit subnet mask were allowed, it
would violate the "can't be all zeros or all ones" rule
because the only two allowed values would be 0 or 1.)

Network Layer
IP Block Addresses

 A subnet can be thought of as a range or block of

IP addresses that have a common network ID. For
example, the CIDR 192.168.1.0/28 represents the
following block of 14 IP addresses:

192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4

192.168.1.5 192.168.1.6 192.168.1.7 192.168.1.8
192.168.1.9 192.168.1.10 192.168.1.11 192.168.1.12
192.168.1.13 192.168.1.14

Network Layer
IP Block Addresses…

 Given an IP address in CIDR notation, it's useful

to be able to determine the range of actual IP
addresses that the CIDR represents.
 This matter is straightforward when the octet
within which the network ID mask ends happens
to be 0, as in the preceding example. You just
determine how many host IDs are allowed based
on the size of the network ID and count them off.
 However, what if the octet where the network ID
mask ends is not 0? For example, what are the
valid IP addresses for 192.168.1.100 when the
subnet mask is 255.255.255.240?
Network Layer
IP Block Addresses…

 In that case, the calculation is a little harder. The

first step is to determine the actual network ID.
 You can do that by converting both the IP address
and the subnet mask to binary and then extracting
the network ID as in this example:
192 . 168 . 1 . 100
IP address: 11000000 10101000 00000001 01100100
Subnet mask: 11111111 11111111 11111111 11110000
Network ID: 11000000 10101000 00000001 01100000
192 . 168 . 1 . 96

 As a result, the network ID is 192.168.1.96.

Network Layer
IP Block Addresses…

 Next, determine the number of allowable hosts in

the subnet based on the network prefix. You can
calculate this by subtracting the last octet of the
subnet mask from 254. In this case, the number of
allowable hosts is 14.
 To determine the first IP address in the block, add
1 to the network ID. Thus, the first IP address in
this example is 192.168.1.97.

Network Layer
Note

The first address in the block can be found by setting

the rightmost
32 − n bits to 0s.

Network Layer
 Example 6

A block of addresses is granted to a small organization. We

know that one of the addresses is 205.16.37.39/28. What is
the first address in the block?

Network Layer
Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32−28 rightmost bits to 0, we get
11001101 00010000 00100101 00100000
or
205.16.37.32.

Network Layer
IP Block Addresses…

 To determine the last IP address in the block, add

the number of hosts to the network ID. In this
example, the last IP address is 192.168.1.110.

 As a result, the 192.168.1.100 with subnet mask

255.255.255.240 designates the following block of
IP addresses:
192.168.1.97 192.168.1.98 192.168.1.99 192.168.1.100
192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104
192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108
192.168.1.109 192.168.1.110

Network Layer
Note

The last address in the block can be found by

setting the rightmost
32 − n bits to 1s.

Network Layer
 Example 7

Find the last address for the block in Example 6.

Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32 − 28 rightmost bits to 1, we get
11001101 00010000 00100101 00101111
or
205.16.37.47

Network Layer
Note

The number of addresses in the block can be

found by using the formula
32−n
2 -2

Network Layer
 Example 8

Find the number of addresses in Example 6.

Solution
The value of n is 28, which means that number
of addresses is 2 32−28 or 16.

Network Layer
 Example 9

Another way to find the first address, the last address, and
the number of addresses is to represent the mask as a 32-
bit binary (or 8-digit hexadecimal) number. This is
particularly useful when we are writing a program to find
these pieces of information. In Example 6 the /28 can be
represented as
11111111 11111111 11111111 11110000
(twenty-eight 1s and four 0s).

Find
a. The first address
b. The last address
c. The number of addresses.
Network Layer
 Example 9 (continued)

Solution
a. The first address can be found by ANDing the given
addresses with the mask. ANDing here is done bit by
bit. The result of ANDing 2 bits is 1 if both bits are 1s;
the result is 0 otherwise.

Network Layer
 Example 9 (continued)

b. The last address can be found by ORing the given

addresses with the complement of the mask. ORing
here is done bit by bit. The result of ORing 2 bits is 0 if
both bits are 0s; the result is 1 otherwise. The
complement of a number is found by changing each 1
to 0 and each 0 to 1.

Network Layer
 Example 9 (continued)

c. The number of addresses can be found by

complementing the mask, interpreting it as a decimal
number, and adding 1 to it.

Network Layer
Figure 4 A network configuration for the block 205.16.37.32/28

Network Layer
Note

The first address in a block is

normally not assigned to any device;
it is used as the network address that represents the
organization
to the rest of the world.

Network Layer
Figure 6 A frame in a character-oriented protocol

Network Layer
Note
Each address in the block can be considered as a two-level
hierarchical structure:
the leftmost n bits (prefix) define
the network;
the rightmost 32 − n bits define
the host.

Network Layer
Figure 7 Configuration and addresses in a subnetted network

Network Layer
Figure 8 Three-level hierarchy in an IPv4 address

Network Layer
 Example 10

An ISP is granted a block of addresses starting with

190.100.0.0/16 (65,536 addresses). The ISP needs to
distribute these addresses to three groups of customers as
follows:
a. The first group has 64 customers; each needs 256
addresses.
b. The second group has 128 customers; each needs 128
addresses.
c. The third group has 128 customers; each needs 64
addresses.
Design the subblocks and find out how many addresses are
still available after these allocations.
Network Layer
 Example 10 (continued)

Solution
Figure 9 shows the situation.
Group 1
For this group, each customer needs 256 addresses. This
means that 8 (log2 256) bits are needed to define each
host. The prefix length is then 32 − 8 = 24. The addresses
are

Network Layer
 Example 10 (continued)

Group 2
For this group, each customer needs 128 addresses. This
means that 7 (log2 128) bits are needed to define each
host. The prefix length is then 32 − 7 = 25. The addresses
are

Network Layer
 Example 10 (continued)

Group 3
For this group, each customer needs 64 addresses. This
means that 6 (log264) bits are needed to each host. The
prefix length is then 32 − 6 = 26. The addresses are

Number of granted addresses to the ISP: 65,536

Number of allocated addresses by the ISP: 40,960
Number of available addresses: 24,576
Network Layer
Figure 9 An example of address allocation and distribution by an ISP

Network Layer
Private and Public Addresses

 Any host with a direct connection to the Internet

must have a globally unique IP address.
 However, not all hosts are connected directly to
the Internet.
• Some are on networks that aren't connected to the
Internet.
• Some hosts are hidden behind firewalls, so their
Internet connection is indirect.
 Several blocks of IP addresses are set aside just
for this purpose, for use on private networks
that are not connected to the Internet or to use
on networks that are hidden behind a firewall.
Network Layer
Private and Public Addresses…

 Three such ranges of addresses exist, summarized

in Table-3. Whenever you create a private TCP/IP
network, you should use IP addresses from one of
these ranges:

Table-3 Private Address Spaces

CIDR Subnet Mask Address Range
10.0.0.0/8 255.0.0.0 10.0.0.1-10.255.255.254
172.16.0.0/12 255.255.240.0 172.16.1.1-172.31.255.254
192.168.0.0/16 255.255.0.0 192.168.0.1-192.168.255.254

Network Layer
Table 6 Addresses for private networks

Network Layer
Network Address Translation (NAT)

 Many firewalls use a technique called network

address translation (NAT) to hide the actual IP
address of a host from the outside world.
 When that's the case, the NAT device must use a
globally unique IP to represent the host to the
Internet.
 Behind the firewall, though, the host can use any
IP address it wants.
 When packets cross the firewall, the NAT device
translates the private IP address to the public IP
address and vice versa

Network Layer
Network Address Translation (NAT)…

 One of the benefits of NAT is that it helps to slow

down the rate at which the IP address space is
assigned.
 That's because a NAT device can use a single
public IP address for more than one host. It does
so by keeping track of outgoing packets so that it
can match incoming packets with the correct host.

Network Layer
Network Address Translation (NAT)…
 To understand how this works, consider the
following sequence of steps:
1. A host whose private address is 192.168.1.100 sends a
request to 216.239.57.99, which happens to be
www.google.com. The NAT device changes the source
IP address of the packet to 208.23.110.22, the IP
address of the firewall. That way, Google will send its
reply back to the firewall router. The NAT records that
192.168.1.100 sent a request to 216.239.57.99.

2. Now another host, at address 192.168.1.107, sends a

request to 207.46.134.190, which happens to be
www.microsoft.com. The NAT device changes the
source of this request to 208.23.110.22 so that
Microsoft will reply to the firewall router. The NAT
records that 192.168.1.107 sent a request to
207.46.134.190.
Network Layer
Network Address Translation (NAT)…

 Cont…
3. A few seconds later, the firewall receives a reply from
216.239.57.99. The destination address in the reply is
208.23.110.22, the address of the firewall. To
determine to whom to forward the reply, the firewall
checks its records to see who is waiting for a reply from
216.239.57.99. It discovers that 192.168.1.100 is
waiting for that reply, so it changes the destination
address to 192.168.1.100 and sends the packet on.
 Actually, the process is a little more complicated than that,
because it's very likely that two or more users may have
pending requests from the same public IP. In that case, the
NAT device uses other techniques to figure out to which
user each incoming packet should be delivered.

Network Layer
Figure 10 A NAT implementation

Network Layer
Figure 11 Addresses in a NAT

Network Layer
Figure 12 NAT address translation

Network Layer
Table 4 Five-column translation table

Network Layer
An ISP and NAT

Network Layer
IPv6 ADDRESSES

Despite all short-term solutions, address depletion is

still a long-term problem for the Internet. This and
other problems in the IP protocol itself have been the
motivation for IPv6.

Topics discussed in this section:

Structure
Address Space

Network Layer
Note

An IPv6 address is 128 bits long.

Network Layer
IPv6 address in binary and hexadecimal
colon notation

Network Layer
Figure 19.15 Abbreviated IPv6 addresses

Network Layer
 Example 11

Expand the address 0:15::1:12:1213 to its original.

Solution
We first need to align the left side of the double colon to the
left of the original pattern and the right side of the double
colon to the right of the original pattern to find how many
0s we need to replace the double colon.

This means that the original address is.

Network Layer
Table 5 Type prefixes for IPv6 addresses

Network Layer
Table 5 Type prefixes for IPv6 addresses (continued)

Network Layer
Prefixes for provider-based unicast address

Network Layer
Figure 17 Multicast address in IPv6

Network Layer
Figure 18 Reserved addresses in IPv6

Network Layer
Figure 19 Local addresses in IPv6

Network Layer
IPv6 Notes continues……