IP Subnetting, Variable Subnetting, and CIDR (Supernetting)

Who is this for?

People who will be building networks. If you're a manager you can go to sleep now; if you know this stuff already, take a pizza break; if you want to actually build networks some day and are not already comfortable working out appropriate sizes of subnets, please come to the front of the lecture hall - I have a few copies of this lesson but not enough for everyone in the room.
Purpose of this lesson

Some day you may be responsible for designing a network that connects several locations together with routers. You'll have been given a certain number of IP addresses you can use, and you have to allocate them in chunks to each site without running out!

The reason we are going to learn subnetting is simple: there are not enough IP addresses free for you to give a whole Class C network to every site you manage. Some upstream providers charge you for each Class C you allocate. Others force you to justify your use of space in detail, showing that each network you allocated was fully populated.

Before we go into details, there are two things you might be able to use which will avoid the need to learn any of this stuff:
1. NAT - network address translation
  If it is available to you, NAT often lets you create any size of network you want, without worrying about how much IP space you have been officially allocated. I'm not going to explain what NAT is in detail, because it will be covered in someone else's lesson. In short, it's a way to map large numbers of IPs on to a single IP (or to take a large sparse range such as a Class B and map each address that is actually used on to a small number of Class C's). NAT is worth taking the time to learn, because it can save you a whole lot of effort!
2. Online tools to calculate subnets
  There are many web pages available that will calculate netmasks for given sizes of subnets. These are useful as long as you understand the basics of what you're trying to do. If you don't have 'the big picture', these tools won't help. You can listen to this lecture to get 'the big picture' without getting distracted by the details, then use one of the online tools when you need actual numbers.
IP address space in general - inference of Class A/B/C

Before we start - a quick and very basic recap on IP addressing in general.
Every machine on the net has an address. Addresses are 32 bits. These 32 bits are split into two parts - a network number followed by a host address. The 'host address' part is for a number of machines on one physical network - say a bunch of machines connected with a hub or on a single thin ether wire. The network number represents this group of hosts as a single unit, and routers need to know these network numbers to send data from one net to another.
Just where the network/host split is made is arbitrary. There's no real reason why 10.1.2.3 should be part of a class A network and 220.1.2.3 is part of a class C network - it just is. The address space was split up as shown below, and any addresses in these ranges are deemed to be in the appropriate Class. Why does this matter? Well, some software will ask for an IP address but NOT a netmask - and it will infer a netmask from the address. This is OK as long as you are staying within the class system, but if you are subnetting or supernetting, it can cause you a lot of trouble.

There's actually very little difference between a Class C network, and a Class B network with a 255.255.255.0 netmask applied. (The only time they're different is if the network address is of the form X.X.0.X or X.X.255.X)

Before you start designing your subnets, you should know what it is that you've been given. Here are three ways of finding out what class your allocation is in. Use whichever you find easiest.
- Class A addresses begin with 0xxx, or 1 to 126 decimal. (127 is loopback)
- Class B addresses begin with 10xx, or 128 to 191 decimal.
- Class C addresses begin with 110x, or 192 to 223 decimal.
- Class D addresses begin with 1110, or 224 to 239 decimal. (a.k.a multicast - you'll probably never see these)
- Class E addresses begin with 1111, or 240 to 254 decimal. (or these)
- If the first bit is 0 it is a Class A address
- If the first two bits are 10 it is a Class B address
- If the first three bits are 110 it is a Class C address
- If the first four bits are 1110 it is a Class D multicast address
- If the first four bits are 1111 it is a Class E experimental address
  
  First Byte Class Network Mask (explained later)
  
  1-126 "A" 255.0.0.0
  
  128-191 "B" 255.255.0.0
  
  192-223 "C" 255.255.255.0
In all the examples below we will assume we have been allocated a Class C network to work with: 192.168.1.0

192.168.1.0 is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet. So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up. It's amazing the number of people who create internal networks using real IP addresses chosen at random. If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else. If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses.

Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover. If you can do a Class C from first principles, you'll be able to do Class B's in your sleep. Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing.
What is Broadcast?

I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses 192.168.1.1, 192.168.1.2 etc), then a packet addressed to 192.168.1.255 will be sent to *every* station on that network. Later we'll discover that sending to 192.168.1.0 is sort of something similar. Or was once, anyway.

In a Class C, the host part set to 255 means broadcast. In a subnet, the subnet host part set to all ones means broadcast. Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only.
Don't I need to know how to do binary arithmetic?

Forgetaboutit. If you can't do binary math in your head, just use the data in these tables below. (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.)

Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded. Mask is 11110000

This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full.

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	0000xxxx	192.168.1.1 to 192.168.1.14	192.168.1.15 - UNUSABLE - NETMASK ALL 0000's
192.168.1.16	0001xxxx	192.168.1.17 to 192.168.1.30	192.168.1.31
192.168.1.32	0010xxxx	192.168.1.33 to 192.168.1.46	192.168.1.47
192.168.1.48	0011xxxx	192.168.1.49 to 192.168.1.62	192.168.1.63
192.168.1.64	0100xxxx	192.168.1.65 to 192.168.1.78	192.168.1.79
192.168.1.80	0101xxxx	192.168.1.81 to 192.168.1.94	192.168.1.95
192.168.1.96	0110xxxx	192.168.1.97 to 192.168.1.110	192.168.1.111
192.168.1.112	0111xxxx	192.168.1.113 to 192.168.1.126	192.168.1.127
192.168.1.128	1000xxxx	192.168.1.129 to 192.168.1.142	192.168.1.143
192.168.1.144	1001xxxx	192.168.1.145 to 192.168.1.158	192.168.1.159
192.168.1.160	1010xxxx	192.168.1.161 to 192.168.1.174	192.168.1.175
192.168.1.176	1011xxxx	192.168.1.177 to 192.168.1.190	192.168.1.191
192.168.1.192	1100xxxx	192.168.1.193 to 192.168.1.206	192.168.1.207
192.168.1.208	1101xxxx	192.168.1.209 to 192.168.1.222	192.168.1.223
192.168.1.224	1110xxxx	192.168.1.225 to 192.168.1.238	192.168.1.239
192.168.1.240	1111xxxx	192.168.1.241 to 192.168.1.254	192.168.1.255 - UNUSABLE - NETMASK ALL 1111's

0's/1's restriction on host part: let's take one subnet from the table above:

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.32	0010xxxx	192.168.1.33 to 192.168.1.46	192.168.1.47

Now, let's look at the individual hosts within that subnet:

Network part	Subnet . Host part	Host Address
192.168.1.32	0010.0000	UNUSABLE - HOST PART IS ALL 0's
192.168.1.33	0010.0001
192.168.1.34	0010.0010
192.168.1.35	0010.0011
192.168.1.36	0010.0100
192.168.1.37	0010.0101
192.168.1.38	0010.0110
192.168.1.39	0010.0111
192.168.1.40	0010.1000
192.168.1.41	0010.1001
192.168.1.42	0010.1010
192.168.1.43	0010.1011
192.168.1.44	0010.1100
192.168.1.45	0010.1101
192.168.1.46	0010.1110
192.168.1.47	0010.1111	UNUSABLE - HOST PART IS ALL 1's

Although you may be familiar with the all ones broadcast addresses (typically x.x.x.255 for a Class C network) you may not realise that at some time in the past x.x.x.0 was also used as a broadcast address. Although this seldom is done nowadays, for historical reasons we still obey this convention. (The last machine I owned that actually used the .0 address for broadcast was a Sun from the late 1980's)

Note what happens as the room for hosts gets smaller:

This is the host table for a /30:

Network part	Subnet . Host part	Host Address
192.168.1.32	001000.00	UNUSABLE - HOST PART IS ALL 0's
192.168.1.33	001001.01
192.168.1.34	001010.10
192.168.1.35	001011.11	UNUSABLE - HOST PART IS ALL 1's

A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26 is pretty bad, because 50% of the nets are unusable. a /28 is best because it lets you have (16 - 2) * (16 - 2) = 192 hosts.

This would be the host table if a /31, if it existed:

Network part	Subnet . Host part	Host Address
192.168.1.32	0010000.0	UNUSABLE - HOST PART IS ALL 0's
192.168.1.33	0010000.1	UNUSABLE - HOST PART IS ALL 1's

What's wrong with this picture??? Well, you can't have a /31. Here's why...

We can have subnets of /26,/27,/28,/29,/30 - BUT NOT /25 or /31!

This is a /30 (with sections removed for brevity):
Mask is 11111100

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	000000xx	192.168.1.1 to 192.168.1.2	192.168.1.3 - UNUSABLE - NETMASK ALL 000000's
192.168.1.4	000001xx	192.168.1.5 to 192.168.1.6	192.168.1.7
192.168.1.8	000010xx	192.168.1.9 to 192.168.1.10	192.168.1.11
192.168.1.12	000011xx	192.168.1.13 to 192.168.1.14	192.168.1.15
192.168.1.16	000100xx	192.168.1.17 to 192.168.1.18	192.168.1.19
192.168.1.20	000101xx	192.168.1.21 to 192.168.1.22	192.168.1.23
192.168.1.24 - 244	...	..............................	.............
192.168.1.248	111110xx	192.168.1.249 to 192.168.1.250	192.168.1.251
192.168.1.252	111111xx	192.168.1.253 to 192.168.1.254	192.168.1.255 - UNUSABLE - NETMASK ALL 111111's

So why not a /25????

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	0xxxxxxx	192.168.1.1 to 192.168.1.126	192.168.1.127 - UNUSABLE - NETMASK ALL 0's
192.168.1.128	1xxxxxxx	192.168.1.129 to 192.168.1.254	192.168.1.255 - UNUSABLE - NETMASK ALL 1's

When the netmask is only one bit, it can't help but being all zeroes or all ones.

And why not a /31?

Network part	Subnet.host	Host addresses	Broadcast Addresses (0's and 1's)
192.168.1.0	0000000x	192.168.1.0? to 192.168.1.1?	192.168.1.0 - UNUSABLE - NETMASK 000000's 192.168.1.1 - UNUSABLE - NETMASK 000000's
192.168.1.2	0000001x	192.168.1.2? to 192.168.1.3?	192.168.1.2 - UNUSABLE - Broadcast 0's 192.168.1.3 - UNUSABLE - Broadcast 1's
192.168.1.4 - 250	...	..............................	............. .............
192.168.1.252	1111110x	192.168.1.252 to 192.168.1.253	192.168.1.252 - UNUSABLE - Broadcast 0's 192.168.1.253 - UNUSABLE - Broadcast 1's
192.168.1.254	1111111x	192.168.1.254 to 192.168.1.255	192.168.1.254 UNUSABLE - NETMASK 111111's 192.168.1.255 UNUSABLE - NETMASK 111111's

Variable subnetting example 1 (insert /30 into /28 from above)

Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's. This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each.

Is there any way we can get back some of those addresses? Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries:

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	000000xx	192.168.1.1 to 192.168.1.2	192.168.1.3 - UNUSABLE - NETMASK ALL 000000's
192.168.1.4	000001xx	192.168.1.5 to 192.168.1.6	192.168.1.7
192.168.1.8	000010xx	192.168.1.9 to 192.168.1.10	192.168.1.11
192.168.1.12	000011xx	192.168.1.13 to 192.168.1.14	192.168.1.15
192.168.1.16 - 252	...	..............................	.............

Apart from the first one, these are all perfectly valid subnets, and if we were to configure machines using them, they will look just like normal addresses in a /30 subnet. We can do exactly the same thing for the 192.168.1.240-255 addresses.

These small subnets - they only have 2 IP addresses that are usable - are actually just what you need when you are setting up a point to point link between different subnets (in different locations). So by using the 'slop' at the end of the range, you can get your point to point links for free.

Variable subnetting example 2 (insert /28 from above into /26)

Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations.

The following table tells you how many workstations and how many offices you can have for each size of subnet mask:

Bit Split	Subnet Mask	Block Size	Max Useable Subnets (number of offices)	# C IPs/Subnet (number of workstations)
2/6	192 (/26)	64	2	62
3/5	224 (/27)	32	6	30
4/4	240 (/28)	16	14	14
5/3	248 (/29)	8	30	6
6/2	252 (/30)	4	62	2

You see, with one office of size 50, we're forced with a simple subnet scheme to use a /26 (2 bits subnet, 6 bits host). However, we have three offices, so this won't work.
With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28 (16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station office.

Well, the solution is simple: Treat it as a /26, allocate the large office, then extract from a table of /28's enough smaller subnets to fit in the one remaining /26 slot. Like this:

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	00xxxxxx	192.168.1.1 to 192.168.1.62	192.168.1.63 UNUSABLE - NETMASK ALL 00's
192.168.1.64	01xxxxxx	192.168.1.65 to 192.168.1.126	192.168.1.127 ALLOCATE THIS TO BE FURTHER SUBNETTED
192.168.1.128	10xxxxxx	192.168.1.129 to 192.168.1.190	192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE
192.168.1.192	11xxxxxx	192.168.1.193 to 192.168.1.254	192.168.1.255 UNUSABLE - NETMASK ALL 11's

(note: with a simple /26, you lose HALF of your potential IP addresses to the broadcast network addresses)

And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here:
192.168.1.63

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.64	0100xxxx	192.168.1.65 to 192.168.1.78	192.168.1.79
192.168.1.80	0101xxxx	192.168.1.81 to 192.168.1.94	192.168.1.95
192.168.1.96	0110xxxx	192.168.1.97 to 192.168.1.110	192.168.1.111
192.168.1.112	0111xxxx	192.168.1.113 to 192.168.1.126	192.168.1.127

Now we simply put the two tables together, and we have a variable subnet solution for our three offices. Plus some spares!

Network part	Subnet.host	Host addresses	Broadcast Address
192.168.1.0	00xxxxxx	192.168.1.1 to 192.168.1.62	192.168.1.63 UNUSABLE - NETMASK ALL 00's
192.168.1.64	0100xxxx	192.168.1.65 to 192.168.1.78	192.168.1.79 ALLOCATE THIS TO THE 10-PC OFFICE
192.168.1.80	0101xxxx	192.168.1.81 to 192.168.1.94	192.168.1.95 ALLOCATE THIS TO THE 9-PC OFFICE
192.168.1.96	0110xxxx	192.168.1.97 to 192.168.1.110	192.168.1.111 SPARE
192.168.1.112	0111xxxx	192.168.1.113 to 192.168.1.126	192.168.1.127 SPARE
192.168.1.128	10xxxxxx	192.168.1.129 to 192.168.1.190	192.168.1.191 ALLOCATE THIS ONE TO THE 50-STATION OFFICE
192.168.1.192	11xxxxxx	192.168.1.193 to 192.168.1.254	192.168.1.255 UNUSABLE - NETMASK ALL 11's

and don't forget the trick of grabbing the end IP's for the point to point networks to link these offices together.

Preference to finer resolution routes - don't need to fully enumerate

Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other. To route this properly you would issue 29 routing commands to one address and 1 to the other. This is wasteful of router table space. The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere. More specific routes take precedence in most routers. Occasionally you will find some brand of router which does require non-overlapping routes, and if this happens to you, just issue all 30 explicit commands.
"Supernetting", aka CIDR (Classless InterDomain Routing)

The world has a big problem with too many route table entries in the big backbone routers. To solve that problem, people realised they could aggregate network routing commands, eg a network 192.168.2.0/24 and a neighboring network 192.168.3.0/24 could be represented by merging them like this: 192.168.2.0/23

This would be fine, except we know the problems of subnetting and all-zeroes and all-ones masks. The same problems would start showing up here. The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more". There's even a command to tell the routers themselves that they should ignore the rules - "ip classless"
When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing.

That's really all you need to know about CIDR. It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down.
Calculators

Once you understand subnetting as described above, you'll probably be able to do it in your head. However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s.
Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet. The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark.
Final test :-)

You are a sys admin at a small ISP. You asked your upstream vendor for a /19 allocation (equivalent to 32 Class C networks). You were given the following: 167.114.209.0 through 167.114.240.0.

Will these do what you want?

(If we have time left, we'll work this example on paper)

References

Some of the info above was cribbed from:

   IP Address Subnetting Tutorial
    http://www.ralphb.net/IPSubnet/

   Daryl's TCP/IP Primer
    http://ipprimer.windsorcs.com/addressing.cfm
    http://ipprimer.windsorcs.com/bitbybit.cfm

   IP Subnet Calculations  (Check here for a quick refresher in binary arithmetic)
    http://www.swcp.com/~jgentry/topo/unit3.htm

   Subnet masking, definition and summary
    http://www.exabyte.net/lambert/subnet/subnet_masking_definition.htm
    http://www.exabyte.net/lambert/subnet/subnet_masking_summary.htm

   A reasonable subnet calculator that makes some attempt to warn about unusable subnets
    http://www.agt.net/public/sparkman/netcalc.htm

First Byte	Class	Network Mask (explained later)
1-126	"A"	255.0.0.0
128-191	"B"	255.255.0.0
192-223	"C"	255.255.255.0