[Techtalk] sub/super-netting

Pierre Fortin pfortin at pfortin.com
Fri May 3 00:17:54 EST 2002 

On Fri, 3 May 2002 13:10:14 +1000 Malcolm Tredinnick
<malcolm at commsecure.com.au> wrote:

> I'd really like to trim this mail, since it's getting a bit long, but I
> can't see how remove much without losing the flow. So apologies to those
> who hate long quoted messages. I suck. :-(

Ditto...  :^)  I replied to this thread too; but I just noticed that the
reply was off-list; so here's what I said in case it helps with your "hand
waving"...  :^)

Pierre


Begin forwarded message:

Date: Thu, 2 May 2002 12:52:28 -0400
From: Pierre Fortin <pfortin at pfortin.com>
To: kansas_kennedy at phreaker.net
Subject: Re: [Techtalk] sub/super-netting


On Thu, 2 May 2002 18:12:53 -0400 kansas_kennedy
<kansas_kennedy at phreaker.net> wrote:

> On Wednesday 01 May 2002 02:27 am, you wrote:
> > On Wed, May 01, 2002 at 11:42:34AM +0600, kansas_kennedy at phreaker.net
> > wrote:
> > > My questions are on the area of subnet masking and super netting.
> > >
> > > If say, I have an address 203.191.0.0/8. From here I can tell that
> > > this class C address has been fitted into a large network where 203
> > > is the network and 191.0.0 to 254.255.255 can be assigned as host to
> > > the network 203.
> >
> > That's not exactly correct. The '/8' portion of the address says that
> > the top eight bits of the IP address specify the network address. So
> > 203.191.0.0/8 is part of the network spanning 203.0.0.0 to
> > 203.255.255.255.
> 
> Well, yes. But if I want to make this 203.191.0.0 a /24 network then
> it'd fall in the Class C category and the network spanning would be from
> 
> 203.191.0.0 to 203.191.0.255. While the broadcast address is
> 203.191.0.255. Am I right?

Yes.

> > In the example you mentioned, the network address is 203.0.0.0, the
> > broadcast address is 203.255.255.255, all other addresses are
> > available for hosts. So the number is 256 * 256 * 256 - 2 = 16777214
> > hosts.
> 
> Why are you making it 256 and subtracting it from 2? So according to
> this formula a address like 203.127.137.0/24 would have a maximum of
> 256-2 host & a network 203.127.137.0/16 has a maximum of (256*256 - 2)
> hosts. Is this correct?

Yes.  When the "host" portion of the address (the right-hand part not
covered by the mask) is:
0...0: old style broadcast
1...1: new style broadcast
For this reason, a /31 mask would result in 2-2 = 0 hosts

/32 is special in that it means the address specifies a specific host.

> > > Also, 172.16.26.32 has a mask of 255.255.255.254 can also be written
> > > as/27. I can't seem to find the correlation.
> 
> > This isn't correct. An IP that is written 172.16.26.32/27 would be on
> > a network with a netmask of 255.255.255.224 (not 254). You can work
> > this out by writing out the binary number 11111111 11111111 11111111
> > 11100000(which I have split up into groups of eight). This the number
> > with the top 27 bits set to one (unless I have made a typo).
> 
> Thanks a load. So, if I have a 172.16.26.32/18 would be like 
> 11111111.11111111.11000000.00000000. Am I correct? That is, if you have
> /27 then you would take 27 ON bits (1s) and the read would be OFF bits
> (0s). 

Yes.  Originally, it was possible to specify non-contiguous mask bits
(like 255.63.7.64); but that created tons of grief and was deprecated in
favor of contiguous bits which also allowed simpler /N specifications.

> > Then, converting each group of eight bits to decimal, we get three
> > 255's and a 224.
> 
> how can you convert 11100000 to decimal? Any easy rule-of-thumb other
> than using the calculator of course?

Each bit is a power of 2...  the bit values are 128,64,32,16,8,4,2,1; so
in your example:  128+64+32=224
 
> > Continuing this on a bit: Since 32 is 00100000 in binary and we know
> > that the top 27 bits are the network address in this example, we can
> > see that on this network:
> >
> > 	172.16.26.32 == network address.
> > 	172.16.26.63 == broadcast address (all host bits set to 1).
> > 	172.16.26.33 -> 172.16.26.62 == host machine addresses.
> 
> How did you get this? Would you mind explaning a little bit more? Sorry,
> I couldn't understand the trick. :-(

Focusing on the last octet...  with /27, there are 3 mask bits in the last
octet.  This allows for values of 000 to 111 (0 to 7) multiplied by the
lowest value bit in that set (32):

Using your .32, we get:

   0   0   1   x   x   x   x   x 
 128  64  32  16   8   4   2   1

Next, the remaining 5 bits (less the 00000 and 11111 addresses) leave us
00001 thru 11110 (1-30)...

Adding these to the net number:

    32 + ( 1 thru 30 ) = 33 thru 62

> > The trick here is to see that you can only fiddle with the bottom five
> > bits of the last octet when you are assigning addresses on the
> > 172.16.26.32/27 network. So the network address is when those bits are
> > all zero, the broadcast address is when they are all 1's and the
> > intervening addresses are the host addresses.
> >
> > > Again, a broadcast address has 255 in the host part of the address.
> >
> 
> > Without wanting to seem overly pedantic, this may not be true if, for
> > example, your switch is set up to reject broadcast messages. However
> > in a "pure setup" it is true (although I can't right now find the RFC
> > that says this).
> 
> Then what is the core your of a broadcast address? I mean what kind of 
> packets are being sent to the broadcast address and/ or what's its sole 
> purpose of existence?

There are several types of "broadcasts"...

MAC (Media Access Control): off topic here

IP "wire" broadcast:  255.255.255.255 -- can only appear on the *local*
subnet.  It is forwarded by switches (aka bridges) through the local
"broadcast domain"; but not by routers which forward traffic between
[sub]nets.  All hosts would read in this broadcast packet and act on it...
 At the risk of starting a denial of service, you can send one packet and
get responses from most (depends on other hosts' services) neighbouring
hosts. i.e., "ping -b 255.255.255.255"  Fortunately, this address is not
routed, otherwise it would go to every host on the Internet...

IP subnet broadcast:  using the mask, when an address is all-ones in the
host part (172.16.26.63 in your /27 example above), the packet is
broadcast to every host in that subnet.  Due to previous attacks, many
routers do not forward broadcast packets onto a destination subnet.  Since
only the router(s) connected to the subnet know for sure that 172.16.26.63
is a broadcast vs host address (known from the mask=/27), this packet will
find its way through the 'net; but its potential damage is limited.

> Having the fun of Interactive Learning :-)
> 
> Thanks.

Pierre

More information about the Techtalk mailing list