[Techtalk] sub/super-netting
Pierre Fortin
pfortin at pfortin.com
Fri May 3 00:17:54 EST 2002
On Fri, 3 May 2002 13:10:14 +1000 Malcolm Tredinnick
<malcolm at commsecure.com.au> wrote:
> I'd really like to trim this mail, since it's getting a bit long, but I
> can't see how remove much without losing the flow. So apologies to those
> who hate long quoted messages. I suck. :-(
Ditto... :^) I replied to this thread too; but I just noticed that the
reply was off-list; so here's what I said in case it helps with your "hand
waving"... :^)
Pierre
Begin forwarded message:
Date: Thu, 2 May 2002 12:52:28 -0400
From: Pierre Fortin <pfortin at pfortin.com>
To: kansas_kennedy at phreaker.net
Subject: Re: [Techtalk] sub/super-netting
On Thu, 2 May 2002 18:12:53 -0400 kansas_kennedy
<kansas_kennedy at phreaker.net> wrote:
> On Wednesday 01 May 2002 02:27 am, you wrote:
> > On Wed, May 01, 2002 at 11:42:34AM +0600, kansas_kennedy at phreaker.net
> > wrote:
> > > My questions are on the area of subnet masking and super netting.
> > >
> > > If say, I have an address 203.191.0.0/8. From here I can tell that
> > > this class C address has been fitted into a large network where 203
> > > is the network and 191.0.0 to 254.255.255 can be assigned as host to
> > > the network 203.
> >
> > That's not exactly correct. The '/8' portion of the address says that
> > the top eight bits of the IP address specify the network address. So
> > 203.191.0.0/8 is part of the network spanning 203.0.0.0 to
> > 203.255.255.255.
>
> Well, yes. But if I want to make this 203.191.0.0 a /24 network then
> it'd fall in the Class C category and the network spanning would be from
>
> 203.191.0.0 to 203.191.0.255. While the broadcast address is
> 203.191.0.255. Am I right?
Yes.
> > In the example you mentioned, the network address is 203.0.0.0, the
> > broadcast address is 203.255.255.255, all other addresses are
> > available for hosts. So the number is 256 * 256 * 256 - 2 = 16777214
> > hosts.
>
> Why are you making it 256 and subtracting it from 2? So according to
> this formula a address like 203.127.137.0/24 would have a maximum of
> 256-2 host & a network 203.127.137.0/16 has a maximum of (256*256 - 2)
> hosts. Is this correct?
Yes. When the "host" portion of the address (the right-hand part not
covered by the mask) is:
0...0: old style broadcast
1...1: new style broadcast
For this reason, a /31 mask would result in 2-2 = 0 hosts
/32 is special in that it means the address specifies a specific host.
> > > Also, 172.16.26.32 has a mask of 255.255.255.254 can also be written
> > > as/27. I can't seem to find the correlation.
>
> > This isn't correct. An IP that is written 172.16.26.32/27 would be on
> > a network with a netmask of 255.255.255.224 (not 254). You can work
> > this out by writing out the binary number 11111111 11111111 11111111
> > 11100000(which I have split up into groups of eight). This the number
> > with the top 27 bits set to one (unless I have made a typo).
>
> Thanks a load. So, if I have a 172.16.26.32/18 would be like
> 11111111.11111111.11000000.00000000. Am I correct? That is, if you have
> /27 then you would take 27 ON bits (1s) and the read would be OFF bits
> (0s).
Yes. Originally, it was possible to specify non-contiguous mask bits
(like 255.63.7.64); but that created tons of grief and was deprecated in
favor of contiguous bits which also allowed simpler /N specifications.
> > Then, converting each group of eight bits to decimal, we get three
> > 255's and a 224.
>
> how can you convert 11100000 to decimal? Any easy rule-of-thumb other
> than using the calculator of course?
Each bit is a power of 2... the bit values are 128,64,32,16,8,4,2,1; so
in your example: 128+64+32=224
> > Continuing this on a bit: Since 32 is 00100000 in binary and we know
> > that the top 27 bits are the network address in this example, we can
> > see that on this network:
> >
> > 172.16.26.32 == network address.
> > 172.16.26.63 == broadcast address (all host bits set to 1).
> > 172.16.26.33 -> 172.16.26.62 == host machine addresses.
>
> How did you get this? Would you mind explaning a little bit more? Sorry,
> I couldn't understand the trick. :-(
Focusing on the last octet... with /27, there are 3 mask bits in the last
octet. This allows for values of 000 to 111 (0 to 7) multiplied by the
lowest value bit in that set (32):
Using your .32, we get:
0 0 1 x x x x x
128 64 32 16 8 4 2 1
Next, the remaining 5 bits (less the 00000 and 11111 addresses) leave us
00001 thru 11110 (1-30)...
Adding these to the net number:
32 + ( 1 thru 30 ) = 33 thru 62
> > The trick here is to see that you can only fiddle with the bottom five
> > bits of the last octet when you are assigning addresses on the
> > 172.16.26.32/27 network. So the network address is when those bits are
> > all zero, the broadcast address is when they are all 1's and the
> > intervening addresses are the host addresses.
> >
> > > Again, a broadcast address has 255 in the host part of the address.
> >
>
> > Without wanting to seem overly pedantic, this may not be true if, for
> > example, your switch is set up to reject broadcast messages. However
> > in a "pure setup" it is true (although I can't right now find the RFC
> > that says this).
>
> Then what is the core your of a broadcast address? I mean what kind of
> packets are being sent to the broadcast address and/ or what's its sole
> purpose of existence?
There are several types of "broadcasts"...
MAC (Media Access Control): off topic here
IP "wire" broadcast: 255.255.255.255 -- can only appear on the *local*
subnet. It is forwarded by switches (aka bridges) through the local
"broadcast domain"; but not by routers which forward traffic between
[sub]nets. All hosts would read in this broadcast packet and act on it...
At the risk of starting a denial of service, you can send one packet and
get responses from most (depends on other hosts' services) neighbouring
hosts. i.e., "ping -b 255.255.255.255" Fortunately, this address is not
routed, otherwise it would go to every host on the Internet...
IP subnet broadcast: using the mask, when an address is all-ones in the
host part (172.16.26.63 in your /27 example above), the packet is
broadcast to every host in that subnet. Due to previous attacks, many
routers do not forward broadcast packets onto a destination subnet. Since
only the router(s) connected to the subnet know for sure that 172.16.26.63
is a broadcast vs host address (known from the mask=/27), this packet will
find its way through the 'net; but its potential damage is limited.
> Having the fun of Interactive Learning :-)
>
> Thanks.
Pierre
More information about the Techtalk
mailing list