[Techtalk] sub/super-netting

[Malcolm Tredinnick]

I'd really like to trim this mail, since it's getting a bit long, but I
can't see how remove much without losing the flow. So apologies to those
who hate long quoted messages. I suck. :-(

On Thu, May 02, 2002 at 06:12:53PM -0400, kansas_kennedy wrote:
> On Wednesday 01 May 2002 02:27 am, you wrote:
> > On Wed, May 01, 2002 at 11:42:34AM +0600, kansas_kennedy at phreaker.net wrote:
> > > If say, I have an address 203.191.0.0/8. From here I can tell that this
> > > class C address has been fitted into a large network where 203 is the
> > > network and 191.0.0 to 254.255.255 can be assigned as host to the network
> > > 203.
> >
> > That's not exactly correct. The '/8' portion of the address says that
> > the top eight bits of the IP address specify the network address. So
> > 203.191.0.0/8 is part of the network spanning 203.0.0.0 to
> > 203.255.255.255.
> 
> Well, yes. But if I want to make this 203.191.0.0 a /24 network then it'd 
> fall in the Class C category and the network spanning would be from 
> 203.191.0.0 to 203.191.0.255. While the broadcast address is 203.191.0.255. 
> Am I right?

That is correct.

> > In the example you mentioned, the network address is 203.0.0.0, the
> > broadcast address is 203.255.255.255, all other addresses are available
> > for hosts. So the number is 256 * 256 * 256 - 2 = 16777214 hosts.
> 
> Why are you making it 256 and subtracting it from 2? So according to this 
> formula a address like 203.127.137.0/24 would have a maximum of 256-2 host & 
> a network 203.127.137.0/16 has a maximum of (256*256 - 2) hosts. Is this 
> correct?

For each octect, there are 256 possible choice (0 - 255 inclusive). So
if the bottom three octets are available for host addresses, then there
are potentially 256 * 256 * 256 choices. The '-2' part is because you
need to remove the network address and the broadcast address.

Your other two examples are correct.

> > > Also, 172.16.26.32 has a mask of 255.255.255.254 can also be written as
> > > /27. I can't seem to find the correlation.
> 
> > This isn't correct. An IP that is written 172.16.26.32/27 would be on a
> > network with a netmask of 255.255.255.224 (not 254). You can work this
> > out by writing out the binary number 11111111 11111111 11111111 11100000
> > (which I have split up into groups of eight). This the number with the
> > top 27 bits set to one (unless I have made a typo).
> 
> Thanks a load. So, if I have a 172.16.26.32/18 would be like 
> 11111111.11111111.11000000.00000000. Am I correct?

That is the netmask, yes.

> That is, if you have /27 then you would take 27 ON bits (1s) and the
> read would be OFF bits (0s). 

I don't quite understand this sentence, but from what you say above, I
think you have understood what I was trying to say.

> > Then, converting each group of eight bits to decimal, we get three 255's
> > and a 224.
> 
> how can you convert 11100000 to decimal? Any easy rule-of-thumb other than 
> using the calculator of course?

Well, I just did it in my head -- but I am a lunatic and I also have to
deal with networks a lot. :-) After a bit of practice, you just learn to
recognise the numbers that are common in netmasks:

10000000 = 128
11000000 = 192
11100000 = 224
11110000 = 240
11111000 = 248
11111100 = 252
11111110 = 254

There is a little program called IPCalc for Palm Pilots that allows you
to enter the network address and netmask and it tells you the broadcast
address, host adresses, etc.

I started writing a similar thing for some people at work last year that
would run on a desktop machine, but I was otherwise distracted shortly
afterwards. This is not a hard thing, particularly if you are just using
a text interface, since it's just a little bit of bit twiddling. Maybe
this mail will prompt me to finish it off, in which case I'll post the
link when it's done.

> > that the top 27 bits are the network address in this example, we can see
> > that on this network:
> >
> > 	172.16.26.32 == network address.
> > 	172.16.26.63 == broadcast address (all host bits set to 1).
> > 	172.16.26.33 -> 172.16.26.62 == host machine addresses.
> 
> How did you get this? Would you mind explaning a little bit more? Sorry, I 
> couldn't understand the trick. :-(
> 
> > The trick here is to see that you can only fiddle with the bottom five
> > bits of the last octet when you are assigning addresses on the
> > 172.16.26.32/27 network. So the network address is when those bits are
> > all zero, the broadcast address is when they are all 1's and the
> > intervening addresses are the host addresses.
> >
> > > Again, a broadcast address has 255 in the host part of the address.

OK, let me try and explain this another way (the last two questions
together):

Let's say we are on the 172.16.26.32/27 network again. So every single
machine on this network will have an IP address that starts with
172.16.15.(00100000) (where I have written the last octect in binary).

Since the network address is '/27', the top 27 bits are fixed and we
distinguish each host by assigning each of them a unique number in the
bottom five bits of the address. So, for example, one machine might have
the bottom five bits set to 00110 (just to make something up). So it's
complete address would be 172.16.15.38; the last octect is computed by
knowing that it is 001 00110 in binary (where I have put a space between
the bits fixed by the netmask and the host bits).

Still on this particular /27 network, there are two special addresses.
One if the network adress: this is where all of the host bits are 0, so
in this case it is 172.16.26.32. The other special address if the
broadcast address, which is where all of the host bits are 1:
172.16.26.63. Note that this last octet is not 255, even though it is a
broadcast address. That is because the network address "uses up" the
first three bits of the last number (they are still fixed at 001 in
binary).

Any address on this network that is between 172.16.26.33 and
172.16.26.62 inclusive has some, but not all, of the bottom five bits
set to one, so they are host addresses.

Hopefully this makes my above little table a bit clearer. If not,
somebody else on this list is going to have to have a go at explaining
it, because I can't think of another way without using a whiteboard and
some hand waving.

> > Without wanting to seem overly pedantic, this may not be true if, for
> > example, your switch is set up to reject broadcast messages. However in
> > a "pure setup" it is true (although I can't right now find the RFC that
> > says this).
> 
> Then what is the core your of a broadcast address? I mean what kind of 
> packets are being sent to the broadcast address and/ or what's its sole 
> purpose of existence?

I can't find the exact RFC that talks about netmasks and subnets, etc
and I would like to because I suspect it mentions some possibilities for
this address.

The only reasons for having a broadcast address that I can come up with
(and I just polled a couple of colleagues, also) are that sometimes
doing a 'ping -b' to the broadcast address can tell you quickly which
machines on the network are responding (useful on a small remote network
where you are wondering which machines survived the reboot). Also, if
your machine is trying to automount remote filesystems or use a NIS or
NIS+ setup over a local network, it will sometimes use the broadcast
address to find out who is offering what services.

I can't think of any other practical uses, but I am sure I have
forgotten something obvious. Maybe somebody else on the list has some
ideas.

Malcolm

--