[Techtalk] Networking tangent: subnets and netmasks [LONG]

Maria Blackmore mariab at cats.meow.at
Wed Apr 16 23:26:39 EST 2003 

On Wed, 16 Apr 2003, Michelle Murrain wrote:

> Reading Mary's query (which I have not a clue how to help) reminded 
> me that I there is one major piece of TCP/IP that I just don't 
> *grok*, although I can muddle through it if I need to: how to talk 
> about subnets in that 10.0.0.224/29 nomenclature - how that 
> corresponds to a block of IP addresses, and how that connects to the 
> netmask and broadcast addresses.

This is really rather cool, actually, very useful too for reasons of
address space conservation, and efficiency.

This email is very very long, in fact it's something of an epic, but it
has useful stuff at the end if you want to scroll down. :)

> Example. Lets say (I'm also going to use the 10.0.0.0 examples) I own 
> a block of IP addresses from 10.0.0.32 through 10.0.0.63. That's 32 
> addresses. Now the Network ID (what does that mean?) is .32,

I call it the network number, it's the IP address that refers to the
entire block of IP addresses together

> and the broadcast is .63 (this is what I am told.)

This is the address you send something to if it has to go to everything in
that block of IP addresses

> My netmask, which I've also been told, is 255.255.255.224

yes, it's 32 addresses, it's 10.0.0.32/27 .. which i'll explain below,
you've been given the correct netblock

> So can someone translate how to describe this? It's a 10.0.0.32/what?

10.0.0.32/27 :)
 
> Is the broadcast address always that last address?

yes

> And why can't you ever use the .32 and .63 addresses for anything?

You can only use them in very particular circumstances, so for the time
being, assume that is "never".  The reason you can't use them is because
they explicitly imply everything in the block of IP addresses, or
netblock.

> And why is it a 255.255.255.224 netmask (why is this 224 and not 223,
> which is 255-32?)

lots of questions, right, let's get started.

What we're talking about here is called VLSM, Variable Length Subnet
Masking, and it goes hand in hand with CIDR, Classless Interdomain
Routing.

IP addresses always come in two parts, the first part refers to the
network and is always on the LEFT, the second part refers to the host and
is always on the RIGHT.  At this point if i was teaching a class i'd go
into a little history about classes and why this is called classless, but
for now i'll leave that as an exercise for the reader.

let's take an example:

192.168.0.1 with a subnet mask of 255.255.255.0

In this case, 192.168.0 refers to the network, and the 1 refers to the
host on that network.

to understand what's going on, let's look at it in binary, each section
is called an octet, because it has eight bits in it:

the address:

192		168		0		5
11000000	10101000	00000010	00000101

and the netmask (contraction of network mask)

255		255		255		0
11111111	11111111	11111111	00000000

to get the network section, we mask the address with the netmask, using a
binary AND (compares a bit at a time, and only gives a 1 if both the
inputs are a 1)

so
11000000.10101000.00000010.00000101 AND
11111111.11111111.11111111.00000000
=
11000000.10101000.00000010.00000000

thus, our network is 11000000.10101000.00000010.00000000 or 192.168.2.0

logically enough, to get the host part, we invert the netmask (swap all
the 1s for 0s and all the 0s for 1s), and do the same thing again.

11000000.10101000.00000010.00000101 AND
00000000.00000000.00000000.11111111
=
00000000.00000000.00000000.00000101 or 0.0.0.5

let's do that again, with Michelle's addresses as an example

IP address: 10.0.0.32

00001010.00000000.00000000.00100000

netmask: 255.255.255.224

11111111.11111111.11111111.11100000

00001010.00000000.00000000.00100000 AND
11111111.11111111.11111111.11100000
=
00001010.00000000.00000000.00100000

look, what we get out is the same as what we put in, therefore we know
that 10.0.0.32 is the network address, cool, huh?

Another way to write this is 10.0.0.32/27

what does the 27 mean? count the number of 1s in the netmask :)

Unless i've made some sort of mess of things, you'll find that there are
27 ones in the netmask.  That number is simply the number of bits that are
set in the netmask, always counting starting on the left hand side.  The
reason we do this is because it takes up much less space to convey the
same information, and is therefore much more efficient.

now, how do we tell how many IP addresses are in a netblock?

There's a nice and easy shortcut, if a little mathematical.
To make it a nice formula, you can say that x is the number of bits in the
netmask, or more often wejust say "it's a slash x netmask".

Now, we need to work out how many addresses there are available in the
host part of the address, this means we need to invert the
netmask as I mentioned above.  You'll notice that an IP address is 32 bits
long, in terms of binary, and so to make a nice shortcut in decimal you
can just do 32-x to invert it.

This means that you can say that the number of addresses in a netblock is
2 ^ (32 - x) or two to the power of 32 minus x.

For the 10.0.0.32/27 above, that means that it's 2^(32-27) = 2^5 = 32

Therefore, if the netmask for a netblock is 255.255.255.224, or 27, we
know that there are 32 addresses in the netblock.  We also know that we
can't use the bottom address because it's the network address, and we
can't use the top address because it's the broadcast address, so we have
to subtrace two from this total, leaving us with:

Usable addresses in a /x = (2^(32-x))-2 as the final formula

2^(32-5)-2=30

Next we need to know how to convert between them, and conveniently enough
there's another shortcut using the first forumula above.  First we have to
note that computers start counting at 0, whereas humans start counting at
1, so we've got to take into account the fact that we're talking the
computers language here, and remember to subtract 1 from various places as
we go along.

The maximum number of addresses you can represent in an octet is 256, but
the computer starts counting at 0, so we always subtract 1 from this to
get 255.

Let's take Michelle's netblock as an example, it has a netmask of
255.255.255.224, or /27.

First of all, we need to count the number of bits in each octet of the
mask:-

mask:	255		255		255		224
binary:	11111111	11111111	11111111	11100000
bits:	8		8		8		3

as you can see, 8+8+8+3=27

As you can see, this is really long winded .. BUT! working from the
knowledge that we're dealing with a /27, we can go along subtracting 8 and
writing 8 down followed by a dot each time until we're less than 8, and
then writing that number down (and the dot) and subtracting it to reach 0,
if we haven't written down four numbers yet, we start writing in 0s until
we've got four numbers, each representing the number of bits in each
octet of the netmask.

Thusly:

27-8=19, write down an 8
						8.

19-8=11, write down another 8
						8.8.

11-8=3, write down yet another 8
						8.8.8.

3<8 so, we write down the 3
						8.8.8.3


So, now we know that the last octet of the mask contains 3 bits, we can
start working things out.  Let's say that we've done this for a netmask,
and we've got out the number y, we'll invert that (by subtracting it from
8, because there's 8 bits) and then use it.  Just to complicate things,
because we want the netmask, we'll have to invert it again (this time in
decimal, but remembering that computers start at 0) by subtracting it from
255.

So, finally!

The last octet of the mask = 255 - ((2 ^ (8 - y)) - 1)

but look! we can simplify that to ... 256 - ((2 ^ (8 - y))

In this case, 256-(2^(8-3)) = 256-(2^5) = 256-32 = 224

tada!

we do that for the other numbers we've written down:

256-(2^(8-8)) = 256-(2^0) = 256-1 = 255		(easy to remember :)

and thus, for a /27 we can say that the netmask is 255.255.255.224

This of course works the other way around, if you reverse the
maths.  Unless anyone has any objections, I'll leave that as an exercise
for the reader as well :)

Now, I'd like to demonstrate that it works for netblocks bigger than a /24
(where bigger means that there are less bits in the mask, in a nicely
confusing way :)

let's say 10.34.16.0/23

First, let's work out how many bits in each octect

23-8=15, write down 8
						8.
15-8=7, write down 8
						8.8.
7<8, write down 7
						8.8.7.
write down a 0 to make it up to four
						8.8.7.0

Now, we know that 8 bits always comes out to 255 in that octet, so we can
write down half of it to start with:

						255.255.?.?

256-(2^(8-7)) = 256-(2^1) = 256-2 = 254

now we've got this:				255.255.254.?

and for the last octet

256-(2^(8-0)) = 256-(2^8) = 256-256 = 0

Excellent, another really easy one to remember, if there are 0 bits in an
octet, then there are .. uh .. 0 bits in that octet :)

SO!						255.255.254.0

and now we know how to convert between the two.

For those of us who don't want to remember the maths, here are a
selection of little cut out and keep guides in various formats:

HTML:		http://cats.meow.at/~mariab/netblocks.html (9.8kB)
Openoffice:	http://cats.meow.at/~mariab/netblocks.sxw (6.1kB)
Rich Text:	http://cats.meow.at/~mariab/netblocks.rtf (23kB)
JPEG:		http://cats.meow.at/~mariab/netblocks.jpg (132kB)
PNG:		http://cats.meow.at/~mariab/netblocks.png (78kB)

Please chose as appropriate for your use :)  The PNG and JPEG files should
be decent enough to print, if you don't have a word processor or graphical
browser with the right fonts or whatever.

Questions, as always, are welcome :)
Consultancy is available at very competitive rates ;)


have fun, and congratulations for reaching the end

Maria

More information about the Techtalk mailing list