[Techtalk] Networking tangent: subnets and netmasks [LONG]

Maria Blackmore mariab at cats.meow.at
Wed Apr 16 23:26:39 EST 2003

On Wed, 16 Apr 2003, Michelle Murrain wrote:

> Reading Mary's query (which I have not a clue how to help) reminded 
> me that I there is one major piece of TCP/IP that I just don't 
> *grok*, although I can muddle through it if I need to: how to talk 
> about subnets in that nomenclature - how that 
> corresponds to a block of IP addresses, and how that connects to the 
> netmask and broadcast addresses.

This is really rather cool, actually, very useful too for reasons of
address space conservation, and efficiency.

This email is very very long, in fact it's something of an epic, but it
has useful stuff at the end if you want to scroll down. :)

> Example. Lets say (I'm also going to use the examples) I own 
> a block of IP addresses from through That's 32 
> addresses. Now the Network ID (what does that mean?) is .32,

I call it the network number, it's the IP address that refers to the
entire block of IP addresses together

> and the broadcast is .63 (this is what I am told.)

This is the address you send something to if it has to go to everything in
that block of IP addresses

> My netmask, which I've also been told, is

yes, it's 32 addresses, it's .. which i'll explain below,
you've been given the correct netblock

> So can someone translate how to describe this? It's a :)
> Is the broadcast address always that last address?


> And why can't you ever use the .32 and .63 addresses for anything?

You can only use them in very particular circumstances, so for the time
being, assume that is "never".  The reason you can't use them is because
they explicitly imply everything in the block of IP addresses, or

> And why is it a netmask (why is this 224 and not 223,
> which is 255-32?)

lots of questions, right, let's get started.

What we're talking about here is called VLSM, Variable Length Subnet
Masking, and it goes hand in hand with CIDR, Classless Interdomain

IP addresses always come in two parts, the first part refers to the
network and is always on the LEFT, the second part refers to the host and
is always on the RIGHT.  At this point if i was teaching a class i'd go
into a little history about classes and why this is called classless, but
for now i'll leave that as an exercise for the reader.

let's take an example: with a subnet mask of

In this case, 192.168.0 refers to the network, and the 1 refers to the
host on that network.

to understand what's going on, let's look at it in binary, each section
is called an octet, because it has eight bits in it:

the address:

192		168		0		5
11000000	10101000	00000010	00000101

and the netmask (contraction of network mask)

255		255		255		0
11111111	11111111	11111111	00000000

to get the network section, we mask the address with the netmask, using a
binary AND (compares a bit at a time, and only gives a 1 if both the
inputs are a 1)

11000000.10101000.00000010.00000101 AND

thus, our network is 11000000.10101000.00000010.00000000 or

logically enough, to get the host part, we invert the netmask (swap all
the 1s for 0s and all the 0s for 1s), and do the same thing again.

11000000.10101000.00000010.00000101 AND
00000000.00000000.00000000.00000101 or

let's do that again, with Michelle's addresses as an example

IP address:




00001010.00000000.00000000.00100000 AND

look, what we get out is the same as what we put in, therefore we know
that is the network address, cool, huh?

Another way to write this is

what does the 27 mean? count the number of 1s in the netmask :)

Unless i've made some sort of mess of things, you'll find that there are
27 ones in the netmask.  That number is simply the number of bits that are
set in the netmask, always counting starting on the left hand side.  The
reason we do this is because it takes up much less space to convey the
same information, and is therefore much more efficient.

now, how do we tell how many IP addresses are in a netblock?

There's a nice and easy shortcut, if a little mathematical.
To make it a nice formula, you can say that x is the number of bits in the
netmask, or more often wejust say "it's a slash x netmask".

Now, we need to work out how many addresses there are available in the
host part of the address, this means we need to invert the
netmask as I mentioned above.  You'll notice that an IP address is 32 bits
long, in terms of binary, and so to make a nice shortcut in decimal you
can just do 32-x to invert it.

This means that you can say that the number of addresses in a netblock is
2 ^ (32 - x) or two to the power of 32 minus x.

For the above, that means that it's 2^(32-27) = 2^5 = 32

Therefore, if the netmask for a netblock is, or 27, we
know that there are 32 addresses in the netblock.  We also know that we
can't use the bottom address because it's the network address, and we
can't use the top address because it's the broadcast address, so we have
to subtrace two from this total, leaving us with:

Usable addresses in a /x = (2^(32-x))-2 as the final formula


Next we need to know how to convert between them, and conveniently enough
there's another shortcut using the first forumula above.  First we have to
note that computers start counting at 0, whereas humans start counting at
1, so we've got to take into account the fact that we're talking the
computers language here, and remember to subtract 1 from various places as
we go along.

The maximum number of addresses you can represent in an octet is 256, but
the computer starts counting at 0, so we always subtract 1 from this to
get 255.

Let's take Michelle's netblock as an example, it has a netmask of, or /27.

First of all, we need to count the number of bits in each octet of the

mask:	255		255		255		224
binary:	11111111	11111111	11111111	11100000
bits:	8		8		8		3

as you can see, 8+8+8+3=27

As you can see, this is really long winded .. BUT! working from the
knowledge that we're dealing with a /27, we can go along subtracting 8 and
writing 8 down followed by a dot each time until we're less than 8, and
then writing that number down (and the dot) and subtracting it to reach 0,
if we haven't written down four numbers yet, we start writing in 0s until
we've got four numbers, each representing the number of bits in each
octet of the netmask.


27-8=19, write down an 8

19-8=11, write down another 8

11-8=3, write down yet another 8

3<8 so, we write down the 3

So, now we know that the last octet of the mask contains 3 bits, we can
start working things out.  Let's say that we've done this for a netmask,
and we've got out the number y, we'll invert that (by subtracting it from
8, because there's 8 bits) and then use it.  Just to complicate things,
because we want the netmask, we'll have to invert it again (this time in
decimal, but remembering that computers start at 0) by subtracting it from

So, finally!

The last octet of the mask = 255 - ((2 ^ (8 - y)) - 1)

but look! we can simplify that to ... 256 - ((2 ^ (8 - y))

In this case, 256-(2^(8-3)) = 256-(2^5) = 256-32 = 224


we do that for the other numbers we've written down:

256-(2^(8-8)) = 256-(2^0) = 256-1 = 255		(easy to remember :)

and thus, for a /27 we can say that the netmask is

This of course works the other way around, if you reverse the
maths.  Unless anyone has any objections, I'll leave that as an exercise
for the reader as well :)

Now, I'd like to demonstrate that it works for netblocks bigger than a /24
(where bigger means that there are less bits in the mask, in a nicely
confusing way :)

let's say

First, let's work out how many bits in each octect

23-8=15, write down 8
15-8=7, write down 8
7<8, write down 7
write down a 0 to make it up to four

Now, we know that 8 bits always comes out to 255 in that octet, so we can
write down half of it to start with:


256-(2^(8-7)) = 256-(2^1) = 256-2 = 254

now we've got this:				255.255.254.?

and for the last octet

256-(2^(8-0)) = 256-(2^8) = 256-256 = 0

Excellent, another really easy one to remember, if there are 0 bits in an
octet, then there are .. uh .. 0 bits in that octet :)


and now we know how to convert between the two.

For those of us who don't want to remember the maths, here are a
selection of little cut out and keep guides in various formats:

HTML:		http://cats.meow.at/~mariab/netblocks.html (9.8kB)
Openoffice:	http://cats.meow.at/~mariab/netblocks.sxw (6.1kB)
Rich Text:	http://cats.meow.at/~mariab/netblocks.rtf (23kB)
JPEG:		http://cats.meow.at/~mariab/netblocks.jpg (132kB)
PNG:		http://cats.meow.at/~mariab/netblocks.png (78kB)

Please chose as appropriate for your use :)  The PNG and JPEG files should
be decent enough to print, if you don't have a word processor or graphical
browser with the right fonts or whatever.

Questions, as always, are welcome :)
Consultancy is available at very competitive rates ;)

have fun, and congratulations for reaching the end


More information about the Techtalk mailing list