IP Subnetting - GIAC

cursefarmNetworking and Communications

Oct 24, 2013 (3 years and 7 months ago)


IP Subnetting
IP Subnetting
The Internet Protocol (IP) is the de facto standard when it comes to routing network communications in
the world today. Although other networking
still exist, it is extremely difficult to find a network
that is not running IP. A critical skill for any network administrator or security admin that supports a
network environment is IP subnetting. This paper discusses why subnetting is important, IP addressing
basics, decimal to binary conversion, early subnetting, and variable length subnetting.
Why Is Subnetting Important?
Subnetting is important for several reasons.
• Subnetting helps to reduce the number of routes needed in a routing table.
This was extremely important to the Internet. In the early days of the Internet, companies were
directly assigned IP address ranges by the Internet Assigned Numbers Authority (IANA). As the
Internet grew, each of the uniquely assigned ranges had to be included in the Internet routing table,
and this quickly resulted in huge routing tables. At this point, IANA decided that instead of
issuing IP address ranges directly to companies, it would set up regional authorities that would
distribute IP addresses. These regional authorities are ARIN (North America), RIPE (Europe),
LACNIC (Latin America), APNIC (Asia), and AFRINIC (Africa).
Each of these agencies is assigned a large block of addresses by IANA; the agency then subnets
these blocks and assigns them to the various Internet service providers (ISPs). The ISPs subnet
their addresses even further and assign them to their customers. Now when packets are routed
through the Internet, the main Internet routers need to know only which region to get it to instead
of every company or network connected to the Internet. The region can then get it to the ISP and
the ISP knows where it is supposed to go from there.
• Subnetting allows you to make efficient use of your address space.
If you only have a network of two hosts, such as a wide area network (WAN) link, why would you
waste an IP address range of 254 addresses?
• Subnetting can also aid with troubleshooting an issue.
If you have one large flat network, when problems arise it is often difficult to physically track
down where the problem is coming from. If you subnet your network intelligently, you can more
easily determine where, in the physical network, problems exist.
• From a security perspective, subnetting can also help you isolate networks that may be high
risk or process sensitive or critical data.
With subnetting, you can isolate wireless networks, research and development, finance and human
resource networks, internet facing networks, and so on. By utilizing firewalls and intrusion
detection systems, you can more easily regulate who has access in and out of a particular network.
IP Addressing Basics
Before we start dive into subnetting, we need to cover some basics. The first item for discussion is the IP
address. An IP address is a 32-bit number typically represented in four sections called octets. These
sections are segregated by a dot or period, and you ,hear this format referred to as dotted decimal
notation. A sample IP address is This IP address is what identifies a system or resource on a
particular IP network.
The IP address itself is actually made up of two parts. One part identifies the network that the host
belongs to, and the other part identifies the host. To figure out where the network portion stops and the
host part begins you need a subnet mask. A subnet mask is also represented in dotted decimal notation.
An example of a subnet mask would be You will see later how the subnet mask is used to
identify the network and the host parts of the IP address.
Decimal and Binary
No discussion on IP subnetting would be complete without mentioning decimal to binary conversion, and
vice versa. This is not a math paper, so I will keep this section as brief as possible. Computers speak
binary. This means the computer knows only two modes for each bit of data, on or off, or 1 or 0.
Alternatively, humans like to see numbers in a base 10 format or 0 through 9 and multiples thereof. In IP
subnetting, it is important that we know how to convert IP addresses and subnet masks from their human-
friendly decimal form to the computer-friendly binary form because the locations of the 1s and 0s is
extremely important, as you will see later.
If we use the sample IP address from before,, and represent it in binary format, it would
look like this: 10101100.00010000.000001010.00001111. So, how do we get from the decimal form to
the binary form, and vice versa?
First, let’s convert from binary to decimal. If we take the first octet of our sample IP address and map it to
the binary numbering system, it looks like this:

If we then add in the decimal equivalents of the binary, it looks like this

Now all we have to do is add the decimal numbers together where a 1 appears and we will get the decimal
equivalent of the binary number. In this case it looks like this:
128 + 32 + 8 + 4 = 172.
That wasn’t so bad. Now that you know how to convert from binary to decimal, how do you go from
decimal to binary? I thought you would never ask. To convert from decimal to binary, you use division
and remainders. Let’s take our 172 example from previously. The formula for conversion is as follows.
1. First divide the number by 2. The remainder will be either 0 or 1.
2. Write down the remainder.
3. Divide the remaining number without the remainder by 2. Again, the remainder will be either 1 or
4. Write down the remainder to the left of the previous remainder.
5. Repeat this until you end up with 0.
For 172, the formula would look like this:
172 ÷ 2 = 86 remainder 0
86 ÷ 2 = 43 remainder 0
43 ÷ 2 = 21 remainder 1
Binary 2

IP Address 1 0 1 0 1 1 0 0
Binary=Decimal 2
=128 2
=64 2
=32 2
=16 2
=8 2
=4 2
=2 2
IP Address 1 0 1 0 1 1 0 0
21 ÷ 2 = 10 remainder 1
10 ÷ 2 = 5 remainder 0
5 ÷ 2 = 2 remainder 1
2 ÷ 2 = 1 remainder 0
1 ÷ 2 = 0 remainder 1
So our binary number for 172 = 10101100.
Remember that each section of an IP address is 8 bits long. In the previous example, the conversion
worked out to 8 bits exactly, so that was easy. If we used a smaller number such as 15, we would have
reached 0 before we had 8 bits. If this occurs, fill in the remaining bits with 0s. For example:
15 ÷ 2 = 7 remainder 1
7 ÷ 2 = 3 remainder 1
3 ÷ 2 = 1 remainder 1
1 ÷ 2 = 0 remainder 1
Because we got to 0 in only four steps, the remaining bits are 0--so the binary of 15 is 00001111.
Okay, enough math; let’s talk about IP subnetting.
Early Subnetting
In the beginning, IP addresses were traditionally broken up into five classes lettered A through E. Classes
A, B, and C were used for your average IP networks; Class D was used for multicast networking; and
Class E was for experimental usage. The determination of which class a particular network fell in was
determined by the first octet of the IP address, specifically by the first few bits of the first octet. This is
represented in the following table.

First Bits 1
Octet Number of Networks Hosts per Network
Class A 0 1-126 126 16,777,214
Class B 10 128-191 16,384 65,534
Class C 110 192-223 2,097,152 254
Class D 1110 224-239 n/a n/a
Class E 11110 240-254 n/a n/a

Because Classes D and E are special classes, we will focus our discussion on Classes A, B, and C. Each
of these classes has a default subnet mask and a private address range. The private address ranges are
utilized on internal networks, and addresses in these ranges cannot be routed in the public network of the
Internet. These defaults and private ranges are shown here:

Default Subnet Mask Private Address Range
Class A –
Class B –
Class C

As we mentioned before, the subnet mask is used to identify which portion of the IP address is the
network and which portion of the IP address is the host. To visually see how this works, we need to
represent our IP address and subnet mask in binary format. See, I told you the binary stuff would come in
handy. Let’s take our initial sample IP address of As you can see from the previous table,
this is a Class B address with a default subnet mask of Let’s represent that in binary. 10101100 00010000 00001010 00001111 11111111 11111111 00000000 00000000

As you can see, there are two very distinct sections to the subnet mask; one section is represented by all
1s and the other is all 0s. This is how you tell the network portion of the IP address from the host portion.
The piece of the IP address that lines up with the 1s is the network portion, and the piece that lines up
with the 0s is the host portion. So in our example, the network is 172.16 and the host is 10.15.
In addition to the dotted decimal notation, you might also see the subnet mask represented in a /# format
where the # represents the number of bits in the network portion of the subnet mask. In the previous
example, you might see it written
When the Internet was small, this class-based method of subnetting worked fine. It was easy to
understand and administer. If you were a large company that had more than 65,536 hosts, you were given
a Class A address, if you were a small company with fewer than 254 hosts, you were given a Class C
address; and so on.
As the Internet grew, and networks grew more complex, it was quickly discovered that this class-based
system was not going to be sufficient and the IP address space would be depleted quickly. This began the
discussion of IPv6, but because the Internet and networks were growing at such rapid rates and IPv6
would take time to develop and adopt, along came Variable Length Subnet Masking (VLSM), which is
primarily what is used today when discussing subnetting.
Before we discuss VLSM, we need to cover some rules with regard to subnetting. They are as follows.
1. The network ID cannot be 127. The network is reserved for loop-back and was
originally designed for testing purposes.
2. In binary format, the network ID and the host ID cannot be all 1s. These are special designators for
what are called broadcast addresses.
3. In binary format, the network ID and the host ID cannot be all 0s. When the host ID is all 0s, this
is used to represent the network ID for the hosts in that network.
In VLSM, we are stealing bits from the host portion of the subnet mask to create subnetworks. As a
simple example, we will use the Class B network of with a subnet mask. As
written, this is one network that has a host range of through (remember you
cannot have all 1s in the host portion, so not a valid host address). If you need to create a
large number of networks that will not have more than 254 hosts in each network, you can modify your
subnet mask to This changes 8 host bits to network bits; now instead of one large network,
you have 254 networks each with 254 addresses, as shown here.

Network Address Host Range Broadcast Address – –
…… …… ….. – –

That is basic subnetting; now let’s get a little more creative. Let’s say we have a number of small field
offices that have no more than 20 hosts. If we issue a Class C network to each office, we are going to
waste approximately 230 addresses in each network. If we use VLSM, however, we can get a more
efficient use of our subnets.
The first question we need to ask is how many host bits do we need to leave in the subnet mask to give us
more than 20 hosts per network. This is very simple to determine. The formula to determine the number
of hosts per network is 2 raised to the number of host bits in the subnet mask – 2. The reason we
subtract 2 is because the host ID cannot be all 1s or 0s. So if we look at a class C subnet mask
in binary form (11111111.11111111.11111111.00000000), we can see that there are 8 host bits.
-2 = 254 host addresses. In the following table you can see the number of hosts per network if
we were to change the host bits in a Class C subnet mask.

Host Bits Changed Binary Notation of
Last Octet
Dotted Decimal
/# Format Number of Hosts
1 10000000 /25 2
-2 = 126
2 11000000 /26 2
-2 = 62
3 11100000 /27 2
-2 = 30
4 11110000 /28 2
-2 = 14
5 11111000 /29 2
-2 = 6
6 11111100 /30 2
-2 = 2

Because we need 20 addresses, we can see from the table that we will need to change 3 host bits. It is
important to remember that when you change the host bits, you always start from the far left and work
your way to the right. We have decided that we are going to use the network as our starting
point for our subnetting. We know that our subnet mask is going to be
From this point, there are three final items that we need to determine.
1. What are the networks we have created with our new subnet mask?
2. What are the host ranges in those networks?
3. What is the broadcast address for each network?
The first step is to determine what our networks will be. To do this, we need to look at the subnet mask in
binary notation where we changed host bits to network bits. This is shown below.

Binary=Decimal 2
=128 2
=64 2
=32 2
=16 2
=8 2
=4 2
=2 2

If you take the decimal representation of the first network bit to the far right, that is your first network. In
our example the first network bit to the far right is in the 2
position, so our first network is
To determine our next network, we simply add that first network value to the last octet until we reach the
subnet mask number, which in our case is 224. So our networks are as follows

Network Address Host Range Broadcast Address

Because technology now enables you to use, I typically try to refrain from doing so as it
may cause problems with legacy technology because of the rule regarding all 0s in the network portion.
We also cannot use because that would have all 1s in the network portion, which is also
against the rules.
The easiest item to figure out next is the broadcast address. Because this is always the last number in the
network range, it is always going to be the number just before the next network address. So, if we fill in
the broadcast portion of our table, it will look like this.

Network Address Host Range Broadcast Address

The last step in the process is to determine the host range for each network. We now know the beginning
of the network and the end of the network, so the host range simply falls in between. The following table
shows all the information filled in.

Network Address Host Range Broadcast Address –
Subnet Mask 1 1 1 0 0 0 0 0 – – – – –

As you have seen, IP subnetting is an important skill to acquire because it offers many benefits in any
networked environment. Using the information in this paper, you should be able to subnet any network to
take full advantage of the IP address space you utilize.