A.1. IPv4 Subnetting
Back in the early days of the Internet, there were three major classes of addressing that were labeled A through C. Table A-1 shows how many hosts the Internet could support based on this system.
Networks per class |
Hosts per network |
IP range |
|
---|---|---|---|
Class A |
126 |
16,777,214 |
1.0.0.0-127.255.255.255 |
Class B |
65,000 |
65,534 |
128.0.0.0-191.255.255.255 |
Class C |
2,000,000 |
254 |
192.0.0.0-223.255.255.255 |
|
With the growth of the Internet, these classes became obsolete for a few reasons, the biggest of which was address space depletion. In the early 1990s, we could see that we would run out of address space to give to new Internet users. Another problem was that the routing tables on the Internet backbone routers were growing out of control. Without the ability to summarize routing information, the routing tables were growing beyond the router's capacity to store them.
In order to solve these problems, a new system of subnetting the IP address space was developed: classless inter-domain routing.
A.1.1. Classless Inter-Domain Routing
Classless inter-domain routing (CIDR) was developed to address IP address depletion and growing routing tables. The two main features of CIDR are:
- Route table aggregation (which produces more efficient routing tables)
- Effective use of the existing IP address space
The adoption of CIDR and other technologies such as network address translation (NAT; see Chapter 13 for details) has minimized but not resolved the problems of IP address space depletion and burgeoning routing tables. The problems that still exist in IPv4, even with the use of CIDR and NAT, have been addressed with the development of IPv6, described later in this appendix.
A.1.1.1. CIDR notation
In CIDR notation, a network address is represented by a prefix, which is simply the network address followed by a slash and the number of bits in the subnet mask. For example, the network address of 192.168.1.0 with a subnet mask of 255.255.255.0 is represented as 192.168.1.0/24. As Table A-2 shows, there are 24 consecutive leftmost 1 bits in the binary representation, which gives us the /24 value. In other words, if you count the leftmost consecutive 1's in the binary representation of this prefix, you will count 24 bits.
If you are using the old class notation with CIDR, Class A would /8, Class B would be /16, and Class C is /24.
Table A-2 shows possible subnets of a /24 address space. In this table, the subnet binary representation illustrates the number of bits in the subnet. The usable hosts column is the number of addresses that can be used for host addresses, which is the actual number of addresses in the subnet minus the network and broadcast addresses. For example, the /27 prefix gives us actually 32 addresses. The first address is used for the network address and the last address is used for the broadcast address, which leaves use with 30 possible usable host addresses (32 - 2 = 30). See the "Subnet Math" section later in this appendix for more information on this calculation.
If you are considering taking a certification test in the future, committing Table A-2 to memory is a fairly good idea.
Usable subnets |
Hosts |
Subnet mask |
Subnet binary |
Notes |
|
---|---|---|---|---|---|
/24 |
1 |
254 |
255.255.255.0 |
11111111.11111111.11111111.00000000 |
Entire class C notation |
/25 |
2 |
126 |
255.255.255.128 |
11111111.11111111.11111111.10000000 |
CIDR and subnet-zero networks only |
/26 |
4 |
62 |
255.255.255.192 |
11111111.11111111.11111111.11000000 |
|
/27 |
8 |
30 |
255.255.255.224 |
11111111.11111111.11111111.11100000 |
|
/28 |
16 |
14 |
255.255.255.240 |
11111111.11111111.11111111.11110000 |
|
/29 |
32 |
6 |
255.255.255.248 |
11111111.11111111.11111111.11111000 |
|
/30 |
64 |
2 |
255.255.255.252 |
11111111.11111111.11111111.11111100 |
|
/31 |
0 |
0 |
255.255.255.254 |
11111111.11111111.11111111.11111110 |
Invalid because no bits are left for the host |
/32 |
0 |
1 |
255.255.255.255 |
11111111.11111111.11111111.11111111 |
Single host subnet mask |
|
In Table A-2, you see that /31 is marked invalid because there are no bits left for the host. However, in IOS version 12.2(4), Cisco allows that subnet to be used on IPv4 point-to-point links, which is a good thing because it effectively doubles the number of point-to-point links that can be obtained from a given IP address range.
Table A-3 shows the entire CIDR table with dotted decimal subnet masks and the number of classful networks for each prefix.
Subnet mask |
Number of addresses |
|
---|---|---|
/1 |
128.0.0.0 |
2,048,000,000 |
/2 |
192.0.0.0 |
1,024,000,000 |
/3 |
224.0.0.0 |
512,000,000 |
/4 |
240.0.0.0 |
256,000,000 |
/5 |
248.0.0.0 |
128,000,000 |
/6 |
252.0.0.0 |
64,000,000 |
/7 |
254.0.0.0 |
32,000,000 |
/8 |
255.0.0.0 |
16,000,000 |
/9 |
255.128.0.0 |
8,000,000 |
/10 |
255.192.0.0 |
4,000,000 |
/11 |
255.224.0.0 |
2,000,000 |
/12 |
255.240.0.0 |
1,024,000 |
/13 |
255.248.0.0 |
512,000 |
/14 |
255.252.0.0 |
256,000 |
/15 |
255.254.0.0 |
128,000 |
/16 |
255.255.0.0 |
64,000 |
/17 |
255.255.128.0 |
32,000 |
/18 |
255.255.192.0 |
16,000 |
/19 |
255.255.224.0 |
8,000 |
/20 |
255.255.240.0 |
4,000 |
/21 |
255.255.248.0 |
2,000 |
/22 |
255.255.252.0 |
1,000 |
/23 |
255.255.254.0 |
512 |
/24 |
255.255.255.0 |
256 |
/25 |
255.255.255.128 |
128 |
/26 |
255.255.255.192 |
64 |
/27 |
255.255.255.224 |
32 |
/28 |
255.255.255.240 |
16 |
/29 |
255.255.255.248 |
8 |
/30 |
255.255.255.252 |
4 |
/31 |
255.255.255.254 |
2 |
/32 |
255.255.255.255 |
1 |
A.1.2. Subnet Math
When subnetting IP addresses, there are a few really important formulas. Most of these formulas entail basically converting the IP address to a binary number and then OR'ing or AND'ing it with the subnet mask or network number.
A.1.2.1. Subnet zero reminder
In the past, subnets with all ones and all zeros were not allowed. (Some legacy network hardware still follows this rule.) With Cisco devices, these subnets are allowed if the command ip subnet-zero is used. In all current versions of IOS, this command is enabled by default. It's important to keep this in mind as we describe the subnet calculations.
A.1.2.2. Calculating a network address from a host address
This subnet calculation is nothing more than a logical AND between the subnet mask and the host address. For example, if you had a host with an address of 192.168.1.161/27, you only need to perform the calculation in Table A-4 to find the network IP address.
Host address |
192.168.1.161 |
11000000.10101000.00000001.10100001 |
|
Subnet mask |
255.255.255.224 (/27) |
11111111.11111111.11111111.11100000 |
|
======================================== |
(logical AND) |
||
Network address |
192.168.1.160 |
11000000.10101000.00000001.10100000 |
By AND'ing the subnet mask and the host address, we are left with a new binary address. This binary number translates to 192.168.1.160 in dotted decimal, which is the network address for this host address.
A.1.2.3. Calculating the broadcast address of a subnet
To calculate the broadcast address for any given subnet, it's a simple matter of logically OR'ing the inverted subnet mask with the network address. Shown in Table A-5 is the broadcast address calculation for the 192.168.1.160/27 network, which is same network as in the previous example.
Network address |
192.168.1.160 |
11000000.10101000.00000001.10100000 |
|
Inverted subnet mask |
0.0.0.31 |
00000000.00000000.00000000.00011111 |
|
======================================== |
(logical OR) |
||
Broadcast address |
192.168.1.191 |
11000000.10101000.00000001.10111111 |
In this example, the inverse of the subnet mask 255.255.255.224 is 0.0.0.31. If we take the binary representation of that number and OR it with the network address, we are left with the broadcast address binary. When translated back to dotted decimal, this address is 192.168.1.191, which is the correct broadcast address for 192.168.1.160/27 network.
A.1.2.4. Calculating available subnets
The following formula allows you to calculate the number of possible subnets in an address space, where N is the number of bits used in the subnet.
2N = Number of subnets available if subnet-zero is allowed (the default)
2N - 2 = Number of subnets available if subnet-zero is disabled
For example, what's the possible number of subnets of 192.168.1.0/27 if subnet-zero is enabled? If we look at Table A-2 for the /27 prefix, we see that there are 3 bits in the last octet of the subnet binary. So, 23 (2 to the power of 3) gives eight usable subnets. If we weren't allowed to use the subnet-zero command, we'd have to use the second formula, which is 23 - 2, which results in six usable subnets.
A.1.2.5. Calculating the number of hosts per subnet
Calculating the number of available hosts per subnet is a little easier because there is no confusion about subnet zero. With the host address space, the first and last addresses are reserved and cannot be used for a host, except in the case of the /31, which we described earlier. The first address is reserved for the network number and the last address is reserved for the broadcast address.
The following formula allows you to calculate the number of usable hosts per subnet. N is the number of bits used for the host.
2N - 2 = Number of usable host addresses per subnet
If we use the same address as in the previous example, 192.168.1.0/27, we can find N by looking at Table A-2. If 3 bits are used in the last octet for the subnet mask, the host bit count is five. So, we plug 5 into our formula, which leaves us with 30 available host addresses (25 - 2 = 30).
A.1.3. More about Subnets
Our final section on IPv4 subnetting reviews the reserved private address space, how to change the way the router displays subnet information, and using VLSM.
A.1.3.1. Private address space
A certain amount of the original address space was reserved for private IP addresses. These address spaces are for private networks and are not routable on the Internet. Throughout this book, we use the private address space in all our examples so that we don't show any real addresses. Table A-6 shows the available private address space.
Subnet |
IP range |
---|---|
10.0.0.0/8 |
10.0.0.0 through 10.255.255.255 |
172.16.0.0/12 |
172.16.0.0 through 172.31.255.255 |
192.168.0.0/16 |
192.168.0.0 through 192.168.255.255 |
A.1.3.2. Changing the way the router displays subnet information
You can change the way the router displays subnet information. If you just want to change it for the current session, you can use the terminal ip netmask-format command, which is followed by the type decimal, bit-count, or hexadecimal. (Bit-count is the default.) The following example shows the output for all three versions of the command.
Router> terminal ip netmask-format bit-count Router> show ip int FastEthernet0/0 is up, line protocol is up Internet address is 192.168.1.161/27 ... Router> terminal ip netmask-format decimal Router> show ip int FastEthernet0/0 is up, line protocol is up Internet address is 192.168.1.161 255.255.255.224 ... Router> terminal ip netmask-format hexadecimal Router> show ip int FastEthernet0/0 is up, line protocol is up Internet address is 66.133.171.161 0xFFFFFFE0
To apply the format change to the entire router, use the ip netmask-format configuration command, which takes the exact same parameters. The only difference is that the setting is stored in the router configuration and applies to all future sessions. However, this only changes the way the netmasks are displayed in the show and debug command output. When you enter an IP address in the router's configuration, you still need to use the 255.255.255.0 format.
A.1.3.3. Variable Length Subnet Masks (VLSM)
Variable Length Subnet Masks or VLSMs allow a single network to be configured with multiple different subnet masks. This allows the network administrator to divide a network up with finer granularity. Not all routing protocols support VLSM. For example, RIP-v1 and IGRP require classful networking in order to work. Modern network routing protocols such as EIGRP, RIP-v2, OSPF, and IS-IS all support VLSM. The older protocols (RIPv1 and IGRP) require all subnet masks within the network to be configured the same. Employing the same mask throughout a subnet is called Fixed Length Subnet Masking (FLSM). If you try to use VLSM in your network while running RIPv1 or IGRP, the routes with differing masks will not show up in the routing table.
To enable the router to support VLSM, configure the router with the ip classless command, which is enabled by default on current versions of IOS. This command changes the way the router behaves in terms of subnetting by removing an assumption. The assumption is as follows: if there is a connected subnet (for example,10.1.2.0/24), the router running a classful routing protocol assumes that it knows about every subnet in the network (in this example, subnet 10), which becomes a problem when there is a default route configured. If the router gets a packet for 10.200.1.0 and it does not appear in the routing table, the normal behavior is to assume that the route does not exist and drop the packet, even though the default route exists. When the ip classless command is enabled, this assumption is overridden and the packet is not dropped. Instead, the packet is sent along the default route.
In order to better understand the purpose of VLSM, consider the following example. We have the network address space of 192.168.10.0/24, which we would like to split up into nine separate networks with the following specifications:
- Four networks require six hosts per network.
- Three networks require thirty hosts per network.
- Two networks require sixty hosts per network.
Table A-7 shows how we could subnet our 192.168.10.0/24 network to support this configuration with VLSM. Remember that this solution is the not the only way to subnet to meet our needs. (You can subnet the network any way you like.)
Hosts |
Network |
Host IPs |
Broadcast |
|
---|---|---|---|---|
1 |
6 |
192.168.10.0/29 |
192.168.10.1-192.168.10.6 |
192.168.10.7 |
2 |
6 |
192.168.10.8/29 |
192.168.10.9-192.168.10.14 |
192.168.10.15 |
3 |
6 |
192.168.10.16/29 |
192.168.10.17-192.168.10.22 |
192.168.10.23 |
4 |
6 |
192.168.10.24/29 |
192.168.10.25-192.168.10.30 |
192.168.10.31 |
5 |
30 |
192.168.10.32/27 |
192.168.10.33-192.168.10.62 |
192.168.10.63 |
6 |
30 |
192.168.10.64/27 |
192.168.10.65-192.168.10.94 |
192.168.10.95 |
7 |
30 |
192.168.10.96/27 |
192.168.10.97-192.168.10.126 |
192.168.10.127 |
8 |
62 |
192.168.10.128/26 |
192.168.10.129-192.168.10.190 |
192.168.10.191 |
9 |
62 |
192.168.10.192/26 |
192.168.10.192-192.168.10.254 |
192.168.10.255 |