You are on page 1of 8

1. Determine the class of your network.

This is taken from the first octet in the IP address. IPs are separated into classes. Like Texas Chili.
Octet
Range
Class
Default Subnet
Mask
Private
Addressing
Notes
1 - 126* Class A 255.0.0.0 10.x.x.x
Used by really high-level
companies with a lot of
computers
*127.0.0.1 Loopback


Used to test IP connectivity to
self
128 - 191 Class B 255.255.0.0
172.16.x.x -
172.31.x.x
Used by larger companies, I see
a lot of this in mid-level
networks
192 - 223 Class C 255.255.255.0
192.168.x.x -
192.168.255.x
Used by small companies,
home offices, small home
networks
224 - 239 Class D n/a n/a Multicast Broadcast only
240 - 255 Class E n/a n/a
Experimental: Reserved for
future use (I don't know what the
hell that means, either)
What is "private addressing?" Well, each class has a separate set of addresses that everyone has
agreed on are "not Internet routable." This is very handy for firewalls and NAT. See, there aren't
enough IP addresses to go around any more. So you have "outside IPs" (which are most of them),
and "inside IPs" which are the private addresses. The most common you will see for home and small
office networks are the 192.168.x.x variety. Because this class C address range has a default mask of
255.255.255.0, you can really only have 254 hosts per subnet
2. Determine how many bits you must borrow from
the hosts portion.
Use the following equation:
2
n
- 2 >= Number of subnets required
So if you need 25 subnets:
1. 2
n
- 2 >= 25
2. 2
n
- 2 >= 25
3. 2
5
- 2 >= 25
4. 32 - 2 >= 25
If n = 4 then it would have been 16, less than 25. People would laugh at you. And point.
Note: At this point, you should about expandability. If you are going to need more than 30 (2
5
-2 )sub-
networks in the future, you should go one greater, like 62 (2
6
-2). Remember, the more networks you
have, the less collision domains you have. But you will need routers to get them to speak to each
other. That's another topic for a later time, but keep in mind if you have TOO many hosts all working
on the same subnet (like over 100 servers all talking at once), you are going to slow your network
down.
3. Make your custom subnet mask.
First, you need to determine your default mask above. To illustrate this better, let's toss our ten-digit
fingers out the window, and think of them as nothing more than nonsense labels for the moment.
Computers don't have fingers or toes, only switches.
Suppose
you had this
address:
192.168.35.x
In binary, it
looks like
this:
11000000.10101000.00100011.x
Looking at
the default
subnet
mask:
255.255.255.0
Which the
computer
sees as:
11111111.11111111.11111111.00000000
Now since
n = 5 in the
example
above, we
know we
must steal
five bits,
which is
done from
left to right
255.255.255.248
This is
easier to see
in binary:
11111111.11111111.11111111.11111000
As you can see, this makes less sense in our decimal world. "Huh? 248? WTF?!" Easy, tiger. This is
simpler than it looks. See, each "bit" from left to right represents a factor of 2
some power
. Here's how we
break down an octet:
Power of: 2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0

Decimal Number 128 64 32 16 8 4 2 1
Binary Number 1 1 1 1 1 0 0 0
So 5 bits stolen is really 128 + 64 + 32 + 16 + 8 = 248 (in decimal). If you think this is fun, wait until I
write about Binary to Hexadecimal! But now we are getting off topic again. Focus. Before going to
step 4, go and get yourself a cookie and a drink of water. I'll wait.
4. Find out your hosts per network.
Okay, you have the new subnet mask, now what? "What the heck are my goddamn IP address
ranges???" Whoa, too much caffeine, there, dude. But rest assured, even with too much Mountain
Dew sloshing in your belly, you can do this. First, we have to determine the number of hosts per
subnet. This is also better understood in binary:
Now, remember your default
mask? Unless you have ADHD,
you know it as:
255.255.255
.248
But
again
, it's
11111111.11111111.11111111.
11111000
easie
r to
see
in
binar
y
Since the
11111111.11111111.11111111.
11111xxx is the network
portion, then the remaining bits
(which are zeros) are the hosts
portion!
Forget
decimal for
now
Hosts
(ooo
h):
11111111.11111111.11111111.
11111000
Now, I may not be a bright man, but even I can tell there are only 3 bits left. So we use a familiar
looking equation again to determine how many hosts (anything that needs an IP address to function)
we have for each network.
2
n
- 2 >= Number of hosts per subnet
So in this case, 2
3
- 2 = 8 - 2 = 6 hosts per subnet. Wow, that's not a whole lot. But you do have a
Class C address, and you were the bozo that wanted 25 networks.
5. Now we determine the subnet ranges!
Bet you thought we'd never get here. There is an incrementing interval we find find out first. That's
EASY. It's:
256 - subnet mask = Interval
So, in our example, 256 - 248 = 8! Well, whattia know! This will also be the value of the lowest
network, unless you are including zero networks, but for this case, we won't. So, now we start moving
the tables around.
Subnet
Subnet
Address
First useable IP
Address
Last useable IP
address
Broadcast
Address
First 192.168.35.8 192.168.35.9 192.168.35.14 192.168.35.15
Second 192.168.35.16 192.168.35.17 192.168.35.22 192.168.35.23
Third 192.168.35.24 192.168.35.25 192.168.35.30 192.168.35.31
Fourth 192.168.35.32 192.168.35.33 192.168.35.38 192.168.35.39
... 30th 192.168.35.240 192.168.35.241 192.168.35.246 192.168.35.247
Note we didn't use the 192.168.35.0 or 192.168.35.248 networks. We usually discard the first and last
(which is why there are only 30 instead of 32 available in the equation above). This makes sense
because the first would have 192.168.35.0 as a subnet, when it's really considered the name of a
whole network. And 192.168.35.248 would have 192.168.35.255 as a broadcast address for a subnet
when it should be the default broadcast for the whole 192.168.35.0 network. This will confuse people
later on. But I'd be a liar in a Viking hat if I said that it hasn't been done before. It's just not a good
IDEA. Many subnet calculators out there also include these networks, usually called zero networks.
As a side note, how many hosts SHOULD you have per subnet? Well, the rule of thumb is that you
shouldn't have more than 254 hosts in the same subnet because they will all share the same collision
domain. Your network will slow to a crawl with all that traffic. Keep in mind, a lot of traffic isn't just a
machine accessing the Internet, a lot of services will constantly send traffic back and forth. If you have
ever sniffed traffic on a closed network, even "idle" computers are sending info back and forth,
espically if you haven't firewalled them and you have default services enabled. If you have 1000 hosts
on the same subent, even if the machines are idle, you will notice some machines will start to slow
down as the NIC or software tries to process all the messages.
A lot of people have /24 networks to make sure this doesn't happen, which is 254 hosts, and /24 is an
"even break point" of one octet that's easier to do quick math. Routers/firewalls and managed
switches (like VLANS) will take care of any translation from subnet to subnet.

More Examples
We're going to go through more examples now, so you can understand more.
Example 1
Problem: Given IP range of 10.x.x.x, and you have to create 10 subnets.
1. You have a Class A address. Default mask is 255.0.0.0
2. 2
4
- 2 = 14, which is > 10. So we need to steal 4 bits from the host portion.
3. That means our subnet mask is 255.(128+64+32+16).0.0 = 255.240.0.0
4. Our host bits left are 20, so 2
20
- 2 = 1,048,574 hosts per net (that ought to be enough, in fact,
way too many but hey)
5. Our digital interval is 256 - 240 or 16. So we know the first network is 10.16.0.0! You wouldn't
want to use it, since it's a zero network, but I'll include it anyway to show you where it goes.
Subnet
Subnet
Address
First useable IP
Address
Last useable IP
address
Broadcast
Address
First 10.16.0.0 10.16.0.1 10.31.255.254 10.31.255.255
Second 10.32.0.0 10.32.0.1 10.47.255.254 10.47.255.255
Third 10.48.0.0 10.48.0.1 10.63.255.254 10.63.255.255
...14th 10.224.0.0 10.224.0.1 10.239.255.254 10.239.255.255
Example 2
Problem: Given IP range of 129.50.x.x, and you have to create subnets for each state in the US.
1. You have a Class B address. Default mask is 255.255.0.0
2. 2
6
- 2 = 62, which is > 50 states. So we need to steal 6 bits from the host portion.
3. That means our subnet mask is 255.255.(128+64+32+16+8+4).0 = 255.255.252.0
4. Our host bits left are 10, so 2
10
- 2 = 1,024 hosts per net.
5. Our interval is 256 - 252 or 4. So we know the first network is 129.50.4.0!
Subnet
Subnet
Address
First useable IP
Address
Last useable IP
address
Broadcast
Address
First 129.50.4.0 129.50.4.1 129.50.7.254 129.50.7.255
Second 129.50.8.0 129.50.8.1 129.50.11.254 129.50.11.255
Third 129.50.12.0 129.50.12.1 129.50.15.254 129.50.15.255
...50th 129.50.200.0 129.50.200.1 129.50.203.254 129.50.203.255
...62nd 129.50.248.0 129.50.248.1 129.50.251.254 129.50.251.255
6. You have 12 subnets left over for expansions into Guam, Puerto Rico, and the US Virgin
Islands.
Example 3
Problem: You are a poor contractor, signed up for a great contract with the British Government to set
up 2 monitoring stations in each country in the whole world. You got the IP range of 222.100.42.x.
Can you do it with separate networks for each country?
1. You have a Class C address. Default mask is 255.255.255.0
2. 2
8
- 2 = 254, which is > 192 countries. So we need to steal 8 bits from the host portion.
3. That means our subnet mask is 255.255.255.(128+64+32+16+8+4+2+1) = 255.255.255.255
4. Our host bits left are 0, so no can do!
Problem: How about just the countries in Europe?
1. You have a Class C address. Default mask is 255.255.255.0
2. 2
6
- 2 = 62, which is > 44 European countries (as of this writing). So we need to steal 6 bits
from the host portion.
3. That means our subnet mask is 255.255.255.(128+64+32+16+8+4) = 255.255.255.252
4. Our host bits left are 2, so 2
2
- 2 = 2 hosts per net... just enough!
5. Our interval is 256 - 252 or 4. So we know the first network is 222.100.42.4!
Subnet
Subnet
Address
First useable
IP Address
Last useable
IP address
Broadcast
Address
Albania 222.100.42.4 222.100.42.5 222.100.42.6 222.100.42.7
Andorra 222.100.42.8 222.100.42.9 222.100.42.10 222.100.42.11
Austria 222.100.42.12 222.100.42.13 222.100.42.14 222.100.42.15
...Serbia/Montenegro 222.100.42.176 222.100.42.177 222.100.42.178 222.100.42.179
...62nd 222.100.42.248 222.100.42.249 222.100.42.250 222.100.42.251
6. You have 12 subnets left over for expansions into some of the Middle Eastern regions.
See, it's not that hard, once you think in binary. Some classes you take might ask you to think in HEX,
which is like having 10 fingers and using all the toes on one foot. They go 0,1,2,3...9 and then
A,B,C,D,E, and F for 10-15. "Hexadecimal" means "six and ten" or 16, which is 0-15 (remember,
computers always start with 0 when counting). In some of the old configs I have seen on Sun/Solaris
boxes, I have seen the netmask as ff.ff.ff.C0. That's really 255.255.255.192, because ff = 16 x 16
numbers, or 256, which is 0-255 in range.
And you now know what that is in binary, right? ;-)

Who is the author? Grig "Punkie" Larson is listed elsewhere on this site, but as of 2009, he's a
Systems Administrator at a major ISP in Maryland, with a LPIC Level 1, RHCT, and is a Network+
Certified fool. He failed his CCNA at 64%. Dooooh! Who wrote that goddamn test? Retarded
Elbonians? But that was in 2001. Time to stop living in the past. Maybe I'll get one in 2009.


IP Address / Route
Summarization Example
#2.
From the previous page, you must have know that IP route summarization can also be
referred to as
route aggregation. It helps reduce the number of routing entries in a router IP address
routing table for faster lookup of destination.




Let’s look at the example below:

Let’s try and summarize Network 10.1.0.0 through 10.5.0.0.

First, list everything into binary:





Firstly, to get the network address, follow and match the binary bits, starting on the
left and stop where the bits do not match from the example above.
Notice that the first octet are matched, the second octet has no matching bits on, so is
the third and last.
so, the summary IP will be 10.0.0.0 = Network address.

Finally, to work out the summary subnets mask; we match the 8 bits of the first octet
(see above) which is the network, and five matching zeros in the second octet which is
the subnet.

255.248.0.0

How did we get the 248…?

Remember the bits value = 128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0

You add the five bits values in the second octet from the left ; 128+64+32+16+8 = 248

How did we get /13…?

Count all the matching bits (see above) from the left up to the last matching
bit…kazam!...you get your CIDR .