dslreports logo


30.1 Quick subnet calculating techniques

Here's a few links to help you finally crack that puzzle which has plagued you since you started to learn networking:
Cisco's slant on subnetting
dpocoroba's contribution to the subnetting debate.

FAQ originated from this thread on dpocoroba's suggestion.

Introduction

You may wonder what subnetting is and its purpose. A loose understanding is the following. Subnetting is a process of partitioning a network into smaller (sub) independent network. The smaller network is called subnet.

Subnetting relates to a good network design. One aspect of a good network design is to optimize the IP addresses that you have. Don't let IP addresses unused or go wasted. This is true especially when you have to pay to have those IP addresses, or you have limited IP address range to work with.

The example of pay IP addresses is Public IP addresses that you retrieved from your ISP. You have to pay certain amount to have static IP addresses dedicated to you from your ISP. When you ask more IP from them, you have to pay more.

This FAQ of subnetting discussion will be only in a perspective of IP network version 4. Further, the discussion is trying to build a basis of understanding on how subnetting functionality plays fundamental part in IP network, especially in relation and/or application to IP routing and switching as part of communication ways in IP network, and to best-practice network design in general. Hopefully after reading this FAQ, readers can have better understanding and better appreciation of subnetting beyond a mere mathematics or beyond a certification test passing.

As with any learning process of new knowledge, there is no "cheating", meaning you need to understand the basics. There is some mention about binary number system (which you will find out soon) in regards of subnetting learning process. However unlike any other source, this FAQ tries to minimize the use of binary number system and tries to maximize the use of decimal number system which is more common among humans. The objective of this FAQ is to try to introduce you subnetting knowledge with less math to avoid dry reading and more on the "soul" of subnetting itself to embrace the essence.

Binary Number System (2-based Number System)

The most difficult part of understanding subnetting is probably the math (the calculation). As you can see from the links above, subnetting involves binary numbers. Yes, you are required to understand at least the basic of binary number system in order to understand subnetting process.

Binary number system is used by any computers based on their nature of "on" and "off" state. Unfortunately we humans are used to decimal number system, hence create a gap. This gap leads to some kind of confusion to those who are just learning networking and subnetting.

But no worries! There is an easier way to understand subnetting with less theory and more practical approach. The key is to keep using decimal number system with binary number system in mind.

Before we begin, you need to refresh your math on power. Following is an illustration.

2^0 = 1
2^1 = 2
2^2 = 2 x 2 = 4
2^3 = 2 x 2 x 2 = 8
2^4 = 2 x 2 x 2 x 2 = 16
2^5 = 32
2^6 = 64
2^7 = 128
2^8 = 256

Binary system number is based on power of two (2^n). This number system shows that you can only double the current number to have the next bigger number. This number system also shows that you can only halve the current number to have the previous number. The Binary system number hence introduces the concept of half-and-double size.

To explore further, check out the following table. On the table, note that the next bigger number is always double the size of the current number. From different approach, the previous number is always half size of the current number.

As you may see, there is no other way to have the next bigger number of the current number but to double size of current number. Similarly, there is no other way to have one smaller number of the current number but to halve size the current number. The interval between one number and the next or between one number and the previous is always based on the power of two. Keep in mind that this half-and-double size concept is the very basic of subnetting as you will later find out.


In terms of subnetting,

In terms of IP address quantity

Side Note:

Some people refer the xxx.xxx.xxx.xxx notation as octet (8-based number system). There are four octets in the notation. To separate the octets, there are dots between them. I call them 4-tuple octet.

For /24 to /32 subnets, the 1st three octets remain the same. The only octet that changes is the 4th octet (the last octet).

Subnet Mask

Subnetting always relates to something called Subnet Mask. Subnet Mask is the way an IP address represent which subnet it is under.

To show you how a subnet mask looks like, let's review the previous table.


As mentioned, there are octets separated by dots that I called 4-tuple octet. This 4-tuple octet is commonly known as Subnet Mask.

Another format of displaying subnet mask is by using CIDR (Classless Inter-Domain Routing) format. Where the 4-tuple octet format is shown on the above table rightmost column, the CIDR format is shown on the above table leftmost column. To clarify, check out following table.


Later you will find out that CIDR format is based on the subnet mask binary format where the number behind the / represents how many bits are set to 1 (one) contiguously from the left. You will also learn this relationship between subnet mask and IP address quantity within the subnet from the subnet mask binary format.

As a note, the CIDR format subnet mask as shown is known as prefix. The higher the number, the prefix is called longer prefix. The lower the number, the prefix is called shorter prefix. As an illustration, a /26 is a shorter prefix than /28 but is a longer prefix than /24.

Now let's see how a subnet mask determine the fitting in of an IP address into a subnet.

Example #1

IP Address: 192.168.0.4
Subnet Mask: /31 (255.255.255.254)

From the table above, /31 informs that there is a network that consists of two IP addresses; 192.168.0.4 and 192.168.0.5. The 192.168.0.4/31 is then 1st IP address of the network.

Example #2

IP Address: 192.168.0.4
Subnet Mask: /30 (255.255.255.252)

Refer to the table, /30 shows that there is a network that consists of four IP addresses; 192.168.0.4 to 192.168.0.7. The 192.168.0.4/30 is then 1st IP address of the network.

Example #3

IP Address: 192.168.0.4
Subnet Mask: /29 (255.255.255.248)

Using the above table, /29 reflects that there is a network that consists of eight IP addresses; 192.168.0.0 to 192.168.0.7. The 192.168.0.4/29 is then 5th IP address of the network.

Example #4

IP Address: 192.168.0.4
Subnet Mask: /32 (255.255.255.255)

Based on the above table, /32 points that there is a network that consists of a single IP address; 192.168.0.4. The 192.168.0.4/32 is then 1st and the last (the only) IP address of the network.

What IP Address Represents in IP Network

In general, an IP address represents a machine within certain IP network. This machine can be any machine that understand IP address such as PC, printer, server, router, firewall, X-Box, and Playstation. In networking term, such machine is sometimes called a host.

When a host (let's say Host A) in IP network needs to communicate with other host of some IP network (let's say Host B), then Host A uses its IP address to communicate with Host B. This communication is a two-way communication, meaning there should be a reply communication from Host B to A. Host B in this communication back to A also uses its IP address.

What Subnet Mask Represents in IP Network

In general, a Subnet Mask represents how large an IP network is. From subnet mask of specific IP address, you can tell the following

* Number of IP address within the subnet
* Number of IP address available for host
* IP Address range of the subnet

Later on, you can also tell the following from subnet mask of specific IP address

* The first IP address within the subnet (called Network ID IP address)
* The last IP address within the subnet (called Broadcast IP address)

In terms of IP network communication between two hosts say Hosts A and B, A can tell if itself is within the same network as B or not just by checking itself IP address and subnet mask. On later discussion, you will see how this ability plays important part in IP network communication.

Number of IP Address Within A Subnet

By referring to the previous table, let's say you have the following
* 192.168.0.0/32

Based on the above, you should be able to tell the following
IP Address: 192.168.0.0
Subnet Mask: /32 (255.255.255.255)
Number of IP address within the subnet: 1
Number of IP address available for host: 1
IP Address range: 192.168.0.0

When you have the following
* 192.168.0.0/31

then you should be able to tell the following
IP Address: 192.168.0.0
Subnet Mask: /31 (255.255.255.254)
Number of IP address within the subnet: 2
Number of IP address available for host: 2
IP Address range: 192.168.0.0, 192.168.0.1

Similar result with the following
* 192.168.0.0/29

IP Address: 192.168.0.0
Subnet Mask: /29 (255.255.255.248)
Number of IP address within the subnet: 8
Number of IP address available for host: 8
IP Address range: 192.168.0.0, 192.168.0.1, ..., 192.168.0.6, 192.168.0.7

As a note that when the available IP address is implemented into machine or host, then there are the following understanding. The first example shows that the 192.168.0.0/32 network can hold single host with IP address of 192.168.0.0. The second example shows that 192.168.0.0/31 network can hold two hosts with IP address of either 192.168.0.0 or 192.168.0.1. The third example shows that 192.168.0.0/29 network can hold eight hosts with IP address of either 192.168.0.0, 192.168.0.1, ..., 192.168.0.6, or 192.168.0.7.

For a list of host number certain network can hold, refer to the following


The Size Doubling and Subnetting

Referring to the previous examples, you may wonder how to create such table that shows specific IP address belongs to specific order number of a network or to determine the IP address range available for host by just looking at the subnet mask. Following is the break down.

To describe, let's start with 192.168.0.0/24 network. Referring to the above host IP address availability table, note that 192.168.0.0/24 network consists of 256 IP addresses; from 192.168.0.0, 192.168.0.1, 192.168.0.2, ...., 192.168.0.254, to 192.168.0.255.

In this following illustration, you can see the 192.168.0.0/24 as a long piece of wood where each end represents the 1st and the last IP addresses; 192.168.0.0/24 and 192.168.0.255/24 respectively.


By breaking the long piece of wood of a /24 into two pieces of equal size, there are pieces of the 1st half and the 2nd half.

Since the /24 network is 192.168.0.0/24, the two /25 networks off the /24 network are 192.168.0.0/25 (1st half) and 192.168.0.128/25 (2nd half). The 1st half, 192.168.0.0/25 network, consists of 128 IP addresses; from 192.168.0.0, 192.168.0.1, ...., to 192.168.0.127. The 2nd half, 192.168.0.128/28, consists of also 128 IP addresses; from 192.168.0.128, 192.168.0.129, ...., to 192.168.0.255. Note that when you break up a /24 network into two equal sub-networks, you have two /25 networks as shown in following illustration.


In other words, a /24 network is double the size of /25 network and /25 network is half the size of /24 network.

By applying similar concept, breaks up a /25 network into two equal-size networks gives you two /26 networks. In other words, a /25 network is double the size of /26 network and /26 network is half the size of /25 network as the following description shows.

Using the long piece of wood illustration, each piece of wood of a /25 breaks into two pieces of equal size. Therefore the original long piece of wood of a /24 now becomes four pieces of equal size. Let's call these four pieces as 1st, 2nd, 3rd, and 4th quarter respectively.

You now have four /26 networks when you break up a /24 network into four equal-size networks. Each of the four /26 networks consists of 64 IP addresses. Since the /24 network is 192.168.0.0/24, then the four /26 networks off the /24 network are 192.168.0.0/26 (1st quarter), 192.168.0.64/25 (2nd quarter), 192.168.0.128/26 (3rd quarter), and 192.168.0.192/26 (last quarter).

Following is the illustration.


The same logic continues where /26 network is double the size of /27 network (or /27 network is half size of /26 network) and /31 network is double the size of /32 network (or /32 network is half size of /31 network).

To sum up the understanding, following shows how larger subnet size correlates to smaller subnet size.

/24 = 2 x /25 = 4 x /26 = 8 x /27 = 16 x /28 = 32 x /29 = 64 x /30 = 128 x /31 = 256 x /32

How did this half-and-double size concept come form? Let's review the previous table to find the answer.


Note that the concept of half-and-double size is based on the binary system where you can only double the network size or break up the subnet into two equal size of smaller networks as shown on previous table. As mentioned earlier, the interval between one number and the next or between one number and the previous is always based on the power of two; which introduces the very basic of subnetting logic.

Using the same logic as presented, let's recap. Subnetting /24 network into

* 2 equal network size makes 2 of /25 networks
* 4 equal network size makes 4 of /26 networks
* 8 equal network size makes 8 of /27 networks
* 256 equal network size makes 256 of /32 networks

When the /24 network is 192.168.0.0/24, then following are how the smaller subnets look like.

The four /26 networks:

1. 192.168.0.0/26

IP Address: 192.168.0.0
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.0, 192.168.0.1, ...., to 192.168.0.63

2. 192.168.0.64/26

IP Address: 192.168.0.64
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.64, 192.168.0.65, ...., to 192.168.0.127

3. 192.168.0.128/26

IP Address: 192.168.0.128
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.128, 192.168.0.129, ...., to 192.168.0.191

4. 192.168.0.192/26

IP Address: 192.168.0.192
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.192, 192.168.0.193, ...., to 192.168.0.255

The thirty two /29 networks


If let's say you only need nine subnets off 192.168.0.0/24, then following are the considerations.

* All subnets are in equal size
* Subnet quantity are only in two-power form which are 2 (as of 2 x /25), 4 (as of 4 x /26), 8 (as of 8 x /27), 16 (as of 16 x /28), and so on
* Nine is higher than 8 and is lower than 16
* To accommodate the nine subnets, then you can consider the 16 of the /28 subnet size
* You could then take the 1st nine subnet out of the 16 subnets available
* The nine subnets you take are 192.168.0.0/28, 192.168.0.16/28, 192.168.0.32/28, 192.168.0.48/28, 192.168.0.64/28, 192.168.0.80/28, 192.168.0.96/28, 192.168.0.112/28, and 192.168.0.128/28

Octet and Subnet Calculating

As you may notice, IP address and subnet mask are presented in form of octet (the xxx.xxx.xxx.xxx). There are four octets on both IP address and subnet mask representation, where dots are used to separate one octet from another.

In math, octet can be seen as "summary" of binary numbers. This is one of key in easy subnet calculation using decimal number system with binary number system in mind.

Another key to such easy subnet calculation is utilizing the octet. Start working from the last octet and work up the one previous octet when necessary. In calculating IP address within /24 subnet or smaller for example, note that only the last octet is changing as mentioned previously. When you calculate subnet larger than /24, you will then consider the 3rd octet (and the rest) as necessary.

Specifically with /25 or smaller subnet, you need to calculate starting from /24. In other words, you should see the /25 or smaller subnet as part of larger /24 network. Any /25 or smaller subnet calculation must refer to the larger /24 network, or in other word, must refer to the last octet.

Here is illustration. Let's say you are given 192.168.0.67/28 network. You need to determine the following

* range of IP addresses within the subnet
* order number of 192.168.0.67 IP address within the subnet

You start by seeing 192.168.0.67/28 as part of larger 192.168.0.0/24 network. In other words, you have to start calculating from 192.168.0.0 IP address (the 1st IP address) to create a list of smaller /28 networks off a larger /24 network.

Referring to the previous table, /28 = 2^4 = 16 IP addresses. Therefore the 1st /28 should be the following


The remaining /28 network should be the following


which makes up the entire 192.168.0.0/24 network.

By referring to the 1st IP address of each /28 subnet, you present those subnets as follow


Later on, you will learn that the 1st IP address as the reference is called Network ID.

Recall the question of finding the IP address range of 192.168.0.67/28. Referring to the above table, you see that 192.168.0.67 is between 192.168.0.64 and 192.168.0.79 or within 192.168.0.64/28. Therefore the IP address range is 192.168.0.64 - 192.168.0.79, where the 192.168.0.67 is the 4th IP address.

Note:
Since there are 16 IP addresses within one subnet, you can add 16 to the 4th octet of 1st IP address of the subnet to find out the next 1st IP address of the next subnet; while the 1st three octets are constant. Illustration as follows.


Later you will learn how to find such specific subnet quickly using some tips and tricks.

Group of Multiple Single IP addresses or subnets

Let's review the previous 192.168.0.0/28 network illustration. As noted, you can create a list of /28 networks to make up a larger 192.168.0.0/24 network.

When you see such from the other way around, you have a concept of seeing a Class C network (full /24) as either groups of single IP addresses (256 of /32 subnets) or groups of smaller subnets. In the previous 192.168.0.0/28 network illustration, the 192.168.0.0/24 can be seen as groups of smaller /28 subnets (16 of /28 subnets).

Following is a list of smaller subnet groups to make up the entire Class C network
/24 = 2 x /25 = 4 x /26 = 8 x /27 = 16 x /28 = 32 x /29 = 64 x /30 = 128 x /31 = 256 x /32
/25 = 2 x /26 = 4 x /27 = 8 x /28 = 16 x /29 = 32 x /30 = 64 x /31 = 128 x /32
/26 = 2 x /27 = 4 x /28 = 8 x /29 = 16 x /30 = 32 x /31 = 64 x /32
/27 = 2 x /28 = 4 x /29 = 8 x /30 = 16 x /31 = 32 x /32
/28 = 2 x /29 = 4 x /30 = 8 x /31 = 16 x /32
/29 = 2 x /30 = 4 x /31 = 8 x /32
/30 = 2 x /31 = 4 x /32
/31 = 2 x /32

Supernetting

As noted on previous discussion, you can create a list of /28 networks to make up a larger 192.168.0.0/24 network. When you combine the entire /28 networks, the result is the basically the same as the 192.168.0.0/24 network.

Now let's say you have 32 of 192.168.0.x/29 networks as follows.


Note that 192.168.0.0/24 covers the same IP addresses as the 32 of 192.168.0.x/29 networks (remember, /24 = 32 x /29). When you present the 32 of 192.168.0.x/29 to the same device or audience, you have a choice to present them in the form of 192.168.0.0/24. In this case, you combine the whole 32 of 192.168.0.x/29 to become larger 192.168.0.0/24 network. This combining process is called supernetting. The result network is called supernet.

Let's review another illustration. This time you have four /30 networks; 192.168.0.0/30, 192.168.0.4/30, 192.168.0.16/30, and 192.168.0.20/30. You then have the following IP address ranges

192.168.0.0/30 = 192.168.0.0 - 192.168.0.3
192.168.0.4/30 = 192.168.0.4 - 192.168.0.7
192.168.0.16/30 = 192.168.0.16 - 192.168.0.19
192.168.0.20/30 = 192.168.0.20 - 192.168.0.23

In simpler form, you have the following IP address ranges

192.168.0.0 - 192.168.0.7 = 192.168.0.0/29
192.168.0.16 - 192.168.0.23 = 192.168.0.16/29

You then have a choice to supernet the four /30 networks to become two larger /29 networks.

Note that you cannot supernet the four /30 networks to become a single larger /27 network of 192.168.0.0/27. Following is the reason.

192.168.0.0/27 = 192.168.0.0 - 192.168.0.31

You don't have the following range

192.168.0.8 - 192.168.0.15 (= 192.168.0.8/29)
192.168.0.24 - 192.168.0.31 (= 192.168.0.24/29)

Therefore to supernet the four /30 networks, you only have a choice to have two larger /29 networks.

A good thing of supernetting is summary without losing details. In network device perspective, dealing with supernetting means conserving resources such memory and CPU utilization.

Discussion

»[HELP] Why use the no auto-summary command for EIGRP

Broadcast Network

A loose understanding of broadcast network is a network that consists of multiple IP addresses (multiple machines). Example of broadcast network are Ethernet and Token Ring network. Following is illustration.

Ethernet


Token Ring


Since there are multiple IP addresses within the network, there must be a mechanism to properly select communication partner IP address when one IP address need to communicate with other IP address within the network.

The mechanism is called broadcast. This broadcast mechanism requires the communication partner IP address (the Layer 3 info) or the communication partner MAC address (the Layer 2 info) before starting the mechanism.

To find its communication partner within a broadcast network, one IP address broadcasts its communication partner IP address and expect to receive a reply from the partner with its MAC address. Once the IP address receives its communication partner MAC address, it starts to communicate with its partner using MAC address.

Network ID and Network Broadcast IP Addresses

In broadcast network, there is a need to send broadcast to find either IP address of specific MAC address, or to find MAC address of specific IP address. This process to find MAC address of an IP address is called ARP (Address Resolution Protocol) where RARP (Reverse ARP) is the process to find an IP address of known MAC address.

To broadcast, the network utilizes an IP address. This IP address is called broadcast IP address. In a subnet, usually the broadcast IP address is the last IP address.

As example, the broadcast IP address of 192.168.0.0/29 subnet is the 192.168.0.7/29.

In broadcast network, there is also a term called Network ID. Network ID is an IP address that is used to identify specific subnet. In a subnet, usually the network ID is the 1st IP address.

An illustration is that the network ID IP address of 192.168.0.8/29 subnet is the 192.168.0.8/29.

Normally Network ID and Network Broadcast IP addresses are not allowed to be used by hosts in broadcast network since such IP addresses are reserved for ARP/RARP processes. When there is a special situation as you find out later on, the Network ID and Network Broadcast IP addresses could be usable by hosts.

Subnet Zero; Network ID and Network Broadcast Subnets

Let's review the previous 192.168.0.0/28 subnet table


Similar to the concept of Network ID and Network Broadcast IP addresses, Network ID subnet is the 1st subnet and Network Broadcast subnet is the last subnet. On the previous table,


As a note, Subnet Zero itself refers to the subnet of all 0 and/or subnet of all 1 in binary system perspective. In other words, Subnet Zero refers to the Network ID (the all 0) and Network Broadcast (the all 1) subnets.

In the beginning of subnetting technology, using Network ID (or Subnet Zero) and Network Broadcast subnets are not allowed with similar reason of not allowing Network ID and Network Broadcast IP address usages. With newer technology, it is now permitable to use the Network ID and Network Broadcast subnets for host IP address assignments.

On today's network, most network are Subnet Zero applicable. When you have to assign IP addresses and/or subnet on today's network, most of the time Subnet Zero usage is assumed. However it is always a good idea to confirm if Subnet Zero is permitable to use or not on specific network.

Broadcast and Point-to-Point Networks

Network ID and broadcast IP addresses usually exist in broadcast network. As mentioned earlier, network ID and broadcast IP addresses are used to find IP address within the broadcast network to be able to have one IP address to communicate to the IP address in question.

Beside a broadcast network, there is also a point-to-point network. Unlike broadcast network where there are multiple IP addresses, point-to-point network only consists of two IP addresses.

Here is an illustration

Broadcast Network


Point-to-Point Network


In a point-to-point network, there should be no need to use network ID and broadcast IP addresses in terms of ARP/RARP process. When one IP address needs to communicate with other IP address, the one IP address no need to select its communication partner using ARP/RARP since the other IP address must be the one that needs to be communicated with.

Note that when someone says broadcast network, the person usually means that the network consists of more than two IP addresses. It is possible however to have broadcast network consisting of only two IP addresses. If a broadcast network only consists of two IP addresses, it is basically point-to-point network. In other words, point-to-point network is part, subnet, or special form of broadcast network.

When you have a broadcast network that consists only two IP addresses, you then have a choice to keep it as broadcast network or convert it to a point-to-point network.

Following is an illustration. Let's say we have 192.168.0.0/30 network. The network is a broadcast network. The network ID is 192.168.0.0/30 and network broadcast is 192.168.0.3/30.

In a broadcast network, the actual IP addresses that can be the host's IP addresses are the remaining after IP addresses reserved for network ID and network broadcast. In 192.168.0.0/30 network, the available IP addresses that can be the host's IP addresses are 192.168.0.1 and 192.168.0.2.

Elaboration:


As you can see, there are only two actual IP addresses within 192.168.0.0/30; the 192.168.0.1 and 192.168.0.2. Therefore this broadcast network is somewhat point-to-point network. You then have an option to convert the network to be point-to-point network.

Should you decide to convert, then you can subnet 192.168.0.0/30 into two /31 networks; one is 192.168.0.0/31 and another is 192.168.0.2/31. You can use 192.168.0.0/31 for these two hosts to communicate with each other. You can then keep the 192.168.0.2/31 for future use should you have more point-to-point network.

Here is the breakdown

* Subnet 192.168.0.0/30 into 2 equal network size makes 2 of /31 networks
1. 192.168.0.0/31 = 192.168.0.0, 192.168.0.1
2. 192.168.0.2/31 = 192.168.0.2, 192.168.0.3

* Use 192.168.0.0/31 and keep 192.168.0.2/31 for future use

* Convert hosts' interface to be point-to-point network member from broadcast network member

* Assign 192.168.0.0 with /31 subnet mask to one host and assign 192.168.0.1 with /31 subnet mask to another host

The /30 subnet as a note has been a common way (industry standard of practice) of assigning point-to-point network. When you are ordering static IP address for your new business-grade Internet circuit (i.e. T1 or Ethernet) let's say, you may receive two forms of subnets; WAN (point-to-point network) as /30 subnet and LAN (broadcast network) as /29 or larger subnet. Ordering static IP address from some broadband company however (i.e. DSL or Cable Internet), you may receive only the LAN subnet.

Subnetting from Binary-Number System Perspective

* Wildcard

Let's review the following tables

Subnet mask in their octet and binary form


Host quantity available within specific subnet


As illustration, let's review 192.168.0.0 subnetting process and host quantity availability within as follows

You may notice that the IP Address available within the subnet are within the range of its 0 (zero) bit of the binary form. In other words, the 0 (zero) bit of the binary form (or the last octect of the 4-tuple octet format) represents a set of possible number of the last octet of the subnet. Following is the illustration.


With similar understanding, the 1 (one) bit of the binary form represents a set of "fixed" number while the 0 (zero) bit represents a set of "changing" number. From the 4-tuple octet format perspective, the first three octets are "fixed" while the last octet "changes". This "changing" number as mentioned can be any number, depending on how large the subnet is. As illustration, the changing number can be ranging from 0 to 127 when the subnet is /25 size; and the changing number can be ranging from 0 to 31 when the subnet is /27 size.

Since this "changing" number varies (could be any number), often the changing number is called wildcard. Note that this understanding of wildcard is essential when you delve into Wildcard Subnet Mask as discussed in the following FAQ.

»Cisco Forum FAQ »Quick and Easy Wildcard (Inverse) Subnet Mask

Some Tips and Tricks

1. Quickly Convert CIDR Format To Dotted 4-Tuple Octet Format

Let's review the following CIDR and dotted 4-tuple octet format comparison

/32 = 255.255.255.255
/31 = 255.255.255.254
/30 = 255.255.255.252
/29 = 255.255.255.248
/28 = 255.255.255.240
/27 = 255.255.255.224
/26 = 255.255.255.192
/25 = 255.255.255.128
/24 = 255.255.255.0

As mentioned, the 1st three octet in the dotted 4-tuple always stays the same in /24 and longer prefix. In other word, only the last octet changes.

Also mentioned, there is only one IP address within /32 CIDR. The next bigger subnet size is always double of the current subnet size. In other words, there are two IP addresses within /31 CIDR (double of 1 in /32 CIDR). Following is the table


Now let's only consider the last octet on the dotted 4-tuple format. Also keep in mind the IP address amount availability within each subnet. Note the change on the last octet in the following table


The subtraction result is always the last octet next number. You can apply this to convert CIDR format to dotted 4-tuple format quickly.

Let's say you have /26 CIDR subnet mask and you need to know how the subnet mask looks like in the dotted 4-tuple format.

Start with the longest prefix, which /32 CIDR. Here are the key points.

* The /32 always match with 255 of the last octet on the dotted 4-tuple
* To convert /24 CIDR or longer prefix to the dotted 4-tuple, only consider the last octet
* In /24 CIDR or longer prefix (within Class C), the 1st three are octet always the same; which is 255
* /32 only has one IP address
* The next bigger subnet has always double size of current subnet

Using these knowledge, you can start creating your own build-up table as follows.


Referring to the build-up table, you know now that /26 CIDR is equal xxx.xxx.xxx.192
Since the 1st three octet are always 255; then the dotted 4-tuple format equivalent to /26 CIDR is 255.255.255.192

2. Quickly Find How Many IP Address Within Specific Subnet

For the next tip, let's review the following. Say you have 255.255.255.224 subnet mask and you need to know how many IP addresses within the subnet.

You may notice that in dotted 4-tuple format, the 255 is the last number within 256 range; where 0 (zero) is the 1st number. As a note, the 256 range is based on 8-bit system; hence it is called octet (the 8-bit numbering system).

Let's review the following table


Referring to the table, you know now that there are 32 IP addresses within the 255.255.255.224 subnet mask.

3. Reverse Bit Correlation Between Subnet Mask and Number of IP Address

Let's review the previous table. Note that the sum between the octet and number of IP address is always equal to 256, which is the range within octet. In the binary format, this is seen as a reverse correlation between subnet mask and IP address number. In other words, the subnet mask is always the reverse bit of the IP address number from binary format perspective.

Following is an illustration. Say you have a full Class C network. You like to subnet the network into /29 CIDR network. You like to know how many /29 subnet will be and how many IP addresses within each /29 subnet.

The full Class C network is /24 CIDR (255.255.255.0). To subnet the /24 into /29, the last octet will change while the 1st three octets are constant.

Let's focus on the last octet. Keep in mind that octet is an 8-bit binary. In binary format, this is how subnet mask looks like


From the table, you can see that the 1st 24 bit are set to 1 (one) and the remaining bit are set to 0 (zero) on /24 CIDR. On the /29, the 1st 29 bit are set to 1 and the remaining bit are set to 0. As you may realize, the set-to-one bits are the basis of CIDR format since the number behind the / shows how many contiguous bits are set to 1 (one) from the left.

Let's take the last octet (the last 8-bit) of the /29 CIDR

11111000

The reverse bit is

00000111

As you may notice,


The 248 represents the last octet of the /29 subnet mask and the 8 represents the number of IP addresses within the /29 subnet.

Since you are subnetting /24 into /29, then you only consider the last octet. From the last octet perspective, the 1st five bits are set to 1. As mentioned, the set-to-one bits represents the subnet mask and the set-to-zero bits represents the IP address number within the subnet.

To find out the subnet mask quantity from the last octet perspective,

* take the number of bits that are set to 1; which is five
* take this five as the power of 2 as 2^5
* 2^5 = 32

This 32 represents the quantity of /29 subnet that you will have when you subnet /24 network into /29 network.

To find out the IP address quantity within each /29 subnet from the last octet perspective,

* take the number of bits that are set to 0; which is three
* take this three as the power of 2 as 2^3
* 2^3 = 8

This 8 represents the quantity of IP address that you will have within each /29 subnet.

Note:
This subnet mask reverse bit is the foundation of wildcard (inverse subnet mask) understanding. Check out following FAQ for further info.

»Cisco Forum FAQ »Quick and Easy Wildcard (Inverse) Subnet Mask

When you deal with broadcast network, then you must reserve one IP address (the 1st one, the all zero) for Network ID and reserve another IP address (the last one, the all one) for Network Broadcast. With the /29 subnet, then there are 6 usable IP addresses (8 - 1 for Network ID - 1 for Network Broadcast) for hosts.

There is a similar situation with the subnet quantity. Note that so far the assumption is that you can use Subnet Zero, which are the 1st (the all zero, Network ID) and last (the all one, Network Broadcast) subnets. When you cannot use Subnet Zero, then there are only 30 usable subnets (32 - 1 for Network ID - 1 for Network Broadcast) for hosts when you subnet /24 into /29 network.

4. Quickly Determine Specific Subnet Range

Let's review the previous illustration of subnetting /24 into /29 network. This time you like to see what the 23rd subnet looks like or what the 23rd subnet range is when the /24 network is 192.168.100.0 network.

Since this is subnetting /24 into longer prefix, you only need to focus on the last octet; where the 1st three octet are constant.

To quickly determine the subnet range is, you can use the following formula to determine the last octet of the Network ID number (the 1st number within the last octet).

Last Octet Network ID number of the n-th subnet = (n - 1) x Number of IP addresses within the subnet

Once you have the Network ID number, you can add that number by (Number of IP addresses within the subnet - 1) to have the Broadcast ID number (the last number within the last octet).

At this point, you should have the 1st and the last number within the last octet. In other words, you now have the subnet range which shows you the 1st and the last IP addresses.

Following is the illustration with the 192.168.100.0/24 subnetting into /29 networks.

As mentioned, there are 8 IP addresses within /29 network. Since you like to know what the 23rd subnet range is, then the n = 23.

To find out the last octet Network ID number,

(23 - 1) x 8 = 176

To find out the last octet Network Broadcast number,

176 + (8 - 1) = 183

Therefore the 23rd /29 subnet range is

192.168.100.176 - 192.168.100.183 = 192.168.100.176/29

where


As you may notice, the (n - 1) part shows that the formula assumes you use Subnet Zero. The formula is therefore alterable easily when Subnet Zero is not in use.

5. Convert Dotted 4-Tuple Subnet Mask Format Into CIDR Format

Let's say you have 255.255.255.192 subnet mask. You like to know how the subnet mask looks in CIDR format.

As mentioned, CIDR format is based on the binary format. Therefore you need to use binary to convert. Don't worry! As usual, there is always use of minimal binary calculation :)

Following are the steps when deals with /24 subnetting.

* Determine IP address quantity within the subnet
* Find out n where 2^n = IP address quantity within the subnet
* Subtract 8 by n
* Take the subtraction result as additional set-to-one bits to the 1st 24 bits set to one
* Add the total number of bits set to one
* This total number represents the CIDR format

Let's use an illustration to convert the 255.255.255.192 into CIDR format. When you build up your own table (or memorize it), you know there are 64 IP addresses within 255.255.255.192 subnet mask.

Find out n where 2^n = 64

By simple calculation (and probably some trial and error), you find that n = 6

Recall the previous discussion that the n = 6 represents the six set-to-zero bits within the last octet. Since there are only 8 bits within a single octet, the set-to-one bit quantity within the last octet are two. In other word, subtract 8 by 6 to have 2.

From the same discussion, recall that 255.255.255.0 network has the 1st 24 bits set to one where the remaining 8 bits are set to zero. In 255.255.255.192, there are additional 2 set-to-one bits within the last octet as you earlier find out. Therefore 255.255.255.192 network has the 1st 26 bits set to one (24 + additional 2) where the remaining 6 bits are set to zero.

Since CIDR format bases on the 1st set-to-one bits, the 255.255.255.192 subnet mask is equal to /26 CIDR.

Subnetting and Network Design

The simpler approach on how to be more familiar with subnetting is probably by doing a network design. There will be three network design processes presented here to illustrate subnetting concept and implementation further.

In representing the network design, there are terms and definitions used as follow.

* Internet
Internet is loosely definied as network outside of local and/or private network.

* IP Network
IP Network is a network that is based on IP addresses and subnets.

* Same Network
Same Network is a network that is shared between multiple hosts. These hosts reside within the same range of network. In other words, all host share the same Network ID and Broadcast IP addresses. As example, a network of 192.168.0.0/25 that hosts multiple machines with the same Network ID IP address of 192.168.0.0 and Broadcast IP address of 192.168.0.127

* Different Network
Different Network is a network that has a different Network ID and different Broadcast IP addresses compared to other IP network. As example, there are two networks of 192.168.0.0/25 and 192.168.0.128/30 where the first network has Network ID IP address of 192.168.0.0 and Broadcast IP address of 192.168.0.127 and the second network has Network ID IP address of 192.168.0.128 and Broadcast IP address of 192.168.0.131

* Router
Router is pretty much a host with special functionality. This special functionality is to provide interconnection between hosts of multiple subnets. Therefore a router is a network device that interconnect multiple subnets for communication purposes between hosts in different subnets. Since router deals with subnet interconnection, it is seen as Layer-3 network device.

In later illustration, you will see that IP network interconnection is needed when hosts in different network need to communicate between each other. Router provides this IP network interconnection mechanism.

* (Router) Interface
Router Interfaces or simply Interface is a router port that serve as entry and/or exit point to interconnect multiple subnets. When this Interface has IP address, the IP address is seen as an IP address of a host within specific subnet. From multiple subnet interconnection perspective, you will see that this IP address serves as next hop to reach destination subnet or subnet outside local subnet. Since the IP address serves as next hop to reach subnet outside local subnet, it can be used as default gateway to reach those outside subnets.

* Switch
Switch is a network device that connect hosts within the same network. Since switch deals only with host connection of the same network, it is seen as Layer-2 network device and does not by default deals with Layer-3 info such as IP address and subnet mask.

In later illustration, you will see that IP network interconnection is not needed when hosts in the same network need to communicate between each other. Instead, the hosts just use Layer-2 communication mechanism which is the MAC address as described briefly in Network ID and Network Broadcast IP Addresses previous discussion.

Confused about those terms and definitions? Don't worry. Keep reading and slowly but surely those terms and definitions come in to your understanding naturally. :)

Network Design #1

Let's say you have the following situation. There are three different departments that need access within each other and the Internet. Each department has currently 10 hosts total in form of 7 PC, 2 servers, and 1 printer.

To setup the network, you are supplied with one router with 4 interfaces and three switches. Following is the network setup.


where each switch is dedicated for each department.

Let's say you are given a Class C subnet of 192.168.0.0/24 to support the entire network.

Since there are multiple hosts within the entire organization, the network type choice is a broadcast network. It is also decided that each department would have independent subnet. To interconnect departments and to allow Internet access, there will be IP routing mechanism for subnet inter-communication.

Referring to the host IP address availability table, the closest subnets for 10 hosts are /29 and /28. /29 subnet size is 8, which won't fit 10 hosts. For 10 hosts, the smallest subnet size that fit would then be the /28 with some (yet) unused IP addresses.

In /28, there are 16 IP addresses. Assuming two IP addresses are already reserved as the network ID and broadcast addresses, then there are 14 remaining IP addresses for host.

Since there are 10 hosts for each department, then there would be dedicated /28 subnet for one of each.

You can then assign the following subnet for each department

1st Department: 192.168.0.0/28 (192.168.0.1 - 192.168.0.14)
2nd Department: 192.168.0.16/28 (192.168.0.17 - 192.168.0.30)
3rd Department: 192.168.0.32/28 (192.168.0.33 - 192.168.0.46)

Note that this process of determining subnet mask of certain network to fit specific need of certain number of host within the network is called Variable-Length Subnet Masking (VLSM). By subnetting a larger network into smaller networks with certain host size the network can hold, there should be minimal to no waste of IP address use.

As in any network, there is no point of creating VLSM to reserve IP address use without some kind of mechanism to provide communication between these smaller-size networks. In other words, there must be some (IP) routing in place for inter-communication between networks or between device in different network such as inter-communication between devices in 1st, 2nd, and 3rd departments.

In routing technology, there is a network device that act as a gateway to reach outside network. In other words, this gateway device should be able to handle traffic routing between networks. The perfect device to handle the routing is the router. Therefore the router should handle the gateway IP address.

Since each subnet has its own gateway IP address, then each subnet requires dedicated router interface to handle gateway business. Note that there are four networks that need to intercommunicate. The 1st three networks are the 1st, 2nd, and 3rd Departments (192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28 respectively). The last network is the Internet. Each of these networks requires dedicated router interface to act as the gateway to handle gateway business of reaching outside network.

This gateway in IP network shows as just another host within certain network. Therefore there would be one IP address from each above subnet reserved for the gateway.

Let's say then
1st Department gateway IP address: 192.168.0.14/28
2nd Department gateway IP address: 192.168.0.17/28
3rd Department gateway IP address: 192.168.0.37/28

Now each subnet has 13 IP addresses available remaining. These should be available for all hosts within each department.

1st Department host IP addresses: 192.168.0.1 - 192.168.0.13
2nd Department host IP addresses: 192.168.0.18 - 192.168.0.30
3rd Department host IP addresses: 192.168.0.33 - 192.168.0.36, 192.168.0.38 - 192.168.0.46

As mentioned, there is only one router for the entire organization network. Fortunately, this router has 4 different interfaces with routing capabilities. You can then have each router interface to handle gateway IP address of each department and to reach the Internet.

Let's say Switch #1 is dedicated for 1st Department, Switch #2 is dedicated for 2nd Department, and Switch #3 is dedicated for 3rd Department. Therefore the following applies to all hosts that connect to the respective switch.

Switch #1:
IP address range: 192.168.0.1 - 192.168.0.14
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.14

Switch #2:
IP address range: 192.168.0.17 - 192.168.0.30
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.17

Switch #3:
IP address range: 192.168.0.33 - 192.168.0.46
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.37

Let's take closer look to 1st Department's hosts. One host will have the following.

192.168.0.2/28

Here is the detail subnet info


The table leads to these understanding.

* 192.168.0.0 is reserved for Network ID

* 192.168.0.15 is reserved for Network Broadcast

* 192.168.0.14 is reserved for gateway (the router, or to be precise; the router interface that acts as gateway dedicated for hosts within 192.168.0.0/28 to reach outside network such as the other 192.168.0.x hosts and the Internet)

* 192.168.0.1 - 192.168.0.13 range is available for the PCs, servers, printers, and any network device within the 1st Department that need network connectivity

* When you set network info on (let's say) a server, the server network info would be the following.

IP Address: 192.168.0.2 (or any IP address within 192.168.0.1 - 192.168.0.13 range)
Subnet Mask: /28 (255.255.255.240)
Gateway: 192.168.0.14 (pointing to the router)

Similar situation applies to other hosts within 2nd and 3rd Departments.

2nd Department

192.168.0.28/28


3rd Department

192.168.0.41/28


The router will have the following IP address assignment.

1st interface
IP Address: 192.168.0.14
Subnet Mask: 255.255.255.240

2nd interface
IP Address: 192.168.0.17
Subnet Mask: 255.255.255.240

3rd interface
IP Address: 192.168.0.37
Subnet Mask: 255.255.255.240

where the router's 1st interface will act as the gateway of the 1st Department's hosts, 2nd interface will act as the gateway of the 2nd Department's hosts, and 3rd interface will act as the gateway of the 3rd Department's hosts respectively.

As mentioned, hosts within all department need to reach other hosts that reside at outside world (i.e. the Internet). These outside world hosts do not reside within 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28. To connect to the outside world, the router must have ability to reach subnets that are not within 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28.

To set the router to have such ability, there are multiple ways. One way is to define each and every subnet available within the outside world. When the router is running BGP peering with ISP and receive full BGP table, the router then has all of these outside world subnets defined.

Another way to set the router is to define the gateway. As mentioned, the gateway should be device that has ability to do routing. In addition, this device must have knowledge on how to reach those outside subnets.

The perfect choice is the ISP device that the router connects to. For this connection, the router is utilizing the 4th interface. You should assign the router's 4th interface IP address and subnet based on the network info your ISP provides. The router's 4th interface then will serve the entire organization network connectivity to the outside world.

Should you choose to set gateway to reach outside world, you then use the ISP device IP address. On the ISP network info, this device IP address is usually mentioned as gateway or default gateway.

In Cisco router, the command to set gateway is the following.

ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]

The command basically informs the router that to reach subnets that are unknown or undefined, use the ISP device as the next hop.

FYI, gateway or default gateway term is sometime referred as "the gateway of last resort" since it will be used only to reach unknown or undefined subnets.

Discussion

»Break /25 into small and large subnet?
»Subnetting question

Network Design #2

After some assessment, it is predicted that 1st Department host number would be triple within 2 years. 2nd Department host number is predicted would be double also within 2 years. 3rd Department host number remains the same after 2 years.

In addition, there are additional two departments. Let's say these two departments are called 4th and 5th Departments. The 4th Department host number will be five. The 5th Department host number will be three.

There will be plan to host three new servers that are accessible from the Internet. To simplify administration, the existing servers and printers will be moved and kept under the same area as the new servers. Let's call this area "server farm".

To provide network security (i.e. to protect the Internet-accessible servers), there will be dedicated firewall box facing the Internet. Since you are using Private IP Address (192.168.0.0/24), there will be plan to use this firewall box also as NAT/PAT device.

Side Note

Check out the following FAQ for more info on NAT/PAT
»Cisco Forum FAQ »NAT, PAT, Port Forward, Internet and Server Access: Introduction and Practices

To support this new setup, you are provided with the following new equipments

* One 2-interface firewall box
* Two 4-interface router
* One 2-interface router
* Four switches

The following is the new network setup.


Note that there are multiple network types with this new network design. Network of Router 1, 1st Dept., 2nd Dept., and 3rd Dept. is a broadcast network. Broadcast network type also applies to Router 2 and Server Farm network; Router 3, 4th Dept., and 5th Dept. network; and lastly the Router 1, Router 2, Router 3, and Router 4 network.

However network type of Firewall and Router 4 network is point-to-point network. In this case, we had hardware and/or media type restriction that is unable to function as point-to-point network. Therefore the network type used would be still broadcast network, only that it consists of two useable IP addresses (somewhat point-to-point network).

Based on this, we can keep using the existing router (that serves 1st, 2nd, and 3rd Dept.) as Router 1. The two new 4-interface routers will be Router 2 and Router 3 respectively. The 2-interface router will then be Router 4.

To start, let's recalculate the assigned subnets for each department.


We will be minimizing on readdressing all the hosts. Therefore there will be IP address reusing and reassigning.


Network Info

1st Dept.
IP address range: 192.168.0.1 - 192.168.0.30
Subnet Mask: /27 (or 255.255.255.224)
Gateway: 192.168.0.14

2nd Dept.
IP address range: 192.168.0.33 - 192.168.0.62
Subnet Mask: /27 (or 255.255.255.224)
Gateway: 192.168.0.33

3rd Dept.
IP address range: 192.168.0.65 - 192.168.0.78
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.78

4th Dept.
IP address range: 192.168.0.81 - 192.168.0.86
Subnet Mask: /29 (or 255.255.255.248)
Gateway: 192.168.0.81

5th Dept.
IP address range: 192.168.0.89 - 192.168.0.94
Subnet Mask: /29 (or 255.255.255.248)
Gateway: 192.168.0.94

Server Farm
IP address range: 192.168.0.97 - 192.168.0.110
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.110

Since there will be routing between four routers, Firewall, and the Internet; there will be a need to assign specific subnet for specific connection.

Between Router 4 and Firewall


Between Routers

Router 1

1st interface
IP Address: 192.168.0.14
Subnet Mask: 255.255.255.224

2nd interface
IP Address: 192.168.0.33
Subnet Mask: 255.255.255.224

3rd interface
IP Address: 192.168.0.78
Subnet Mask: 255.255.255.240

Router 2

1st interface
IP Address: 192.168.0.110
Subnet Mask: 255.255.255.240

Router 3

1st interface
IP Address: 192.168.0.81
Subnet Mask: 255.255.255.248

2nd interface
IP Address: 192.168.0.94
Subnet Mask: 255.255.255.248

To route between routers, there must be routes of reaching specific subnets using specific next hop IP address. To support these routes, there will be a need to assign specific IP address to specific router interface.

Router 1

4th interface
IP address: 192.168.0.250
Subnet Mask: 255.255.255.248

Router 2

4th interface
IP address: 192.168.0.251
Subnet Mask: 255.255.255.248

Router 3

4th interface
IP address: 192.168.0.252
Subnet Mask: 255.255.255.248

Router 4

1st interface
IP address: 192.168.0.249
Subnet Mask: 255.255.255.248

Notice that 192.168.0.0/26 (192.168.0.1 - 192.168.0.62) and 192.168.0.64/28 subnets are under Router 1. Similarly, 192.168.0.80/28 (192.168.0.81 - 192.168.0.94) subnet is under Router 3. Lastly 192.168.0.96/28 is under Router 2.

Let's take close look on the 192.168.0.0/26. From other routers' perspective, Router 1 is presenting two consecutive /27 networks; the 192.168.0.0/27 and 192.168.0.32/27. You then have a choice to combine these two /27 networks to become a single larger /26 network of 192.168.0.0/26. In other words, you can supernet both /27 networks to be a /26 network.

Similarly, 4th and 5th Depts subnets (that the Router 3 presenting to other routers) are also candidates for supernetting of 192.168.0.80/28. To conserve router's resources, we then supernet the networks.

From Router 1 perspective, followings are the route reachability

* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.249 as the gateway

From Router 2 perspective, followings are the route reachability

* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.249 as the gateway

From Router 3 perspective, followings are the route reachability

* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.249 as the gateway

To route between Firewall and Routers, there must be routes of reaching specific subnets using specific next hop IP address. To support these routes, there will be a need to assign specific IP address to specific device interface.

Router 4

2nd interface
IP address: 192.168.0.242
Subnet Mask: 255.255.255.252

Firewall

1st interface
IP address: 192.168.0.241
Subnet Mask: 255.255.255.252

2nd interface
IP address: refer to the ISP network info
Subnet Mask: refer to the ISP network info

From Router 4 perspective, followings are the route reachability

* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.241 as the gateway

From Firewall perspective, followings are the route reachability

* Use 192.168.0.242 as the next hop to reach 192.168.0.0/24 (another supernet)
* Use ISP Device IP Address as the gateway

With this new network design, similar route statements are in place as follow.

Router 1

ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 0.0.0.0 0.0.0.0 192.168.0.249

Router 2

ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 0.0.0.0 0.0.0.0 192.168.0.249

Router 3

ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 0.0.0.0 0.0.0.0 192.168.0.249

Router 4

ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 0.0.0.0 0.0.0.0 192.168.0.241

Firewall

ip route 192.168.0.0 255.255.255.0 192.168.0.242
ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]

As a note, the ip-route statement is a command in Cisco routers to setup static route in IP network, creating specific route statements as defined above.

Suggestion

Since only the new servers are Internet accessible, it is a good idea to separate them from the existing servers by group. One group will be the Internet accessible server group and another group will be the non-Internet accessible server group. This separation objective is to provide more secured network and broadcast traffic control.

The separation involves assigning dedicated subnet to each server group. You should be able to do the work by either subnet the existing 192.168.0.96/28 network or reassign/renumber network devices with minimal changes on the existing network design.

Network Design #3

You may notice that above network design is pretty much what small business have as their network. Let's have another look of network design. This time you need to setup private network that consist of three sites as follows.


As previous illustration, you are assigned 192.168.0.0/24 to use for private network.

Following is one way of design the network.
* Three /30 subnets for point-to-point network: Router 1-2, Router 1-3, Router 1-Internet Router
* One /25 subnet for LAN 1
* Two /27 subnets for other LAN: LAN 2 and LAN 3

Side Note:

In real-live network, this network design could be a hub-and-spoke private network where the Router 1 and LAN 1 is the Main Office where others are Branch Offices. In addition, Main Office tends to house more hosts to serve all offices. Therefore you may need to assign larger subnet for Main Office and to assign smaller subnet for Branch Office.

This network design could also be a local network within one office where the Router 1 and LAN 1 is the Main router with its network and each of other routers represent departement router. For more sample network design, check out the following FAQ.
»Cisco Forum FAQ »Should I use Layer-3 switch or router?

Subnet Assignment


Site 1
Router 1 - Internet Router: 192.168.0.192/30, where .193 is for Router 1 and .194 is for Internet Router
LAN 1: 192.168.0.0/25, where .1 is for Router 1 (also LAN 1 default gateway) and .2 - .126 are for hosts

Site 2
Router 1 - Router 2: 192.168.0.196/30, where .197 is for Router 1 and .198 is for Router 2
LAN 2: 192.168.0.128/27, where .129 is for Router 2 (also LAN 2 default gateway) and .130 - .158 are for hosts.

Site 3
Router 1 - Router 3: 192.168.0.200/30, where .201 is for Router 1 and .202 is for Router 3
LAN 3: 192.168.0.160/27, where .161 is for Router 3 (also LAN 3 default gateway) and .162 - .191 are for hosts.

Following are the network setup with their associated subnet assignment.


IP Routing Reachability

Router 1
To reach the Internet (0.0.0.0/0): through 192.168.0.193
To reach LAN 2 (192.168.0.128/27): through 192.168.0.198
To reach LAN 3 (192.168.0.160/27): through 192.168.0.202

Router 2
To reach anyplace (other LAN and the Internet which is in other words 0.0.0.0/0): through 192.168.0.197

Router 3
To reach anyplace (other LAN and the Internet which is in other words 0.0.0.0/0): through 192.168.0.201

Internet Router
To reach the Internet (0.0.0.0/0): through ISP router IP address (or the Internet Router default gateway)
To reach any private sites (192.168.0.0/24): through 192.168.0.194

Routing Statement

Router 1:
ip route 0.0.0.0 0.0.0.0 192.168.0.193 name Internet Access
ip route 192.168.0.128 255.255.255.224 192.168.0.198 name LAN 2
ip route 192.168.0.160 255.255.255.224 192.168.0.202 name LAN 3

Router 2:
ip route 0.0.0.0 0.0.0.0 192.168.0.197 name Outside Access

Router 3:
ip route 0.0.0.0 0.0.0.0 192.168.0.201 name Outside Access

Internet Router:
ip route 0.0.0.0 0.0.0.0 [ISP DEFAULT GATEWAY IP ADDRESS]
ip route 192.168.0.0 255.255.255.0 192.168.0.194 name Private Networks

Classless, Classful, CIDR Longer and Shorter Prefixes in Routing

As shown on previous network design, there is a default gateway route and there are routes to reach specific subnets. You may notice that these routes to reach specific subnets are preferable to reach the intended subnets or IP addresses. When there are no available routes to reach specific subnets, then the default gateway route is chosen as the last resort.

1. First Illustration

Let's review the following routes


ip route 0.0.0.0 0.0.0.0 192.168.0.193
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip route 192.168.0.128 255.255.255.224 192.168.0.198
ip route 192.168.0.160 255.255.255.224 192.168.0.202


Now say there is a traffic that need to reach a host with IP address of 192.168.0.165. This IP address falls within the 192.168.0.160/27 route. Therefore the traffic will be forwarded via the 192.168.0.202 host. As a note, this 192.168.0.202 IP address host is called the next hop IP address to reach the 192.168.0.160/27 subnet.

For the next example, let's say there is a traffic that need to reach a host with IP address of 192.168.0.16. This IP address does not fall within the 192.168.0.128/27 nor the 192.168.0.160/27 routes. There is however a route to reach any IP address that falls within 192.168.0.0/24 range. Therefore the traffic will be forwarded via the 192.168.0.1 host.

As a next example, let's say there is a traffic that need to reach a host with IP address of 192.168.2.16. This IP address does not fall within the 192.168.0.128/27 nor the 192.168.0.160/27 routes. This IP address does not fall within the 192.168.0.0/24 range either. There is however a route to reach any IP address that can be used as last resort when there is no match to any of the specific route available. Therefore the traffic will be forwarded via the 192.168.0.193 host.

2. Second Illustration

Now let's say there are following routes


ip route 0.0.0.0 0.0.0.0 192.168.0.193
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip route 192.168.0.128 255.255.255.224 192.168.0.198
ip route 192.168.0.160 255.255.255.224 192.168.0.202
ip route 192.168.0.164 255.255.255.252 192.168.0.230


Let's review the previous illustration that say there is a traffic that need to reach a host with IP address of 192.168.0.165. This IP address falls within the 192.168.0.160/27 route. There is however more specific route to reach a host with IP address that falls within the 192.168.0.164/30 route.

Note that in IP routing, route with more specific info or in other words longer prefix is preferable to the less specific info or in other words shorter prefix. Therefore the traffic that need to reach a host with IP address of 192.168.0.165 will be forwarded via the 192.168.0.230 host instead of 192.168.0.202 host.

3. Third Illustration

As a next illustration, let's review the following routes


ip route 0.0.0.0 0.0.0.0 192.168.0.193
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip route 192.168.0.128 255.255.255.224 192.168.0.198
ip route 192.168.0.160 255.255.255.224 192.168.0.202
!
no ip classless


Now say there is a traffic that need to reach a host with IP address of 192.168.0.165. This IP address falls within the 192.168.0.160/27 route. There is however a statement of no ip classless is being used. This statement means that any CIDR routes with more specific than their classful route are ignored. This statement also means that a classful routing is used and will ignore any subnetted network.

On early discussion, there are terms called Class A, B, and C network. As example, following is a list of some Class A, B, and C network available in IP (IP version 4) network.

Class A network: 10.0.0.0/8
Class B network: 172.16.0.0/16, 172.17.0.0/16
Class C network: 192.168.0.0/24, 192.168.1.0/24, 192.168.43.0/24

Let's say there is a route that fall under 10.0.0.0/8. When the no ip classless is being used, any specific routes than 10.0.0.0/8 to reach IP address that fall under 10.0.0.0/8 will be ignored. Similarly, any specific routes than 192.168.0.0/24 to reach IP address that fall under 192.168.0.0/24 will be ignored when the no ip classless is being used.

When more specific routes that have longer prefix are being ignored, traffic will take either the full class network route or will take the default gateway route as the last resort if available. In the case of reaching IP address that fall under 192.168.0.0/24, any routes that are more specific or have longer prefix than the 192.168.0.0/24 will be ignored and instead the traffic will take the route to reach the entire 192.168.0.0/24 or will take the default gateway route as the last resort when available.

With the need of reaching a host with IP address of 192.168.0.165, the other two routes with more specific routes or have longer prefix than 192.168.0.0/24 are ignored. Instead the traffic will consider the 192.168.0.0/24 route. Therefore the traffic that need to reach a host with IP address of 192.168.0.165 will be forwarded via the 192.168.0.1 host instead of 192.168.0.202 host.

In the case of following routes


ip route 0.0.0.0 0.0.0.0 192.168.0.193
ip route 192.168.0.128 255.255.255.224 192.168.0.198
ip route 192.168.0.160 255.255.255.224 192.168.0.202
!
no ip classless


then a traffic that need to reach a host with IP address of 192.168.0.165 will be forwarded via the 192.168.0.193 since there is no specific route to reach the 192.168.0.0/24 route.

As you may note in this illustration, a Classful routing system is used instead of a Classless routing system. In Classful routing system (as indicated by the no-ip-classless statement), any routes that have longer prefix than their associated Class A, B, or C network as result of subnetting are ignored. With Classful routing system, more specific routes or routes with longer prefix are preferred.

You can check out the following for more info on Classful and Classless routing system

Wikipedia - Classful network
TCP/IP Guide - Class A, B and C Network and Host Capacities

Discussion
»[CCNA] Undertanding Next hop routing answer

IP Route, Subnet Mask, and Broadcast Domain

Earlier statement mentioned that the traffic flow is determined based on IP route availability. This IP route availability is called IP Routing Table or Routing Table in short. The Routing Table holds the IP route availability in form of Network ID with its associated Subnet Mask. There is also an IP address of the host used as gateway to reach the intended host IP address. This IP address is called the next hop IP address.

Let's review the following illustration. There are three hosts A, B, and C with IP address of 192.168.0.10/25, 192.168.0.56/25, and 192.168.0.130/25 respectively. From the subnet mask, you can see that both A and B are within the same network (192.168.0.0/25) where C is within different network (192.168.0.128/25).

When there are hosts within the same network, the hosts are called within the same network or within the same broadcast domain. Let's discuss this broadcast domain further.

There was a mention of a Layer-2 mechanism called Broadcast used for communication between hosts within the same network. The network is sometimes called Broadcast Domain, since the broadcast traffic only exists within the network (within the domain) and does not by default leave outside the network.

You may note that this Broadcast Domain relates closely to Subnet Mask. By checking IP addresses and Subnet Masks of itself and the other host's, a host can tell if the other host in communicating partnership is within the same network or is outside network.

As example, let's say the Host A of 192.168.0.10 IP address with /25 subnet mask needs to communicate with Host B of 192.168.0.56 with /25 subnet mask. By checking its own IP address and subnet mask, and B's IP address and subnet mask, Host A can tell that A is within the same network (the same Broadcast Domain) as host B. Similarly by checking IP addresses and subnet mask, Host B can tell that B is within the same Broadcast Domain as A.

Since both hosts A and B know that they are in the same Broadcast Domain, both hosts know that there will be no route necessary to communicate between each other. Both hosts A and B simply do their Layer-2 mechanism without the necessity of routing the traffic flow.

When A needs to communicate with C of 192.168.0.130/25 let's say, the same mechanism of checking IP address and subnet mask takes place. Using the mechanism, A knows that C is at outside network (outside the Broadcast Domain) of A. Similarly by using the mechanism, C knows that A is at outside the Broadcast Domain of C. Since both hosts A and C know that they are at different network, both hosts know a Layer-3 IP routing mechanism is needed. The same consequences take place when B needs to communicate with C.

Now say there is a host D of 192.168.0.6/24 IP address. From the IP address, hosts A and B think that the host D is within the same network as them. However host C also thinks that host D is within the same network as C itself since /24 subnet mask includes the 192.168.0.128/25. From host D perspective, D sees A, B, and C as hosts that stay within the same subnet as D itself due to the host D's subnet mask identity. The existance of such host D as you may note create confusion. In real network, this confusion create routing and traffic flow ambiguity which lead to inability to communicate between host D and the rest of the network (say A, B, and C).

Check out following thread for further illustration.
»[HELP] ARP on INT with 2ndary IP

Fundamental Part of CIDR (Classless Inter-Domain Routing) in IP version 4 Network

You may now realize what the term CIDR (Classless Inter-Domain Routing) really means. The concept of Classless network makes it possible to break up single large classfull network such as 192.168.0.0/16 into smaller networks such as /24, /28, or else using subnetting. Subnetting makes these smaller networks independent networks while the large classfull network is seen as network summary or supernet of all of those smaller networks.

As shown, CIDR plays important part in routing. The longer prefix a route statement provides, the more preferable the route is. However such condition only applies when the network is the Classless network. By using IP address and subnet mask, CIDR provides mechanism of how and when IP route (inter-domain or inter-broadcast-domain routing) is necessary for communication between hosts in IP network. These mechanisms are as you may see fundamental parts of IP version 4 network communication.

Check out the following link as industry standard of CIDR
RFC 1519: Classless Inter-Domain Routing (CIDR)

Discussion

»[OT] Am I unreasonable?

Next Chapter with Subnetting

»Cisco Forum FAQ »Quick and Easy Subnetting /24 and larger network

Further Discussion on Network Design and IP Routing

This FAQ is not intended as discussion of network design nor IP routing. As mentioned, the network design and IP routing discussion here is used only to illustrate better understanding of subnetting concept and to describe how subnetting concept is applied in IP network in order to provide appreciation beyond a mere mathematics or beyond certification test passing.

If you like further discussion on network design, check out the following FAQ.

»Cisco Forum FAQ »Choosing Gateway IP Address for a network
»Cisco Forum FAQ »Network Design Tips

Check out the following FAQ for more info on routing and switching.
»Cisco Forum FAQ »Routing and Switching - An Introduction

by Covenant See Profile edited by aryoba See Profile
last modified: 2016-10-17 10:30:15


Suggested pre-reading
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship

Note:
It is highly suggested to read the above prerequisite link before reading this topic due to some terminologies and understanding of the link content. Basically this is the 2nd chapter of the prerequisite link content. Even when you feel you understand Class C network subnetting already and are ready to move up to the next level, it is always a good idea to refresh the concepts and some definitions.

The Basic Concept

Similar to Class C subnet calculation (/24 or smaller subnet), basic concept applies to Class B (/16 or smaller subnet up to /23) and Class A (/8 or smaller subnet up to /15) subnet calculations. When the first 3 octets in Class C subnet calculation are always constant and only last octet changes (as shown above), the first 2 and last octets in Class B subnet calculation are always constant where only the third octet changes. Similarly, the first and last two octets in Class A subnet calculation are always constant where only the second octet changes.

Quick Review

Let's review a 192.168.0.0/23 network. As you can see, this is a broadcast network. You can then determine the following

192.168.0.0/23

Understanding /23 and Larger Network

In 255.255.255.254 (/31) subnet mask, you can see this as a network that consists of two 255.255.255.255 (/32) networks. You can apply the same understanding on looking /23 network. By considering the last octet, you should be able to see 255.255.254.0 (/23) as a network consisting of two 255.255.255.0 (/24) networks.

The above concepts show that you can see subnet as groups of multiple single IP addresses (/32) or as groups of multiple smaller subnets. Recall that in the »Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship, there are illustrations showing such in Class C network subnetting.

Following is a list of smaller subnet groups to make up Class B network

The same concept applies to both Class B and Class A network subnetting. While the Class B network (such as /23 network or larger up to /16) can be seen as groups of Class C networks (/24) as shown, the same concept applies to Class A network (/15 network or larger) where the Class A network can be seen as groups of Class B networks.

Following is a list of smaller subnet groups to make up Class A network

Discussions
»[CCNA] Calculating VLSM summary for ICEND2
»Route Summarization

Determine Subnet Mask Format

You may wonder how to state the subnet mask format as 255.255.254.0. Determine such basically follows the same understanding as determine 255.255.255.254 (the /31).

As you may notice, the 255 represents one of 255 and the 254 represents two of 255. In /31 (255.255.255.254), there are two 255 (two 255.255.255.255). By applying the same understanding, there are two 255 (two 255.255.255.0) in /23 (255.255.254.0).

Determine IP Address Number

In /24 or smaller networks (within Class C network),

Within Class B network, you have the following

Note that the concept of size doubling still applies in Class B network as in Class C network as mentioned. As illustrations, there are 2 of /24 within /23; 2 of /23 within /22; and 2 of /18 within /17 networks.

Implementing /23 Network

Let's say an organization decide to use 192.168.0.0/23 as a single subnet without subnetting it to smaller subnets. Let's say the gateway IP address would be 192.168.0.1, although in reality a gateway IP address can be any IP address within valid range of 192.168.0.1 - 192.168.1.254.

Some hosts within the subnet will have the following network info

192.168.0.34/23

192.168.1.0/23

192.168.0.255/23

Octet and Subnet Calculation

Similar to /24 and smaller subnets, we keep referring to octets when working with /23 or larger subnets. As illustration, let's say you have 192.168.65.27/22 network. You need to determine the following
* the network range
* the IP address order number

You need to see the /22 network as part of larger /16 network (the whole 192.168.0.0 Class B network). /22 equals to 255.255.252.0. The 252 means that there are four /24 networks. On the 1st /22 network, the 3rd octet range would be .0 to .3.

Here is the breakdown on the 1st network


The remaining networks would be the following


You may now see that the 192.168.65.27/22 is within the 192.168.64.0/22 network with order number of 283.

Tips and Tricks

1. Convert CIDR Subnet Mask Format To Dotted 4-Tuple Format

Note that when deals with /24 network or longer prefix, you only focus on the last octet. With Class B network, it is similar concept with focusing on the 3rd octet.

Class B network is between /16 and /23 CIDR. As mentioned, you only focus on the 3rd octet where the 1st two and last octets are constant. In other word, only the 3rd octet is changing as follows.
/24: 255.255.255.0
/23: 255.255.254.0
/22: 255.255.252.0
/21: 255.255.248.0
/20: 255.255.240.0
/19: 255.255.224.0
/18: 255.255.192.0
/17: 255.255.128.0
/16: 255.255.0.0

With Class B, there is a similar formula to convert CIDR format into dotted 4-tuple format by holding on these
* The "longest" Class B network (the /24) always has 255 as the 3rd octet
* The /24 always has a single Class C network
* The next larger Class B network is always double size of the current Class B network. In other word, the next larger Class B network has double quantities of Class C network than the current Class B network
* The 1st two octet are always 255 and the last octet is always 0 where the 3rd octet is changing

As illustration, let's say you like to convert /18 CIDR into dotted 4-tuple format.

The 3rd octet on the Class B network


Since the 1st two octet are always 255 and the last octet is always 0, then the /18 CIDR is equal to 255.255.192.0 subnet mask.

2. Find Out IP Address Quantity Within Specific Subnet

There is also similar formula like the one with the Class C network subnetting

(256 - The 3rd Octet) x 256 = IP Address Quantity Within Specific Subnet

Illustration


3. Reverse Bit Correlation Between Subnet Mask and Number of IP Address

Let's visit the binary format of Class B network


There is similar correlation between subnet mask and IP address quantity within the subnet on Class B network as on the Class C network. You can apply this correlation to find out smaller subnet quantity when subnetting Class B network into smaller Class C network. Here is the process.
* Find out the number of CIDR form of the smaller subnet, i.e. /n
* Take n as the power of two as 2^n
* Calculate 2^n
* The 2^n represents the number of /n subnet will be when subnetting a Class B network into /n subnet

Let's have an illustration. Say you have a full Class B network and you subnet it into smaller /28 network. You like to know how many /28 subnets will be, assuming you can use Subnet Zero.

Recall the /24 subnetting process where you only focus on the last octet. With Class B subnetting process, you only focus on the last two octets; the 3rd and the 4th.

The /28 network in binary format has the 1st 28 bits set to one where the remaining 4 bits are set to zero. Let's remove the 1st two octets and just focus on the last two octets.

When only focusing on the last two octets, there are the 1st 12 bits set to one where the remaining 4 bits are set to zero. Take the 1st bits that are set to one, which is 12; as the power of two as 2^12. The 2^12 equals to 4096. This 4096 represents the number of /28 subnet will be when subnetting a Class B network into /28 subnet.

Let's calculate how many /28 subnet will be within full Class B network using different method. As you may recall, there are 16 of /28 subnets within Class C network. Using the concept of size doubling, then you have the following table.

As to find out quickly the number of IP address within the a Class B network, you are using the same concept as dealing with the Class C network; which is based on the number of bits that are set to zero.

Following is an illustration. When you have let's say /19 network; there are the 1st 19 bits set to one and the remaining 13 bits set to zero. Take this number 13 as the power of two as 2^13. The 2^13 = 8192. This 8192 represents the number of IP addresses within the /19 network.

As you may notice, the illustration assumes you can use Subnet Zero.

4. Determine Smaller Subnet Range

Problem 1:
Let's say you have a full Class B network, which is 172.16.0.0/16 network. You subnet it into smaller /28 network. You like to find out how the 897th of /28 subnet looks like.

Here are the process

* Find out how many subnets will be if the bigger subnet is /24
* Take the number of the subnets and assigns it into m
* Take a number n as of n-th of the smaller subnet
* Calculate (n - 1) / m
* When the calculation result is a round number, such number represents the 3rd octet of the n-th subnet. In addition, the 4th octet equals to 0
* The 1st and 2nd octets are always constants
* The IP address represented as such 1st, 2nd, 3rd, and 4th octets is the Network ID
* The Network Broadcast last octet = m - 1

Using the illustration, you need to find out how many /28 subnets within /24 network. As you may recall, there are 16 of /28 subnets within /24 network. You are finding out the 897th of the /28 subnet range is. Therefore

n = 897, m = 16

When you calculate (n - 1) / m, you have

(n - 1) / m = (897 - 1) / 16 = 56

Since 56 is a round number, then the following two occur

* The 56 represents as the 3rd octet
* The 4th octet equals to 0

The 1st and 2nd octets are always constant. As a result, the IP address you have is 172.16.56.0; which is also the Network ID IP address. As to the Network Broadcast,

Network Broadcast IP address last octet = m - 1 = 16 - 1 = 15

The 897th /28 subnet itself look like the following

172.16.56.0/28 = 172.16.56.0 - 172.16.56.15

where

Problem 2:
Let's say you have a full Class B network, which is 172.16.0.0/16 network. You subnet it into smaller /28 network. You like to find out how the 3117th of /28 subnet looks like.

There is a similar process as previous problem, with some additional steps to deal with non-round number.
* Find out how many subnets will be if the bigger subnet is /24
* Take the number of the subnets and assigns it into m
* Take a number n as of n-th of the smaller subnet
* Calculate (n - 1) / m
* When the calculation result is not a round number, you only consider the round number part and remove the fraction
* The round part represents the 3rd octet
* Multiple the round number part (the 3rd octet) by m
* Add the result by 1
* Assign p as the final result, where p = (the 3rd octet x m) + 1
* The result of (n - p) x m represents the Network ID IP address last octet
* The result of (Network ID IP address last octet + (m - 1)) represents the Network Broadcast IP address last octet
* The 1st and 2nd octets are always constants
* The IP address represented as such 1st, 2nd, 3rd, and 4th (last) octets is the n-th of how the smaller subnet look like

Using the illustration, you need to find out how many /28 subnets within /24 network. As you may recall, there are 16 of /28 subnets within /24 network. You are finding out the 3117th of the /28 subnet range is. Therefore

n = 3117, m = 16
(n - 1) / m = (3117 - 1) / 16 = 3116/16 = 194.75

The 194.75 is not a round number, so we only consider the round part and remove the fraction. In other word, we take the 194 only. This 194 round number represents the 3rd octet.

p = (the 3rd octet x m) + 1 = (194 x 16) + 1 = 3104 + 1 = 3105
(n - p) x m = (3117 - 3105) x 16 = 192

This 192 represents the last octet of the Network ID IP address. In other word,

3117th subnet Network ID IP address: 172.16.194.192/28

Network ID last octet + (m - 1) = 192 + (16 - 1) = 192 + 15 = 207

This 207 represents the last octet of the Network Broadcast IP address. In other word,

3117th subnet Network Broadcast IP address: 172.16.194.207/28

Since you now have both Network ID and Network Broadcast IP addresses, then the 3117th /28 subnet off the 172.16.0.0/16 looks like the following.

3117th subnet: 172.16.194.192/28 = 172.16.194.192 - 172.16.194.207

where

Note that
1. These two problems assume that you can use Subnet Zero. If you cannot use Subnet Zero, you need to modify the formula although the concept is the same.
2. The p = 3105 represents the 3105-th subnet. In other words, p = n = 3105 in case you like to find out how the 3105th /28 subnet range is.
3. From previous note, you can then apply the formula or process within Problem 2 into Problem 1 with the same result. In other words, Problem 2 formula or process is in general form compared to the Problem 1.

5. Convert Dotted 4-Tuple Subnet Mask Format Into CIDR Format

Let's say you have 255.255.192.0 subnet mask. You like to know how the subnet mask looks in CIDR format.

You are using the similar process as in the Class C network with the difference of working on the 3rd octet only where the 1st, 2nd, and 4th octets are constant.

Following are the steps when deals with Class B subnetting:
* Focus only on the 3rd octet
* Set the octet as the last octet of a /24 network subnet mask where 1st, 2nd, and 3rd octets are 255
* Determine IP address quantity within the new /24 network subnet
* Find out n where 2^n = IP address quantity within the subnet
* Subtract 8 by n
* Take the subtraction result as additional set-to-one bits to the 1st 16 bits set to one of the full Class B subnet mask
* Add the total number of bits set to one
* This total number represents the CIDR format

Let's use an illustration to convert the 255.255.192.0 into CIDR format. Focus only on the 3rd octet, which is the 192.

Set the 192 as the last octet of a /24 network subnet mask as 255.255.255.192

When you build up your own table (or memorize it), you know there are 64 IP addresses within 255.255.255.192 subnet mask.

Find out n where 2^n = 64

By simple calculation (and probably some trial and error), you find that n = 6

Recall the previous discussion that in binary format, all the bits within 1st and 2nd octet of Class B network are set to one. Similarly all bits within the last octet are set to zero. Only bits within the 3rd octet are changing. Let's focus on the bits within this 3rd octet.

As you know, there are 8 bits within the 3rd octet. In /16 network (the full Class B network), all of those 8 bits within the 3rd octet are set to zero. With the value of n = 6, this means that there are 6 last bits set to zero within the 3rd octet itself.

Subtract 8 by 6 to have 2. This 2 represents the remaining 2 bits set to one; which are also the 1st 2 bits within those 8 bits. Take these 2 bits as additional set-to-one bits into the 1st 16 bits of the full Class B subnet mask.

The full Class B subnet mask has the 1st 16 bits set to one. With additional 2 bits set to one, there are total of the 1st 18 bits set to one. Therefore 255.255.192.0 network has the 1st 18 bits set to one (16 + additional 2) where the remaining 14 bits are set to zero.

Since CIDR format bases on the 1st set-to-one bits, the 255.255.192.0 subnet mask is equal to /18 CIDR.

Best Practice in Real-World Network Design

Let's review the following illustration.


In a real-world network design, there are certain considerations as follow.
* There are always a need to add more hosts within LAN, that can use up assigned subnet quickly
* Assigned-subnet network ID carries easy-to-identify properties
* Keep routing short and simple to conserve router's CPU and memory, and link bandwidth (and of course to keep the sanity of the network administrator like yourself).

Previous illustration may assign single /24 for the entire network to cover LAN 1, LAN 2, LAN 3, and all of the interconnectivity. In real-world network design, assigning /24 as such is simply inadequate. Instead single /24 or even single /16 subnet is assigned for each LAN to ensure that the subnet range is large enough to cover future number of host growth. As example, LAN 1 (or could be Site 1 that consists of multiple LAN) is assigned 172.16.0.0/16; LAN 2 (or could be Site 2 that consists of multiple LAN) is assigned 172.17.0.0/16; LAN 3 (or could be Site 3 that consists of multiple LAN) is assigned 172.18.0.0/16.

Discussion
»[Info] Migrating to vlans from flat network

In a case of Sites 1, 2, and 3; these /16 subnets would then be broken up into multiple /24 subnets which each /24 subnet is assigned into each LAN as needed. Following is an illustration.


Site 1: 172.16.0.0/16, consists of following /24 subnets
Server 1: 172.16.0.0/24
Accounting: 172.16.1.0/24
Engineering: 172.16.2.0/24

Site 2: 172.17.0.0/16, consists of following /24 subnets
Server 2: 172.17.0.0/24
Facility: 172.17.1.0/24
HR: 172.17.2.0/24

Site 3: 172.18.0.0/16, consists of following /24 subnets
Server 3: 172.18.0.0/24
Server Backup: 172.18.1.0/24
Research: 172.18.2.0/24
QA: 172.18.3.0/24

To distinguish between interconnectivity and LAN subnet, router interconnectivities (Router 1 - Router 2, Router 1 - Router 3, Router 1 - Internet Router) uses 10.0.0.0/8 subnet where Router 1 - Internet router is assigned 10.0.0.0/30, Router 1 - Router 2 is assigned 10.0.0.4/30, and Router 1 - Router 3 is assigned 10.0.0.8/30.


1. Static Routes

As simplification, these are the routing statement on each router.

Router 1
ip route 172.17.0.0 255.255.0.0 10.0.0.6
ip route 172.18.0.0 255.255.0.0 10.0.0.10
ip route 0.0.0.0 0.0.0.0 10.0.0.2

Router 2
ip route 0.0.0.0 0.0.0.0 10.0.0.5

Router 3
ip route 0.0.0.0 0.0.0.0 10.0.0.9

Internet Router
ip route 10.0.0.0 255.0.0.0 10.0.0.1
ip route 172.16.0.0 255.248.0.0 10.0.0.1
ip route 0.0.0.0 0.0.0.0 [ISP DEFAULT GATEWAY IP ADDRESS ]

In a case of Sites 1, 2, and 3; Router 1 has multiple Layer-3 interfaces as follows
Interface Gi0/0: 172.16.0.0/24
Interface Gi0/1: 172.16.1.0/24
Interface Gi0/2: 172.16.2.0/24
These 172.16.x.0/24 subnets from Router 1 perspective are directly-connected networks.

Similar setup takes place on Routers 2 and 3 as follows.

Router 2
Interface Gi0/0: 172.17.0.0/24
Interface Gi0/1: 172.17.1.0/24
Interface Gi0/2: 172.17.2.0/24

Router 3
Interface Gi0/0: 172.18.0.0/24
Interface Gi0/1: 172.18.1.0/24
Interface Gi0/2: 172.18.2.0/24
Interface Gi0/3: 172.18.3.0/24

2. OSPF Area Designations

Should OSPF as dynamic routing protocol be implemented instead of static routes, each superset (the 172.16.0.0/16, 172.17.0.0/16, and 172.18.0.0/16) is assigned its own Area ID where each subnet (portion of the superset, which are the /24 subnets) can be set on multiple routers or multiple router interfaces within the Area representing the actual individual broadcast network. The superset is then set as Area Summary Network to simplify routing tables.

Following is an illustration.

Router 1


Router 2


Router 3


3. RIP and EIGRP

Should RIP or EIGRP as dynamic routing protocol be implemented instead of static routes, each superset (the 172.16.0.0/16, 172.17.0.0/16, and 172.18.0.0/16) is assigned as summary routes where each subnet (portion of the superset, which are the /24 subnets) can be set on multiple routers or multiple router interfaces. Since there is no concept of Area nor of Area Summary Network in RIP and EIGRP, careful network design is required to ensure all 10.0.0.x interconnects only carry the supernet (the summary routes). In addition, CIDR (Classless Inter-Domain Routing) must be enabled in order to recognize supersets and subnets by setting no auto-summary command and by implementing Version 2 command should RIP be used.

Following is an illustration.

EIGRP

Router 1


Router 2


Router 3


RIP

Router 1


Router 2


Router 3


Discussion
[HELP] Why use the no auto-summary command for EIGRP

by aryoba See Profile
last modified: 2016-10-07 11:16:09

Suggested pre-reading
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship
»Cisco Forum FAQ »Quick and Easy Subnetting /24 and larger network

The following read is intended to those who already have reviewed the links above. If you have not read either one, please do so to avoid confusion.

In Cisco world (and networking in general), there is a term called Wildcard Subnet Mask which is a result of inversing a subnet mask. Such result in a sense indicates how many available IP addresses or IP subnets are within certain VLSM (Variable Length Subnet Mask) based network.

On Cisco router, wildcard subnet mask is used in the following occasion
* Defining subnet in ACL
* Defining subnet member in OSPF area

For those who just learn networking, wildcard subnet mask is new and probably looks confusing. Don't worry, there is easier way to understand it.

Background Theory

Let's say you have the following subnet.

192.168.24.0/24

or 192.168.24.0 with 255.255.255.0 subnet mask

The binary format of the subnet mask is the following
11111111.11111111.11111111.00000000

In binary arithmetic, inverse a number means "flipping" one state to the other (i.e. from "on" to "off", from "0" to "1").

The inverse of the subnet mask in binary format is then the following
00000000.00000000.00000000.11111111

In decimal format, the inverse subnet mask looks like this
0.0.0.255

Confused? Lost? No worries, there is an easier way to understand this. We still can strictly use decimal number system to find out subnet mask inverse. This way you can get quicker result without skipping basic understanding. As always, the key is to use decimal number system with binary number system in mind.

When you know, remember, or count the quantity of IP addresses or IP subnet within certain VLSM network; you should be able to quickly deduct how the wildcard or inverse subnet mask in question looks like. This way, you can skip the binary arithmetic and use strict decimal arithmetic to get you a much quicker result with much simpler way.

This FAQ presents two quick ways of finding out how the wildcard or inverse subnet mask looks like using simple decimal-number-based calculation of the quantity of available IP addresses or IP subnet within certain IPv4 VLSM network. Following is the list of ways.

Quick Way #1: 255 Octet Subtraction

This is one way of doing the simple calculation. Note that when we do binary inverse, we do it octet by octet. Each octet has number from 0 to 255. To quickly find the inverse subnet mask, you can use the result of 255 subtracted by the given octet.

Here are illustrations

Example #1

/24: 255.255.255.0

255 - 255 = 0
255 - 0 = 255


Inverse /24: 0.0.0.255

Example #2

/27: 255.255.255.224

255 - 255 = 0
255 - 224 = 31


Inverse /27: 0.0.0.31

Example #3

/30: 255.255.255.252

255 - 255 = 0
255 - 252 = 3


Inverse /30: 0.0.0.3

Quick Way #2: Host Number

This is another way of finding inverse subnet mask. Let's use the /30 subnet to further describe. In /24 or smaller subnets, only last octet indicates the number of unique IP addresses exist within the subnet in question. Specifically for /30, the last octet indicates four unique numbers of IP addresses; from 0 to 3. Take the last number and apply that to inverse subnet mask.

As to the 1st three octets, they should "automatically" convert to 0 since only the last octet "matters" from number of IP address perspective in /24 or smaller subnets.

Here are illustrations

Example #1

/30 last octet: 252 ---> four IP addresses, from 0 to 3

Inverse /30: 0.0.0.3

Example #2

/27 last octet: 224 ---> 32 IP addresses, from 0 to 31

Inverse /27: 0.0.0.31

Example #3

/24 last octet: 0 ---> 256 IP addresses, from 0 to 255

Inverse /24: 0.0.0.255

Working with Subnet Larger than /24

When you have subnet larger than /24, you need to consider other octets in addition to the last one. Using the 2nd method (the Host Number), you will apply the last number of each octet to the inverse.

Keep in mind that similar to Class C subnet calculation (/24 or smaller subnet), basic concept applies to Class B (/16 or smaller subnet up to /23) and Class A (/8 or smaller subnet up to /15) subnet calculations. When the first 3 octets in Class C subnet calculation are always constant and only last octet changes (as shown above), the first 2 and last octets in Class B subnet calculation are always constant where only the third octet changes. Similarly, the first and last two octets in Class A subnet calculation are always constant where only the second octet changes.

Here are illustrations

Example #1

/23: 255.255.254.0

3rd octet: 254 ---> two /24 subnets, from 0 to 1
4th octet: 0 ---> 256 IP addresses, from 0 to 255

Inverse /23: 0.0.1.255

Example #2

/21: 255.255.248.0

3rd octet: 248 ---> eight /24 subnets, from 0 to 7
4th octet: 0 ---> 256 IP addresses, from 0 to 255

Inverse /21: 0.0.7.255

Example #3

/12: 255.240.0.0

2nd octet: 240 ---> sixteen /16 subnets, from 0 to 15
3rd octet: 0 ---> 256 /24 subnets, from 0 to 255
4th octet: 0 ---> 256 IP addresses, from 0 to 255

Inverse /12: 0.15.255.255

Example #4

/2: 192.0.0.0

1st octet: 192 ---> sixty four /8 subnets, from 0 to 63
2nd, 3rd, 4th octets: 0 ---> 0 to 255

Inverse /2: 63.255.255.255

Note that the constants in Class A and B subnet calculation is slightly different than in the Class C subnet calculation. The constants in Class C subnet calculation, which are the first three octects, are all 0. In Class B subnet calculation, the constants are 0 for the first two octets while the last octet is constant 255. In Class A subnet calculation, the constant is 0 for the first octet while the last two octet constant is 255.


Feedback received on this FAQ entry:
  • Thanks very very helpful... A great help for new learners in networking filed! God bless u!

    2017-07-16 09:39:04

  • Excellent, Very much helpfull

    2016-06-16 15:27:59

  • Excellent very well explained.

    2016-03-18 17:08:02

  • Thanks...... this was very helpful!!!

    2016-02-18 15:43:01

  • well explain.........

    2016-02-11 02:17:52

  • I find that when I type following in the router: (config-router)#network 192.168.1.0 255.255.255.252 area 0 running config will automatic turn to: network 192.168.1.0 0.0.0.3 area 0 Seems that IOS will auto-correct it

    2015-12-20 04:33:18

  • It's awesome and very easy to calculate. You have helped me so dearly thanks a lot.

    2015-11-25 05:48:33

  • Fantastic shortcuts :)

    2015-09-22 14:14:29

  • Thanks , it's obvious

    2015-05-16 03:08:31

  • thanks! wonderful and easy to understand, i wont have to ballsack my teacher now!

    2015-05-06 07:13:33

  • Thank you for the clear explanation and for taking the time and effort to provide us with it. Teachers are by far some of the best people on the planet

    2015-01-15 12:22:21

  • Awesome !!

    2015-01-12 09:21:09

  • thanks.. lovely

    2014-10-28 13:48:18

  • Thanks a lot, these methods make it so easy for me to understand.

    2014-10-19 15:51:08

  • Thank you, Very Helpful

    2014-10-15 09:38:17

  • Whoever you are sir, you were a great man! My most and greatest appreciation sir.

    2014-10-09 05:47:09

  • very nice thank u.

    2014-10-02 19:09:20

  • Thank you,great!

    2014-09-18 17:35:06

  • Awesome, simplified... Thanks

    2014-09-15 14:51:39

  • Thanks a lot, its very helpful for me.

    2014-09-14 01:53:31

  • Satisfied,i'll make sure that i spread the knowledge.tnx,dankie,ka leboga

    2014-05-07 09:30:07

  • Excellent explanation. Studying CCNA at the moment and am in the middle of ACLs.

    2014-02-05 09:34:55

  • Thank you very much!!!, excellent explanation and to the point thank you again I wish I could say more.

    2013-12-29 15:35:01

  • Excellent. Thanks you so much.

    2013-12-20 10:28:46

  • were explained , now I m more confident. Thank you.

    2013-11-25 12:19:50

  • Excellent. Clear and concise, right to the point.

    2013-11-21 10:11:23

  • I really appreciate the great examples, it was a great help!!!

    2013-11-04 14:19:37

  • An excellent explanation! Thank you!

    2013-10-18 11:39:43

  • very helpfull

    2013-08-29 08:19:03

  • thankyou very much very clear

    2013-08-28 02:54:03

  • Excellent and now my mind is really working fast on Subnetting. Thank You, whoever it is.

    2013-06-13 13:40:08

  • Now I understand it, thank you!

    2013-05-27 21:57:57

  • thanks a lot. i searched a lot on this topic for easy understanding and finally i got here with you. thanks again

    2013-05-21 03:00:17

  • cool ol clear!!!!!!!

    2013-05-19 19:19:53

  • all clear :D

    2013-04-18 19:27:34

  • thank you very much... all clear!

    2013-04-18 19:26:46

  • Love it:)

    2012-11-07 18:00:01

  • Ok, so this is not rocket science. This makes stupid people look smart.

    2012-10-29 05:02:53

  • Thank you so much ! I got the concept of Wild mask..

    2012-08-21 08:08:19

  • ya thank u. now i'm obvious

    2012-01-30 11:04:39

  • Excellent tutorial..Thanks. (-:

    2011-10-14 06:31:54

  • Hi, Wild Masks other than 255 and 0s , were bugging me since long. But this ALL STOP article by writer has put the "last nail in the coffin"

    2011-10-06 01:34:43

  • Thank you for the clear and precise explanation.

    2011-09-23 20:56:47

  • Thank you for this method. Very easy and it works!! Wildcard masks have been a bit of a mystery to me since I was introduced to them. No more!!

    2011-02-16 13:36:16

  • Well simplified and explained. I needed a refesh and this was exacly what I was looking for. Thanks.

    2011-01-08 14:41:51

  • Thanks a lot ..............Extremely Super.

    2010-12-29 04:43:07

  • Well explained. Thanks alot!

    2010-12-02 08:28:29

  • Thanks, you help me so much ;)

    2010-11-18 12:12:36

  • Thank you. VERY CLEAR

    2010-05-06 09:18:00

  • great job on explaining the wildcard mask I was trying to understand this and after reading this I fully understand the wildcard mask.

    2010-01-29 20:52:31

  • This has been by far one of the most excellent readings on inverse masking. Anytime that I haven't been working with inverse masks for a while. I just come back here for a quick refresher. Thx

    2009-12-30 08:24:57

  • Thanks a ton for the wonderful explanation of WCM. It made things very clear -each part was broken down and explained in a step by step manner. Thanks again.

    2009-10-27 23:57:43

  • This has provided very good understanding of inverse subnet mask. Thank very much for your help.

    2009-02-13 18:57:08

  • Excellent. Really simplified even for someone who already knows the long way.

    2008-07-11 05:51:47

by aryoba See Profile
last modified: 2015-10-06 16:46:52

Suggested pre-reading
»Cisco Forum FAQ »Quick and Easy Wildcard (Inverse) Subnet Mask

Please note that the following reading is intended to those that already reviewed link above. If you have not read the link, please do so before continue.

Using Masks

Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks to configure IP addresses on interfaces start with 255 and have the large values on the left side (for example, IP address 209.165.202.129 with a 255.255.255.224 mask). Masks for IP ACLs are the reverse (for example, mask 0.0.0.255). This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask is a "don't care". The following table further explains this concept.

Mask Example

network address (traffic that is to be processed)
10.1.1.0
mask
0.0.0.255
network address (binary)
00001010.00000001.00000001.00000000
mask (binary)
00000000.00000000.00000000.11111111

Based on the binary mask, you can see that the first three sets (octets) must match the given binary network address exactly (00001010.00000001.00000001). The last set of numbers are "don't cares" (.11111111). Therefore, all traffic beginning with 10.1.1. will match since the last octet is "don't care". So, with this mask, network addresses 10.1.1.1 through 10.1.1.255 (10.1.1.x) will be processed.

The ACL inverse mask can also be determined by subtracting the normal mask from 255.255.255.255. In the following example, the inverse mask is determined for network address 172.16.1.0 with a normal mask of 255.255.255.0.
255.255.255.255 - 255.255.255.0 (normal mask) = 0.0.0.255 (inverse mask)

Note the following ACL equivalents.
The source/source-wildcard of 0.0.0.0/255.255.255.255 means "any".
The source/wildcard of 10.1.1.2/0.0.0.0 is the same as "host 10.1.1.2".

Summarizing ACLs

Note: Subnet masks can also be represented as a fixed length notation. For example, 192.168.10.0/24 would represent 192.168.10.0 255.255.255.0.

The following describes how to summarize a range of networks into a single network for ACL optimization.

Example 1

Consider the following networks.
192.168.32.0/24
192.168.33.0/24
192.168.34.0/24
192.168.35.0/24
192.168.36.0/24
192.168.37.0/24
192.168.38.0/24
192.168.39.0/24

The first two octets and the last octet are the same for each network. The following is an explanation of how to summarize these into a single network.

The third octet for the above networks can be written as follows, according to the octet bit position and address value for each bit. Note that M means "Match" and D means "Don't care".


As you can see, the first five bits match. All eight possible combinations of the three low-order bits (the last three bits) are relevant for the network ranges in question; creating binary numbers in sequence from 0 (000 binary) to 7 (111 binary). Therefore the above eight networks can be summarized into one network (192.168.32.0/21 or 192.168.32.0 255.255.248.0).

The following command defines an ACL that permits this network. Subtracting 255.255.248.0 (normal mask) from 255.255.255.255 yields 0.0.7.255.
access-list acl_permit permit ip 192.168.32.0 0.0.7.255

Example 2

Now let's consider the following set of networks.
192.168.146.0/24
192.168.147.0/24
192.168.148.0/24
192.168.149.0/24

The first two octets and the last octet are the same for each network. The following is an explanation of how to summarize these.

The third octet for the above networks can be written as follows, according to the octet bit position and address value for each bit.


Similar to previous example, the first five bits match. However the last three bits are not creating binary numbers in sequence. The last three bits are creating "partial" binary numbers in sequence instead in the form of two separate binary sequence numbers. The first two binaries are from 2 (010 binary) to 3 (011 binary). The last two binaries are from 4 (100 binary) to 5 (101 binary).

In order to summarize these networks into a single network, there must be a contiguous binary numbers from 0 (000 binary) to 7 (111 binary). Therefore unlike previous example, you cannot summarize these networks into a single network.

The above networks however can be summarized into two networks, as shown below.

• For networks 192.168.146.x and 192.168.147.x, all bits match except for the last one, which is a "don't care". This can be written as 192.168.146.0/23 (or 192.168.146.0 255.255.254.0).

• For networks 192.168.148.x and 192.168.149.x, all bits match except for the last one, which is a "don't care". This can be written as 192.168.148.0/23 (or 192.168.148.0 255.255.254.0).

The following defines a summarized ACL for the above networks.
access-list 10 permit ip 192.168.146.0 0.0.1.255
access-list 10 permit ip 192.168.148.0 0.0.1.255

More on Supernetting

Further reading on summarization
»Cisco Forum FAQ »Network Summarization (Supernetting)


Feedback received on this FAQ entry:
  • Great way to explain, you should be with Cisco Academy, teaching. Thanks a million

    2016-07-05 10:36:40

  • Thanks for the explanation. A nice simplified way of seeing what it takes to break wild card masks down and the networks the represent.

    2015-10-13 12:03:28

  • Brilliant and explained way of sub-netting, i am following this method

    2015-03-04 20:55:51

  • Oscar to the Aurthor, Unbelievabley simple, well written, and thanks a million. Mistro50 Aug 16 2013.

    2013-08-16 14:20:40

  • You are a genius! Well presented and you helped bring something new to me. I've learned more on summarising. Thank you

    2013-08-07 18:22:10

  • This is so far the most comprehensive post on subnetting I ever read. Thank you!

    2013-05-22 22:44:44

  • I Love it....superb one, it's easy to remember and m following it. Thanks 4rm BHUTAN Namgay Dorji 02191

    2013-03-22 05:54:31

by nozero See Profile edited by aryoba See Profile
last modified: 2015-10-16 09:05:36

Suggested pre-reading
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship
»Cisco Forum FAQ »Quick and Easy Subnetting /24 and larger network

Please note that the following reading is intended to those who already have a firm understanding of subnetting. With no such understanding, you are suggested to read links above.

Class-C Supernetting

Let's review the following /28 subnets.


A 192.168.0.0/24 look like the following.

When you look at all IP addresses presented from the entire /28 subnets, such /28 subnet groups make up the entire 192.168.0.0/24 subnet.

At this point you have a concept of seeing a Class C network (full /24) as either groups of single IP addresses (256 of /32 subnets) or groups of smaller subnets. In the previous 192.168.0.0/28 network illustration, the 192.168.0.0/24 can be seen as groups of smaller /28 subnets (16 of /28 subnets).

Following is a list of smaller subnet groups to make up the entire Class C network

Quick Way To Build The Entire /28 Subnets To Make Up Single /24 Network

Since there are 16 IP addresses within one /28 subnet, you can add 16 to the 4th octet of 1st IP address of the subnet to find out the next 1st IP address of the next subnet; while the 1st three octets are constant. Illustration as follows.


Using this approach, you can quickly build the list of entire /28 subnets as follows.


Finding Supernet in /24 Network

Example 1.1

Assume you have the following /28 subnets

192.168.0.0/28 = 192.168.0.0 - 192.168.0.15
192.168.0.16/28 = 192.168.0.16 - 192.168.0.31
192.168.0.32/28 = 192.168.0.32 - 192.168.0.47
192.168.0.48/28 = 192.168.0.48 - 192.168.0.63

Now review this /26 subnet

192.168.0.0/26 = 192.168.0.0 - 192.168.0.63

When you have the entire IP addresses from 192.168.0.0 to 192.168.0.63, you can then simply have a 192.168.0.0/26 to represent. In other words, the four /28 subnets make up single 192.168.0.0/26 subnet. This 192.168.0.0/26 representation is called supernetting or network summarization.

Example 1.2

Assume you have the following /28 subnets

192.168.0.32/28 = 192.168.0.32 - 192.168.0.47
192.168.0.48/28 = 192.168.0.48 - 192.168.0.63
192.168.0.64/28 = 192.168.0.64 - 192.168.0.79
192.168.0.80/28 = 192.168.0.80 - 192.168.0.95

As discussed earlier, a 192.168.0.0/26 subnet comprises the entire IP addresses from 192.168.0.0 to 192.168.0.63. In this case, you do not have IP addresses from 192.168.0.0 to 192.168.0.31. Therefore you cannot have a 192.168.0.0/26 as the supernet of the four /28 subnets.

Now let's review the following two /27 subnets

192.168.0.32/27 = 192.168.0.32 - 192.168.0.63
192.168.0.64/27 = 192.168.0.64 - 192.168.0.95

Since you do have the entire IP addresses from 192.168.0.32 to 192.168.0.95, you can have 192.168.0.32/27 as supernet of 192.168.0.32/28 and 192.168.0.48/28 subnets; also you can have 192.168.0.64/27 as supernet of 192.168.0.64/28 and 192.168.0.80/28 subnets.

Example 1.3

Now let's say you have 32 of 192.168.0.x/29 networks as follows.


Note that 192.168.0.0/24 covers the same IP addresses as the 32 of 192.168.0.x/29 networks (remember, /24 = 32 x /29). When you present the 32 of 192.168.0.x/29 to the same device or audience, you have a choice to present them in the form of 192.168.0.0/24. In this case, you combine the whole 32 of 192.168.0.x/29 to become larger 192.168.0.0/24 network. As mentioned, this combining process is called supernetting. The result network is called supernet.

Example 1.4

Let's review another illustration. This time you have four /30 networks; 192.168.0.0/30, 192.168.0.4/30, 192.168.0.16/30, and 192.168.0.20/30. You then have the following IP address ranges

192.168.0.0/30 = 192.168.0.0 - 192.168.0.3
192.168.0.4/30 = 192.168.0.4 - 192.168.0.7
192.168.0.16/30 = 192.168.0.16 - 192.168.0.19
192.168.0.20/30 = 192.168.0.20 - 192.168.0.23

In simpler form, you have the following IP address ranges

192.168.0.0 - 192.168.0.7 = 192.168.0.0/29
192.168.0.16 - 192.168.0.23 = 192.168.0.16/29

You then have a choice to supernet the four /30 networks to become two larger /29 networks.

Note that you cannot supernet the four /30 networks to become a single larger /27 network of 192.168.0.0/27. Following is the reason.

192.168.0.0/27 = 192.168.0.0 - 192.168.0.31

You don't have the following range

192.168.0.8 - 192.168.0.15 (= 192.168.0.8/29)
192.168.0.24 - 192.168.0.31 (= 192.168.0.24/29)

Therefore to supernet the four /30 networks, you only have a choice to have two larger /29 networks.

A good thing of supernetting is summary without losing details. In network device perspective, dealing with supernetting means conserving resources such memory and CPU utilization.

Some discussions
»[HELP] Why use the no auto-summary command for EIGRP

Supernetting on Larger Networks

Following is a list of smaller subnet groups to make up Class B network

The same concept applies to both Class B and Class A network subnetting. While the Class B network (such as /23 network or larger up to /16) can be seen as groups of Class C networks (/24) as shown, the same concept applies to Class A network (/15 network or larger) where the Class A network can be seen as groups of Class B networks.

Following is a list of smaller subnet groups to make up Class A network

Example 2.1

Let's review the following /24 subnets

192.168.32.0/24
192.168.33.0/24
192.168.34.0/24
192.168.35.0/24

When you look at the above table, you notice that four /24 subnets make up single /22 subnet (/22 = 4 x /24 as noted). Therefore the four /24 as presented is potentially possible to have a /22 subnet as network summary.

In order to verify, you need to have a list of the entire /22 networks to make up single /16 subnet as so.

This is the first /22 subnet

Here are the next two /22 subnets

You may notice that the Network ID increments of every four on the third octet. Therefore you have the remaining /22 subnets by simply adding four on the third octet as follows.


As you may note, the four /24 subnets fit into single 192.168.32.0/22 network, which make the supernet. Therefore you have a choice to represent the four /24 subnets as single 192.168.32.0/22 network.

Example 2.2

As illustration, let's review the following subnets


A 192.168.0.0/16 looks like the following

When you have the entire /22 subnets as shown, you have option to represent them simply as 192.168.0.0/16 subnet.

Example 2.3

Let's find a supernet of the following

192.168.12.0/24
192.168.13.0/24

In order to find the supernet, first create the a list of the entire /24 subnets. Since there are two /24 subnets presented, then a possible supernet is in a form of /23 which /23 = 2 x /24. With this in mind, the list of the entire /24 subnets have to make up single /23 as so.


You may now notice that a 192.168.12.0/23 is the supernet of the two /24 subnets.

Example 2.4

Let's find a supernet of the following

192.168.13.0/24
192.168.14.0/24
192.168.15.0/24
192.168.16.0/24

You may notice that there is no supernet to fit all of those four /24 networks without some undefined ones. Here is a clue.

192.168.12.0/23 = 192.168.12.0/24, 192.168.13.0/24
192.168.14.0/23 = 192.168.14.0/24, 192.168.15.0/24
192.168.16.0/23 = 192.168.16.0/24, 192.168.17.0/24

192.168.12.0/22 = 192.168.12.0/24, 192.168.13.0/24, 192.168.14.0/24, 192.168.15.0/24
192.168.16.0/22 = 192.168.16.0/24, 192.168.17.0/24, 192.168.18.0/24, 192.168.19.0/24

The only candidate supernet to include the four /24 subnets is a /19 as follows

If you are somehow allowed to have 192.168.0.0/24 - 192.168.12.0/24 and 192.168.17.0/24 - 192.168.31.0/24, then the 192.168.0.0/19 is the one supernet with an intentional over-summarizing approach. A slightly different approach is to have two subnets where one is 192.168.12.0/22 to represent the first three /24 subnets and keep the last /24 subnet 192.168.16.0/24 as it is, which is also an intentional over-summary to add 192.168.12.0/24 subnet.

Notes

You may notice that having the list of the entire class is essential to find network summary of certain subnets. In order to have the list, you can always build one up using simple technique as shown previously. Once you have the list, find the fitting supernet.

Some discussions
»[CCNA] Calculating VLSM summary for ICEND2
»Route Summarization

by aryoba See Profile
last modified: 2014-03-10 10:40:40

Solarwinds

Download Solarwinds Subnet Calculator

Online version

by aryoba See Profile
last modified: 2022-03-09 17:21:53