I do not understand subnetting? Cisco Forum FAQI do not understand subnetting? (#8426)
Cisco's slant on subnetting
Learn subnetting in 5 steps
Learn to Subnet
dpocoroba's contribution to the subnetting debate.
If any of the links are dead, please do not hesitate to alert the FAQ Editors by clicking feedback at the bottom of the FAQ.
Notify the FAQ Editors if you have more sources of subnetting material/tutorials and would like to add them to this FAQ.
FAQ originated from this thread on dpocoroba's suggestion.
Introduction
You may wonder what subnetting is and its purpose. A loose understanding is the following. Subnetting is a process of partitioning a network into smaller (sub) independent network. The smaller network is called subnet.
Subnetting relates to a good network design. One aspect of a good network design is to optimize the IP addresses that you have. Don't let IP addresses unused or go wasted. This is true especially when you have to pay to have those IP addresses, or you have limited IP address range to work with.
The example of pay IP addresses is Public IP addresses that you retrieved from your ISP. You have to pay certain amount to have static IP addresses dedicated to you from your ISP. When you ask more IP from them, you have to pay more.
Binary Number System (2-based Number System)
The most difficult part of understanding subnetting is probably the math (the calculation). As you can see from the links above, subnetting involves binary numbers. Yes, you are required to understand at least the basic of binary number system in order to understand subnetting process.
Binary number system is used by any computers based on their nature of "on" and "off" state. Unfortunately we humans are used to decimal number system, hence create a gap. This gap leads to some kind of confusion to those who are just learning networking and subnetting.
But no worries! There is an easier way to understand subnetting with less theory and more practical approach. The key is to keep using decimal number system with binary number system in mind.
Before we begin, you need to refresh your math on power. Following is an illustration.
2^0 = 1
2^1 = 2
2^2 = 2 x 2 = 4
2^3 = 2 x 2 x 2 = 8
2^4 = 2 x 2 x 2 x 2 = 16
2^5 = 32
2^6 = 64
2^7 = 128
2^8 = 256
Binary system number is based on power of two (2^n). This number system shows that you can only double the current number to have the next bigger number. This number system also shows that you can only halve the current number to have the previous number. The Binary system number hence introduces the concept of half-and-double size.
To explore further, check out the following table. On the table, note that the next bigger number is always double the size of the current number. From different approach, the previous number is always half size of the current number.
As you may see, there is no other way to have the next bigger number of the current number but to double size of current number. Similarly, there is no other way to have one smaller number of the current number but to halve size the current number. The interval between one number and the next or between one number and the previous is always based on the power of two. Keep in mind that this half-and-double size concept is the very basic of subnetting as you will later find out.
1 x 2 = 2 | half the size
2 x 2 = 4 | A
4 x 2 = 8 | |
8 x 2 = 16 | |
16 x 2 = 32 | |
32 x 2 = 64 | |
64 x 2 = 128 V |
128 x 2 = 256 double the size |
In terms of subnetting,
1 = /32 = 255.255.255.255
2 = /31 = 255.255.255.254
4 = /30 = 255.255.255.252
8 = /29 = 255.255.255.248
16 = /28 = 255.255.255.240
32 = /27 = 255.255.255.224
64 = /26 = 255.255.255.192
128 = /25 = 255.255.255.128
256 = /24 = 255.255.255.0
In terms of IP address quantity
/32: 2^0 = 1 = 1 IP address within the subnet
/31: 2^1 = 2 of /32 = 2 x 1 = 2 = 2 IP addresses within the subnet
/30: 2^2 = 2 of /31 = 2 x 2 = 4 = 4 IP addresses within the subnet
/29: 2^3 = 2 of /30 = 2 x 4 = 8 = 8 IP addresses within the subnet
/28: 2^4 = 2 of /29 = 2 x 8 = 16 = 16 IP addresses within the subnet
/27: 2^5 = 2 of /28 = 2 x 16 = 32 = 32 IP addresses within the subnet
/26: 2^6 = 2 of /27 = 2 x 32 = 64 = 64 IP addresses within the subnet
/25: 2^7 = 2 of /26 = 2 x 64 = 128 = 128 IP addresses within the subnet
/24: 2^8 = 2 of /25 = 2 x 128 = 256 = 256 IP addresses within the subnet
Side Note:
Some people refer the xxx.xxx.xxx.xxx notation as octet (8-based number system). There are four octets in the notation. To separate the octets, there are dots between them. I call them 4-tuple octet.
For /24 to /32 subnets, the 1st three octets remain the same. The only octet that changes is the 4th octet (the last octet).
Subnet Mask
Subnetting always relates to something called Subnet Mask. Subnet Mask is the way an IP address represent which subnet it is under.
To show you how a subnet mask looks like, let's review the previous table.
1 = /32 = 255.255.255.255
2 = /31 = 255.255.255.254
4 = /30 = 255.255.255.252
8 = /29 = 255.255.255.248
16 = /28 = 255.255.255.240
32 = /27 = 255.255.255.224
64 = /26 = 255.255.255.192
128 = /25 = 255.255.255.128
256 = /24 = 255.255.255.0
As mentioned, there are octets separated by dots that I called 4-tuple octet. This 4-tuple octet is commonly known as Subnet Mask.
Another format of displaying subnet mask is by using CIDR (Classless Inter-Domain Routing) format. Where the 4-tuple octet format is shown on the above table rightmost column, the CIDR format is shown on the above table leftmost column. To clarify, check out following table.
IP Address Quantity Within Subnet CIDR format subnet mask 4-tuple octet format subnet mask
1 /32 255.255.255.255
2 /31 255.255.255.254
4 /30 255.255.255.252
8 /29 255.255.255.248
16 /28 255.255.255.240
32 /27 255.255.255.224
64 /26 255.255.255.192
128 /25 255.255.255.128
256 /24 255.255.255.0
Later you will find out that CIDR format is based on the subnet mask binary format where the number behind the / represents how many bits are set to 1 (one) contiguously from the left. You will also learn this relationship between subnet mask and IP address quantity within the subnet from the subnet mask binary format.
Following is illustration of how a subnet mask determine how an IP address fits into a subnet.
Example #1
IP Address: 192.168.0.4
Subnet Mask: /31 (255.255.255.254)
From the table above, /31 informs that there is a network that consists of two IP addresses; 192.168.0.4 and 192.168.0.5. The 192.168.0.4/31 is the 1st IP address of the network.
Example #2
IP Address: 192.168.0.4
Subnet Mask: /30 (255.255.255.252)
Refer to the table, /30 shows that there is a network that consists of four IP addresses; 192.168.0.4 to 192.168.0.7. The 192.168.0.4/30 is the 1st IP address of the network.
Example #3
IP Address: 192.168.0.4
Subnet Mask: /29 (255.255.255.248)
Using the above table, /29 reflects that there is a network that consists of eight IP addresses; 192.168.0.0 to 192.168.0.7. The 192.168.0.4/29 is the 5th IP address of the network.
Example #4
IP Address: 192.168.0.4
Subnet Mask: /32 (255.255.255.255)
Based on the above table, /32 points that there is a network that consists of a single IP address; 192.168.0.4. The 192.168.0.4/32 is the 1st and the last (the only) IP address of the network.
Number of IP Address Within A Subnet
Let's review the table of number of IP address within a subnet above. Let's say you have the following
* 192.168.0.0/32
IP Address: 192.168.0.0
Subnet Mask: /32 (255.255.255.255)
Number of IP address within the subnet: 1
Number of IP address available for host: 1
IP Address range: 192.168.0.0
* 192.168.0.0/31
IP Address: 192.168.0.0
Subnet Mask: /31 (255.255.255.254)
Number of IP address within the subnet: 2
Number of IP address available for host: 2
IP Address range: 192.168.0.0, 192.168.0.1
* 192.168.0.0/29
IP Address: 192.168.0.0
Subnet Mask: /29 (255.255.255.248)
Number of IP address within the subnet: 8
Number of IP address available for host: 8
IP Address range: 192.168.0.0, 192.168.0.1, ..., 192.168.0.6, 192.168.0.7
The Size Doubling and Subnetting
Referring to the previous examples, you may wonder how to create such table that shows specific IP address belongs to specific order number of a network or to determine the IP address range available for host by just looking at the subnet mask. Following is the break down.
To describe, let's start with 192.168.0.0/24 network. Referring to the above host IP address availability table, note that 192.168.0.0/24 network consists of 256 IP addresses; from 192.168.0.0, 192.168.0.1, 192.168.0.2, ...., 192.168.0.254, to 192.168.0.255.
In this following illustration, you can see the 192.168.0.0/24 as a long piece of wood where each end represents the 1st and the last IP addresses; 192.168.0.0/24 and 192.168.0.255/24 respectively.
/24
+---------------------------------------------------------------------------------- ------- ------------+
| |
+---------------------------------------------------------------------------------- ------- ------------+
A A
| |
1st IP address (192.168.0.0/24) Last IP address ( 192.168.0.255/24)
When you break up a /24 network into two equal sub-networks, note that you have two /25 networks. In other words, a /24 network is double the size of /25 network.
Using the long piece of wood illustration, the long piece of wood of a /24 breaks into two pieces of equal size. Let's call the pieces as the 1st half and the 2nd half.
Since the /24 network is 192.168.0.0/24, then the two /25 networks off the /24 network are 192.168.0.0/25 (1st half) and 192.168.0.128/25 (2nd half). The 1st half, 192.168.0.0/25 network, consists of 128 IP addresses; from 192.168.0.0, 192.168.0.1, ...., to 192.168.0.127. The 2nd half, 192.168.0.128/28, consists of also 128 IP addresses; from 192.168.0.128, 192.168.0.129, ...., to 192.168.0.255.
Following is the illustration.
/24
+---------------------------------------------------+ +----------------------------------- --------------+
| | | |
+---------------------------------------------------+ +----------------------------------- --------------+
1st half (1st /25) 2nd half (2nd /25)
A A A A
| | | |
1st IP address (192.168.0.0/25) | | Last IP address ( 192.168.0.255/24)
| |
Last IP address (192.168.0.127/25) 1st IP address (192.168.0.128/25)
Similarly, breaks up a /25 network into two equal-size networks gives you two /26 networks. In other words, a /25 network is double the size of /26 network.
Using the long piece of wood illustration, each piece of wood of a /25 breaks into two pieces of equal size. Therefore the original long piece of wood of a /24 now becomes four pieces of equal size. Let's call these four pieces as 1st, 2nd, 3rd, and 4th quarter respectively.
You now have four /26 networks when you break up a /24 network into four equal-size networks. Each of the four /26 networks consists of 64 IP addresses. Since the /24 network is 192.168.0.0/24, then the four /26 networks off the /24 network are 192.168.0.0/26 (1st quarter), 192.168.0.64/25 (2nd quarter), 192.168.0.128/26 (3rd quarter), and 192.168.0.192/26 (last quarter).
Following is the illustration.
/24
+-----------------------+ +--------------------------+ +----------------------+ +--------- ---------------+
| | | | | | | |
+-----------------------+ +--------------------------+ +----------------------+ +--------- ---------------+
1st /26 2nd /26 3rd /26 4 th /26
A A A A A A A A
| | | | | | | |
1st IP address | | Last IP address | Last IP address | Last IP address
(192.168.0.0/26) | | (192.168.0.127/26) | (192.168.0.191/26) | ( 192.168.0.255/26)
| | | |
Last IP address 1st IP address 1st IP address 1st IP add ress
(192.168.0.63/26) (192.168.0.64/26) (192.168.0.128/26) (192.168.0 .192/26)
The same logic continues where /26 network is double the size of /27 network (or /27 network is half size of /26 network) and /31 network is double the size of /32 network (or /32 network is half size of /31 network).
To sum up the understanding, following shows how larger subnet size correlates to smaller subnet size.
/24 = 2 x /25 = 4 x /26 = 8 x /27 = 16 x /28 = 32 x /29 = 64 x /30 = 128 x /31 = 256 x /32
How did this half-and-double size concept come form? Let's review the previous table to find the answer.
/32: 2^0 = 1 = 1 IP address within the subnet
/31: 2^1 = 2 of /32 = 2 x 1 = 2 = 2 IP addresses within the subnet
/30: 2^2 = 2 of /31 = 2 x 2 = 4 = 4 IP addresses within the subnet
/29: 2^3 = 2 of /30 = 2 x 4 = 8 = 8 IP addresses within the subnet
/28: 2^4 = 2 of /29 = 2 x 8 = 16 = 16 IP addresses within the subnet
/27: 2^5 = 2 of /28 = 2 x 16 = 32 = 32 IP addresses within the subnet
/26: 2^6 = 2 of /27 = 2 x 32 = 64 = 64 IP addresses within the subnet
/25: 2^7 = 2 of /26 = 2 x 64 = 128 = 128 IP addresses within the subnet
/24: 2^8 = 2 of /25 = 2 x 128 = 256 = 256 IP addresses within the subnet
Note that the concept of half-and-double size is based on the binary system where you can only double the network size or break up the subnet into two equal size of smaller networks as shown on previous table. As mentioned earlier, the interval between one number and the next or between one number and the previous is always based on the power of two; which introduces the very basic of subnetting logic.
Using the same logic as presented, let's recap. Subnetting /24 network into
* 2 equal network size makes 2 of /25 networks
* 4 equal network size makes 4 of /26 networks
* 8 equal network size makes 8 of /27 networks
* 256 equal network size makes 256 of /32 networks
When the /24 network is 192.168.0.0/24, then following are how the smaller subnets look like.
The 4 /26 networks:
1. 192.168.0.0/26
IP Address: 192.168.0.0
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.0, 192.168.0.1, ...., to 192.168.0.63
2. 192.168.0.64/26
IP Address: 192.168.0.64
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.64, 192.168.0.65, ...., to 192.168.0.127
3. 192.168.0.128/26
IP Address: 192.168.0.128
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.128, 192.168.0.129, ...., to 192.168.0.191
4. 192.168.0.192/26
IP Address: 192.168.0.192
Subnet Mask: /26 (255.255.255.192)
Number of IP address within the subnet: 64
Number of IP address available for host: 64
IP Address range: 192.168.0.192, 192.168.0.193, ...., to 192.168.0.255
The 32 /29 networks
192.168.0.0 /29 = 192.168.0.0 - 192.168.0.7
192.168.0.8 /29 = 192.168.0.8 - 192.168.0.15
192.168.0.16 /29 = 192.168.0.16 - 192.168.0.23
.
.
.
192.168.0.240/29 = 192.168.0.240 - 192.168.0.247
192.168.0.248/29 = 192.168.0.248 - 192.168.0.255
If let's say you only need nine subnets off 192.168.0.0/24, then following are the considerations.
* All subnets are in equal size
* Subnet quantity are only in two-power form which are 2 (as of 2 x /25), 4 (as of 4 x /26), 8 (as of 8 x /27), 16 (as of 16 x /28), and so on
* Nine is higher than 8 and is lower than 16
* To accommodate the nine subnets, then you can consider the 16 of the /28 subnet size
* You could then take the 1st nine subnet out of the 16 subnets available
* The nine subnets you take are 192.168.0.0/28, 192.168.0.16/28, 192.168.0.32/28, 192.168.0.48/28, 192.168.0.64/28, 192.168.0.80/28, 192.168.0.96/28, 192.168.0.112/28, and 192.168.0.128/28
Octet and Subnet Calculating
As you may notice, IP address and subnet mask are presented in form of octet (the xxx.xxx.xxx.xxx). There are four octets on both IP address and subnet mask representation, where dots are used to separate one octet from another.
In math, octet can be seen as "summary" of binary numbers. This is one of key in easy subnet calculation using decimal number system with binary number system in mind.
Another key to such easy subnet calculation is utilizing the octet. Start working from the last octet and work up the one previous octet when necessary. In calculating IP address within /24 subnet or smaller for example, note that only the last octet is changing as mentioned previously. When you calculate subnet larger than /24, you will then consider the 3rd octet (and the rest) as necessary.
Specifically with /25 or smaller subnet, you need to calculate starting from /24. In other word, you should see the /25 or smaller subnet as part of larger /24 network. Any /25 or smaller subnet calculation must refer to the larger /24 network, or in other word, must refer to the last octet.
Here is illustration. Let's say you are given 192.168.0.67/28 network. You need to determine the following
* range of IP addresses within the subnet
* order number of 192.168.0.67 IP address within the subnet
You start by seeing 192.168.0.67/28 as part of larger 192.168.0.0/24 network. In other words, you have to start calculating from 192.168.0.0 IP address (the 1st IP address) to create a list of smaller /28 networks off a larger /24 network.
Referring to the previous table, /28 = 2^4 = 16 IP addresses. Therefore the 1st /28 should be the following
192.168.0.0 - 192.168.0.15
The remaining /28 network should be the following
192.168.0.16 - 192.168.0.31
192.168.0.32 - 192.168.0.47
192.168.0.48 - 192.168.0.63
192.168.0.64 - 192.168.0.79
192.168.0.80 - 192.168.0.95
192.168.0.96 - 192.168.0.111
192.168.0.112 - 192.168.0.127
192.168.0.128 - 192.168.0.143
192.168.0.144 - 192.168.0.159
192.168.0.160 - 192.168.0.175
192.168.0.176 - 192.168.0.191
192.168.0.192 - 192.168.0.207
192.168.0.208 - 192.168.0.223
192.168.0.224 - 192.168.0.239
192.168.0.240 - 192.168.0.255
which makes up the entire 192.168.0.0/24 network.
By referring to the 1st IP address of each /28 subnet, you present those subnets as follow
192.168.0.0 - 192.168.0.15 = 192.168.0.0/28
192.168.0.16 - 192.168.0.31 = 192.168.0.16/28
192.168.0.32 - 192.168.0.47 = 192.168.0.32/28
192.168.0.48 - 192.168.0.63 = 192.168.0.48/28
192.168.0.64 - 192.168.0.79 = 192.168.0.64/28
192.168.0.80 - 192.168.0.95 = 192.168.0.80/28
192.168.0.96 - 192.168.0.111 = 192.168.0.96/28
192.168.0.112 - 192.168.0.127 = 192.168.0.112/28
192.168.0.128 - 192.168.0.143 = 192.168.0.128/28
192.168.0.144 - 192.168.0.159 = 192.168.0.144/28
192.168.0.160 - 192.168.0.175 = 192.168.0.160/28
192.168.0.176 - 192.168.0.191 = 192.168.0.176/28
192.168.0.192 - 192.168.0.207 = 192.168.0.192/28
192.168.0.208 - 192.168.0.223 = 192.168.0.208/28
192.168.0.224 - 192.168.0.239 = 192.168.0.224/28
192.168.0.240 - 192.168.0.255 = 192.168.0.240/28
Later on, you will learn that the 1st IP address as the reference is called Network ID.
Let's return to the question of finding the IP address range of 192.168.0.67/28. Referring to the above table, you see that 192.168.0.67 is between 192.168.0.64 to 192.168.0.79 or within 192.168.0.64/28. Therefore the IP address range is 192.168.0.64 - 192.168.0.79, where the 192.168.0.67 is the 4th IP address.
Note:
Since there are 16 IP addresses within one subnet, you can add 16 to the 4th octet of 1st IP address of the subnet to find out the next 1st IP address of the next subnet; while the 1st three octets are constant. Illustration as follows.
1st Subnet: 192.168.0.0/28
Octet
1st.2nd.3rd.4th
192.168. 0 . 0
16
+ ----
16
Next Subnet: 192.168.0.16/28
2nd Subnet: 192.168.0.16/28
Octet
1st.2nd.3rd.4th
192.168. 0 .16
16
+ ----
32
Next Subnet: 192.168.0.32/28
Later you will learn how to find such specific subnet quickly using some tips and tricks.
Supernetting
Let's review the previous 192.168.0.0/28 network illustration. As noted, you can create a list of /28 networks to make up a larger 192.168.0.0/24 network. When you combine the entire /28 networks, the result is the basically the same as the 192.168.0.0/24 network.
Now let's say you have 32 of 192.168.0.x/29 networks. Note that 192.168.0.0/24 covers the same IP addresses as the 32 of 192.168.0.x/29 networks. When you present the 32 of 192.168.0.x/29 to the same device or audience, you have a choice to present them in the form of 192.168.0.0/24.
In other word, you combine the whole 32 of 192.168.0.x/29 to become larger 192.168.0.0/24 network. This combining process is called supernetting. The result network is called supernet.
Let's review another illustration. This time you have four /30 networks; 192.168.0.0/30, 192.168.0.4/30, 192.168.0.16/30, and 192.168.0.20/30. You then have the following IP address ranges
192.168.0.0/30 = 192.168.0.0 - 192.168.0.3
192.168.0.4/30 = 192.168.0.4 - 192.168.0.7
192.168.0.16/30 = 192.168.0.16 - 192.168.0.19
192.168.0.20/30 = 192.168.0.20 - 192.168.0.23
In simpler form, you have the following IP address ranges
192.168.0.0 - 192.168.0.7 = 192.168.0.0/29
192.168.0.16 - 192.168.0.23 = 192.168.0.16/29
You then have a choice to supernet the four /30 networks to become two larger /29 networks.
Note that you cannot supernet the four /30 networks to become a single larger /27 network of 192.168.0.0/27. Following is the reason.
192.168.0.0/27 = 192.168.0.0 - 192.168.0.31
You don't have the following range
192.168.0.8 - 192.168.0.15 (= 192.168.0.8/29)
192.168.0.24 - 192.168.0.31 (= 192.168.0.24/29)
Therefore to supernet the four /30 networks, you only have a choice to have two larger /29 networks.
A good thing of supernetting is summary without losing details. In network device perspective, dealing with supernetting means conserving resources such memory and CPU utilization.
Broadcast Network
A loose understanding of broadcast network is a network that consists of multiple IP addresses (multiple machines). Example of broadcast network are Ethernet and Token Ring network. Following is illustration.
Ethernet
Host A Host C Host E
| | |
+------+-------+-------+--------+
| |
Host B Host D
Token Ring
Host A Host C
| |
+--------------+
| |
Host B ---+ +--- Host D
| |
+------+-------+
|
Host E
Since there are multiple IP addresses within the network, there must be a mechanism to properly select communication partner IP address when one IP address need to communicate with other IP address within the network.
The mechanism is called broadcast. This broadcast mechanism requires the communication partner IP address (the Layer 3 info) or the communication partner MAC address (the Layer 2 info) before starting the mechanism.
To find its communication partner within a broadcast network, one IP address broadcasts its communication partner IP address and expect to receive a reply from the partner with its MAC address. Once the IP address receives its communication partner MAC address, it starts to communicate with its partner using MAC address.
Network ID and Network Broadcast IP Addresses
In broadcast network, there is a need to send broadcast to find either IP address of specific MAC address, or to find MAC address of specific IP address. This process is called ARP (Address Resolution Protocol) or RARP (Reverse ARP).
To broadcast, the network utilizes an IP address. This IP address is called broadcast IP address. In a subnet, usually the broadcast IP address is the last IP address.
As example, the broadcast IP address of 192.168.0.0/29 subnet is the 192.168.0.7/29.
In broadcast network, there is also a term called Network ID. Network ID is an IP address that is used to identify specific subnet. In a subnet, usually the network ID is the 1st IP address.
As example, the network ID IP address of 192.168.0.8/29 subnet is the 192.168.0.8/29.
Normally Network ID and Network Broadcast IP addresses are not allowed to be used by hosts in broadcast network since such IP addresses are reserved for ARP/RARP processes. When there is a special situation as you find out later on, the Network ID and Network Broadcast IP addresses could be usable by hosts.
Subnet Zero; Network ID and Network Broadcast Subnets
Let's review the previous 192.168.0.0/28 subnet table
192.168.0.0 - 192.168.0.15 = 192.168.0.0/28
192.168.0.16 - 192.168.0.31 = 192.168.0.16/28
192.168.0.32 - 192.168.0.47 = 192.168.0.32/28
192.168.0.48 - 192.168.0.63 = 192.168.0.48/28
192.168.0.64 - 192.168.0.79 = 192.168.0.64/28
192.168.0.80 - 192.168.0.95 = 192.168.0.80/28
192.168.0.96 - 192.168.0.111 = 192.168.0.96/28
192.168.0.112 - 192.168.0.127 = 192.168.0.112/28
192.168.0.128 - 192.168.0.143 = 192.168.0.128/28
192.168.0.144 - 192.168.0.159 = 192.168.0.144/28
192.168.0.160 - 192.168.0.175 = 192.168.0.160/28
192.168.0.176 - 192.168.0.191 = 192.168.0.176/28
192.168.0.192 - 192.168.0.207 = 192.168.0.192/28
192.168.0.208 - 192.168.0.223 = 192.168.0.208/28
192.168.0.224 - 192.168.0.239 = 192.168.0.224/28
192.168.0.240 - 192.168.0.255 = 192.168.0.240/28
Similar to the concept of Network ID and Network Broadcast IP addresses, Network ID subnet is the 1st subnet and Network Broadcast subnet is the last subnet. On the previous table,
Network ID Subnet : 192.168.0.0/28 (also called Subnet Zero)
Network Broadcast Subnet: 192.168.0.240/28
As a note, Subnet Zero itself refers to the subnet of all 0 and/or subnet of all 1 in binary system perspective. In other words, Subnet Zero refers to the Network ID (the all 0) and Network Broadcast (the all 1) subnets.
In the beginning of subnetting technology, using Network ID (or Subnet Zero) and Network Broadcast subnets are not allowed with similar reason of not allowing Network ID and Network Broadcast IP address usages. With newer technology, it is now permitable to use the Network ID and Network Broadcast subnets for host IP address assignments.
On today's network, most network are Subnet Zero applicable. When you have to assign IP addresses and/or subnet on today's network, most of the time Subnet Zero usage is assumed. However it is always a good idea to confirm if Subnet Zero is permitable to use or not on specific network.
Broadcast and Point-to-Point Networks
Network ID and broadcast IP addresses usually exist in broadcast network. As mentioned earlier, network ID and broadcast IP addresses are used to find IP address within the broadcast network to be able to have one IP address to communicate to the IP address in question.
Beside a broadcast network, there is also a point-to-point network. Unlike broadcast network where there are multiple IP addresses, point-to-point network only consists of two IP addresses.
Here is an illustration
Broadcast Network
Host A Host C Host E
| | |
+------+-------+-------+--------+
| |
Host B Host D
Point-to-Point Network
Host A ------- Host B
In a point-to-point network, there should be no need to use network ID and broadcast IP addresses. When one IP address needs to communicate with other IP address, the one IP address no need to select its communication partner. Since there are only two IP addresses in the network, the other IP address must be the one that needs to be communicated with.
Note that when someone says broadcast network, the person usually means that the network consists of more than two IP addresses. It is possible however to have broadcast network consisting of only two IP addresses. If a broadcast network only consists of two IP addresses, it is basically point-to-point network.
When you have a broadcast network that consists only two IP addresses, you then have a choice to keep it as broadcast network or convert it to a point-to-point network.
Following is an illustration. Let's say we have 192.168.0.0/30 network. The network is a broadcast network. The network ID is 192.168.0.0/30 and network broadcast is 192.168.0.3/30.
In a broadcast network, the actual IP addresses that can be the host's IP addresses are the remaining after IP addresses reserved for network ID and network broadcast. In 192.168.0.0/30 network, the available IP addresses that can be the host's IP addresses are 192.168.0.1 and 192.168.0.2.
Here is the breakdown
192.168.0.0/30
IP Address : 192.168.0.0
Subnet Mask : /30 (255.255.255.252)
Number of IP address within the subnet : 4
Number of IP address available for host: 2
IP Address range : 192.168.0.0 - 192.168.0.3
Network ID : 192.168.0.0
Network Broadcast : 192.168.0.3
IP Address range for host : 192.168.0.1, 192.168.0.2
As you can see, there are only two actual IP addresses within 192.168.0.0/30; the 192.168.0.1 and 192.168.0.2. Therefore this broadcast network is somewhat point-to-point network. You then have an option to convert the network to be point-to-point network.
Should you decide to convert, then you can subnet 192.168.0.0/30 into two /31 networks; one is 192.168.0.0/31 and another is 192.168.0.2/31. You can use 192.168.0.0/31 for these two hosts to communicate with each other. You can then keep the 192.168.0.2/31 for future use should you have more point-to-point network.
Here is the breakdown
* Subnet 192.168.0.0/30 into 2 equal network size makes 2 of /31 networks
1. 192.168.0.0/31 = 192.168.0.0, 192.168.0.1
2. 192.168.0.2/31 = 192.168.0.2, 192.168.0.3
* Use 192.168.0.0/31 and keep 192.168.0.2/31 for future use
* Convert hosts' interface to be point-to-point network member from broadcast network member
* Assign 192.168.0.0 with /31 subnet mask to one host and assign 192.168.0.1 with /31 subnet mask to another host
Some Tips and Tricks
1. Quickly Convert CIDR Format To Dotted 4-Tuple Octet Format
Let's review the following CIDR and dotted 4-tuple octet format comparison
/32 = 255.255.255.255
/31 = 255.255.255.254
/30 = 255.255.255.252
/29 = 255.255.255.248
/28 = 255.255.255.240
/27 = 255.255.255.224
/26 = 255.255.255.192
/25 = 255.255.255.128
/24 = 255.255.255.0
As mentioned, the 1st three octet in the dotted 4-tuple always stays the same in /24 and longer prefix. In other word, only the last octet changes.
Also mentioned, there is only one IP address within /32 CIDR. The next bigger subnet size is always double of the current subnet size. In other words, there are two IP addresses within /31 CIDR (double of 1 in /32 CIDR). Following is the table
1 IP address = 1 = /32 = 255.255.255.255
2 IP addresses = 1 x 2 = /31 = 255.255.255.254
4 IP addresses = 2 x 2 = /30 = 255.255.255.252
8 IP addresses = 4 x 2 = /29 = 255.255.255.248
16 IP addresses = 8 x 2 = /28 = 255.255.255.240
32 IP addresses = 16 x 2 = /27 = 255.255.255.224
64 IP addresses = 32 x 2 = /26 = 255.255.255.192
128 IP addresses = 64 x 2 = /25 = 255.255.255.128
256 IP addresses = 128 x 2 = /24 = 255.255.255.0
Now let's only consider the last octet on the dotted 4-tuple format. Also keep in mind the IP address amount availability within each subnet. Note the change on the last octet in the following table
/32: 255 - 0 = 255
/31: 255 - 1 = 254
/30: 254 - 2 = 252
/29: 252 - 4 = 248
/28: 248 - 8 = 240
/27: 240 - 16 = 224
/26: 224 - 32 = 192
/25: 192 - 64 = 128
/24: 128 - 128 = 0
The subtraction result is always the last octet next number. You can apply this to convert CIDR format to dotted 4-tuple format quickly.
Let's say you have /26 CIDR subnet mask and you need to know how the subnet mask looks like in the dotted 4-tuple format.
Start with the longest prefix, which /32 CIDR. Here are the key points.
* The /32 always match with 255 of the last octet on the dotted 4-tuple
* To convert /24 CIDR or longer prefix to the dotted 4-tuple, only consider the last octet
* In /24 CIDR or longer prefix (within Class C), the 1st three are octet always the same; which is 255
* /32 only has one IP address
* The next bigger subnet has always double size of current subnet
Using these knowledge, you can start creating your own build-up table as follows.
/32 CIDR: 255 (the current last octet) - previous number of IP address (= 0 IP address) = 255 (the new current last octet)
/31 CIDR: 255 (the current last octet) - previous number of IP address (= 1 IP address) = 254 (the new current last octet)
/30 CIDR: 254 (the current last octet) - previous number of IP address (= 2 = (1 x 2) IP addresses) = 252 (the new current last octet)
/29 CIDR: 252 (the current last octet) - previous number of IP address (= 4 = (2 x 2) IP addresses) = 248 (the new current last octet)
/28 CIDR: 248 (the current last octet) - previous number of IP address (= 8 = (4 x 2) IP addresses) = 240 (the new current last octet)
/27 CIDR: 240 (the current last octet) - previous number of IP address (= 16 = (8 x 2) IP addresses) = 224 (the new current last octet)
/26 CIDR: 224 (the current last octet) - previous number of IP address (= 32 = (16 x 2) IP addresses) = 192 (the new current last octet)
Referring to the build-up table, you know now that /26 CIDR is equal xxx.xxx.xxx.192
Since the 1st three octet are always 255; then the dotted 4-tuple format equivalent to /26 CIDR is 255.255.255.192
2. Quickly Find How Many IP Address Within Specific Subnet
For the next tip, let's review the following. Say you have 255.255.255.224 subnet mask and you need to know how many IP addresses within the subnet.
You may notice that in dotted 4-tuple format, the 255 is the last number within 256 range; where 0 (zero) is the 1st number. As a note, the 256 range is based on 8-bit system; hence it is called octet (the 8-bit numbering system).
Let's review the following table
CIDR The range Last octet on Number of IP address
within octet the 4-tuple within the subnet
/32: 256 - 255 = 1
/31: 256 - 254 = 2
/30: 256 - 252 = 4
/29: 256 - 248 = 8
/28: 256 - 240 = 16
/27: 256 - 224 = 32
/26: 256 - 192 = 64
/25: 256 - 128 = 128
/24: 256 - 0 = 256
Referring to the table, you know now that there are 32 IP addresses within the 255.255.255.224 subnet mask.
3. Reverse Bit Correlation Between Subnet Mask and Number of IP Address
Let's review the previous table. Note that the sum between the octet and number of IP address is always equal to 256, which is the range within octet. In the binary format, this is seen as a reverse correlation between subnet mask and IP address number. In other words, the subnet mask is always the reverse bit of the IP address number from binary format perspective.
Following is an illustration. Say you have a full Class C network. You like to subnet the network into /29 CIDR network. You like to know how many /29 subnet will be and how many IP addresses within each /29 subnet.
The full Class C network is /24 CIDR (255.255.255.0). To subnet the /24 into /29, the last octet will change while the 1st three octets are constant.
Let's focus on the last octet. Keep in mind that octet is an 8-bit binary. In binary format, this is how subnet mask looks like
O C T E T
1st.2nd.3rd.4th 1st . 2nd . 3rd . 4th
/24: 255.255.255.0 = 11111111.11111111.11111111.00000000
/25: 255.255.255.128 = 11111111.11111111.11111111.10000000
/26: 255.255.255.192 = 11111111.11111111.11111111.11000000
/27: 255.255.255.224 = 11111111.11111111.11111111.11100000
/28: 255.255.255.240 = 11111111.11111111.11111111.11110000
/29: 255.255.255.248 = 11111111.11111111.11111111.11111000
/30: 255.255.255.252 = 11111111.11111111.11111111.11111100
/31: 255.255.255.254 = 11111111.11111111.11111111.11111110
/32: 255.255.255.255 = 11111111.11111111.11111111.11111111
From the table, you can see that the 1st 24 bit are set to 1 (one) and the remaining bit are set to 0 (zero) on /24 CIDR. On the /29, the 1st 29 bit are set to 1 and the remaining bit are set to 0. As you may realize, the set-to-one bits are the basis of CIDR format since the number behind the / shows how many contiguous bits are set to 1 (one) from the left.
Let's take the last octet (the last 8-bit) of the /29 CIDR
11111000
The reverse bit is
00000111
As you may notice,
11111000 = 1 x 2^7 + 1 x 2^6 + 1 x 2^5 + 1 x 2^4 + 1 x 2^3 + 0 x 2^2 + 0 x 2^1 + 0 x 2^0
= 128 + 64 + 32 + 16 + 8 + 0 + 0 + 0
= 248
00000111 = 0 x 2^7 + 0 x 2^6 + 0 x 2^5 + 0 x 2^4 + 0 x 2^3 + 1 x 2^2 + 1 x 2^1 + 1 x 2^0
= 8
The 248 represents the last octet of the /29 subnet mask and the 8 represents the number of IP addresses within the /29 subnet.
Since you are subnetting /24 into /29, then you only consider the last octet. From the last octet perspective, the 1st five bits are set to 1. As mentioned, the set-to-one bits represents the subnet mask and the set-to-zero bits represents the IP address number within the subnet.
To find out the subnet mask quantity from the last octet perspective,
* take the number of bits that are set to 1; which is five
* take this five as the power of 2 as 2^5
* 2^5 = 32
This 32 represents the quantity of /29 subnet that you will have when you subnet /24 network into /29 network.
To find out the IP address quantity within each /29 subnet from the last octet perspective,
* take the number of bits that are set to 0; which is three
* take this three as the power of 2 as 2^3
* 2^3 = 8
This 8 represents the quantity of IP address that you will have within each /29 subnet.
Note:
This subnet mask reverse bit is the foundation of wildcard (inverse subnet mask) understanding. Check out following FAQ for further info.
»Cisco Forum FAQ »The Wildcard (Inverse) Subnet Mask
When you deal with broadcast network, then you must reserve one IP address (the 1st one, the all zero) for Network ID and reserve another IP address (the last one, the all one) for Network Broadcast. With the /29 subnet, then there are 6 usable IP addresses (8 - 1 for Network ID - 1 for Network Broadcast) for hosts.
There is a similar situation with the subnet quantity. Note that so far the assumption is that you can use Subnet Zero, which are the 1st (the all zero, Network ID) and last (the all one, Network Broadcast) subnets. When you cannot use Subnet Zero, then there are only 30 usable subnets (32 - 1 for Network ID - 1 for Network Broadcast) for hosts when you subnet /24 into /29 network.
4. Quickly Determine Specific Subnet Range
Let's review the previous illustration of subnetting /24 into /29 network. This time you like to see what the 23rd subnet looks like or what the 23rd subnet range is when the /24 network is 192.168.100.0 network.
Since this is subnetting /24 into longer prefix, you only need to focus on the last octet; where the 1st three octet are constant.
To quickly determine the subnet range is, you can use the following formula to determine the last octet of the Network ID number (the 1st number within the last octet).
Last Octet Network ID number of the n-th subnet = (n - 1) x Number of IP addresses within the subnet
Once you have the Network ID number, you can add that number by (Number of IP addresses within the subnet - 1) to have the Broadcast ID number (the last number within the last octet).
At this point, you should have the 1st and the last number within the last octet. In other words, you now have the subnet range which shows you the 1st and the last IP addresses.
Following is the illustration with the 192.168.100.0/24 subnetting into /29 networks.
As mentioned, there are 8 IP addresses within /29 network. Since you like to know what the 23rd subnet range is, then the n = 23.
To find out the last octet Network ID number,
(23 - 1) x 8 = 176
To find out the last octet Network Broadcast number,
176 + (8 - 1) = 183
Therefore the 23rd /29 subnet range is
192.168.100.176 - 192.168.100.183 = 192.168.100.176/29
where
Network ID IP address = 192.168.100.176
Network Broadcast IP address = 192.168.100.183
Usable IP addresses = 192.168.100.177, 192.168.100.178, 192.168.100.179,
192.168.100.180, 192.168.100.181, 192.168.100.182
As you may notice, the (n - 1) part shows that the formula assumes you use Subnet Zero. The formula is therefore alterable easily when Subnet Zero is not in use.
5. Convert Dotted 4-Tuple Subnet Mask Format Into CIDR Format
Let's say you have 255.255.255.192 subnet mask. You like to know how the subnet mask looks in CIDR format.
As mentioned, CIDR format is based on the binary format. Therefore you need to use binary to convert. Don't worry! As usual, I always use minimal binary calculation :)
Following are the steps when deals with /24 subnetting:
* Determine IP address quantity within the subnet
* Find out n where 2^n = IP address quantity within the subnet
* Subtract 8 by n
* Take the subtraction result as additional set-to-one bits to the 1st 24 bits set to one
* Add the total number of bits set to one
* This total number represents the CIDR format
Let's use an illustration to convert the 255.255.255.192 into CIDR format. When you build up your own table (or memorize it), you know there are 64 IP addresses within 255.255.255.192 subnet mask.
Find out n where 2^n = 64
By simple calculation (and probably some trial and error), you find that n = 6
Recall the previous discussion that the n = 6 represents the six set-to-zero bits within the last octet. Since there are only 8 bits within a single octet, the set-to-one bit quantity within the last octet are two. In other word, subtract 8 by 6 to have 2.
From the same discussion, recall that 255.255.255.0 network has the 1st 24 bits set to one where the remaining 8 bits are set to zero. In 255.255.255.192, there are additional 2 set-to-one bits within the last octet as you earlier find out. Therefore 255.255.255.192 network has the 1st 26 bits set to one (24 + additional 2) where the remaining 6 bits are set to zero.
Since CIDR format bases on the 1st set-to-one bits, the 255.255.255.192 subnet mask is equal to /26 CIDR.
Subnetting and Network Design
The simpler approach on how to be more familiar with subnetting is probably by doing a network design. There will be three network design processes presented here to illustrate subnetting concept and implementation further.
Network Design #1
Let's say you have the following situation. There are three different departments that need access within each other and the Internet. Each department has currently 10 hosts total in form of 7 PC, 2 servers, and 1 printer.
To setup the network, you are supplied with one router with 4 interfaces and three switches. Following is the network setup.
Internet
|
|
Router
| | |
+--------------------------+ | +-------------------------+
| | |
Switch #1 Switch #2 Switch #3
| | | | | | | | |
PC | Printer PC | Printer PC | Printer
Server Server Server
where each switch is dedicated for each department.
Let's say you are given a Class C subnet of 192.168.0.0/24 to support the entire network.
Since there are multiple hosts within the entire organization, the network type choice is a broadcast network. It is also decided that each department would have independent subnet. To interconnect departments and to allow Internet access, there will be IP routing mechanism for subnet inter-communication.
Referring to the host IP address availability table, the closest subnets for 10 hosts are /29 and /28. /29 subnet size is 8, which won't fit 10 hosts. For 10 hosts, the smallest subnet size that fit would then be the /28.
In /28, there are 16 IP addresses. Assuming two IP addresses are already reserved as the network ID and broadcast addresses, then there are 14 remaining IP addresses for host.
Since there are 10 hosts for each department, then there would be dedicated /28 subnet for one of each.
You can then assign the following subnet for each department
1st Department: 192.168.0.0/28 (192.168.0.1 - 192.168.0.14)
2nd Department: 192.168.0.16/28 (192.168.0.17 - 192.168.0.30)
3rd Department: 192.168.0.32/28 (192.168.0.33 - 192.168.0.46)
In routing technology, there must be a gateway to reach IP addresses that are not within the same subnet. Therefore there would be one IP address from each above subnet reserved for the gateway.
Let's say then
1st Department gateway IP address: 192.168.0.14/28
2nd Department gateway IP address: 192.168.0.17/28
3rd Department gateway IP address: 192.168.0.37/28
Now each subnet has 13 IP addresses available remaining. These should be available for all hosts within each department.
1st Department host IP addresses: 192.168.0.1 - 192.168.0.13
2nd Department host IP addresses: 192.168.0.18 - 192.168.0.30
3rd Department host IP addresses: 192.168.0.33 - 192.168.0.36, 192.168.0.38 - 192.168.0.46
In routing technology, gateway device should be able to handle traffic routing between networks. The perfect device to handle the routing is the router. Therefore the router should handle the gateway IP address.
Since each subnet has its own gateway IP address, then each subnet requires dedicated router interface to handle gateway business. Note that there are four networks that need to intercommunicate. The 1st three networks are the 1st, 2nd, and 3rd Departments (192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28 respectively). The last network is the Internet. Each of these networks requires dedicated router interface to handle gateway business.
As mentioned, there is only one router for the entire organization network. Fortunately, this router has 4 different interfaces with routing capabilities. You can then have each router interface to handle gateway IP address of each department and to reach the Internet.
Let's say Switch #1 is dedicated for 1st Department, Switch #2 is dedicated for 2nd Department, and Switch #3 is dedicated for 3rd Department. Therefore the following applies to all hosts that connect to the respective switch.
Switch #1:
IP address range: 192.168.0.1 - 192.168.0.14
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.14
Switch #2:
IP address range: 192.168.0.17 - 192.168.0.30
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.17
Switch #3:
IP address range: 192.168.0.33 - 192.168.0.46
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.37
Let's take closer look to 1st Department's hosts. One host will have the following.
192.168.0.2/28
Here is the detail subnet info
IP Address : 192.168.0.2
Subnet Mask : /28 (255.255.255.240)
Number of IP address within the subnet : 16
Number of IP address available for host: 14
IP Address range : 192.168.0.0 - 192.168.0.15
Network ID : 192.168.0.0
Network Broadcast : 192.168.0.15
IP Address range for host : 192.168.0.1 - 192.168.0.14
Gateway IP Address of the subnet : 192.168.0.14
IP Address range available : 192.168.0.1 - 192.168.0.13
The table leads to these understanding
* 192.168.0.0 is reserved for Network ID
* 192.168.0.15 is reserved for Network Broadcast
* 192.168.0.14 is reserved for gateway (the router)
* 192.168.0.1 - 192.168.0.13 range is available for the PCs, servers, printers, and any network device within the 1st Department that need network connectivity
* When you set network info on (let's say) a server, the server network info would be the following
IP Address: 192.168.0.2 (or any IP address within 192.168.0.1 - 192.168.0.13 range)
Subnet Mask: /28 (255.255.255.240)
Gateway: 192.168.0.14 (pointing to the router)
Similar situation applies to other hosts within 2nd and 3rd Departments.
2nd Department
192.168.0.28/28
IP Address : 192.168.0.28
Subnet Mask : /28 (255.255.255.240)
Number of IP address within the subnet : 16
Number of IP address available for host: 14
IP Address range : 192.168.0.16 - 192.168.0.31
Network ID : 192.168.0.16
Network Broadcast : 192.168.0.31
IP Address range for host : 192.168.0.17 - 192.168.0.30
Gateway IP Address of the subnet : 192.168.0.17
IP Address range available : 192.168.0.18 - 192.168.0.30
3rd Department
192.168.0.41/28
IP Address : 192.168.0.41
Subnet Mask : /28 (255.255.255.240)
Number of IP address within the subnet : 16
Number of IP address available for host: 14
IP Address range : 192.168.0.32 - 192.168.0.47
Network ID : 192.168.0.32
Network Broadcast : 192.168.0.47
IP Address range for host : 192.168.0.33 - 192.168.0.46
Gateway IP Address of the subnet : 192.168.0.37
IP Address range available : 192.168.0.33 - 192.168.0.36,
192.168.0.38 - 192.168.0.46
The router will have the following IP address assignment.
1st interface
IP Address: 192.168.0.14
Subnet Mask: 255.255.255.240
2nd interface
IP Address: 192.168.0.17
Subnet Mask: 255.255.255.240
3rd interface
IP Address: 192.168.0.37
Subnet Mask: 255.255.255.240
where the router's 1st interface will act as the gateway of the 1st Department's hosts, 2nd interface will act as the gateway of the 2nd Department's hosts, and 3rd interface will act as the gateway of the 3rd Department's hosts respectively.
As mentioned, hosts within all department need to reach other hosts that reside at outside world (i.e. the Internet). These outside world hosts do not reside within 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28. To connect to the outside world, the router must have ability to reach subnets that are not within 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28.
To set the router to have such ability, there are multiple ways. One way is to define each and every subnet available within the outside world. When the router is running BGP peering with ISP and receive full BGP table, the router then has all of these outside world subnets defined.
Another way to set the router is to define the gateway. As mentioned, the gateway should be device that has ability to do routing. In addition, this device must have knowledge on how to reach those outside subnets.
The perfect choice is the ISP device that the router connects to. For this connection, the router is utilizing the 4th interface. You should assign the router's 4th interface IP address and subnet based on the network info your ISP provides. The router's 4th interface then will serve the entire organization network connectivity to the outside world.
Should you choose to set gateway to reach outside world, you then use the ISP device IP address. On the ISP network info, this device IP address is usually mentioned as gateway or default gateway.
In Cisco router, the command to set gateway is the following
ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]
The command basically informs the router that to reach subnets that are unknown or undefined, use the ISP device as the next hop.
FYI, gateway or default gateway term is sometime referred as "the gateway of last resort" since it will be used only to reach unknown or undefined subnets.
Network Design #2
After some assessment, it is predicted that 1st Department host number would be triple within 2 years. 2nd Department host number is predicted would be double also within 2 years. 3rd Department host number remains the same after 2 years.
In addition, there are additional two departments. Let's say these two departments are called 4th and 5th Departments. The 4th Department host number will be five. The 5th Department host number will be three.
There will be plan to host three new servers that are accessible from the Internet. To simplify administration, the existing servers and printers will be moved and kept under the same area as the new servers. Let's call this area "server farm".
To provide network security (i.e. to protect the Internet-accessible servers), there will be dedicated firewall box facing the Internet. Since you are using Private IP Address (192.168.0.0/24), there will be plan to use this firewall box also as NAT/PAT device.
Side Note
Check out the following FAQ for more info on NAT/PAT
»Cisco Forum FAQ »NAT, PAT, Internet and Server Access: Introduction and Best Practise
To support this new setup, you are provided with the following new equipments
* One 2-interface firewall box
* Two 4-interface router
* One 2-interface router
* Four switches
The following is the new network setup.
Internet
|
|
Firewall
|
|
Router 4
|
|
Switch
| | |
+----------------+ | +-------------------+
| | |
Router 1 Router 2 Router 3
| | | | | |
1st | 3rd | 4th 5th
2nd Switch
| | |
+---+---+--------------------+-+-+-+-+--------------------+---+---+
| | | | | | | | |
Server | Server Server | Server Printer | Printer
Server Server Printer
Existing Internet-accessible
Note that there are multiple network types with this new network design. Network of Router 1, 1st Dept., 2nd Dept., and 3rd Dept. is a broadcast network. Broadcast network type also applies to Router 2 and Server Farm network; Router 3, 4th Dept., and 5th Dept. network; and lastly the Router 1, Router 2, Router 3, and Router 4 network.
However network type of Firewall and Router 4 network is point-to-point network. In this case, we had hardware and/or media type restriction that is unable to function as point-to-point network. Therefore the network type used would be still broadcast network, only that it consists of two useable IP addresses (somewhat point-to-point network).
Based on this, we can keep using the existing router (that serves 1st, 2nd, and 3rd Dept.) as Router 1. The two new 4-interface routers will be Router 2 and Router 3 respectively. The 2-interface router will then be Router 4.
To start, let's recalculate the assigned subnets for each department.
1st Dept. : /27 subnet to cover 30 hosts
2nd Dept. : /27 subnet to cover 20 hosts
3rd Dept. : /28 subnet to cover the same 10 hosts
4th Dept. : /29 subnet to cover 5 hosts
5th Dept. : /29 subnet to cover 3 hosts
Server Farm: /28 subnet to cover 12 hosts
We will be minimizing on readdressing all the hosts. Therefore there will be IP address reusing and reassigning.
1st Dept. : 192.168.0.0/27 (192.168.0.1 - 192.168.0.30)
2nd Dept. : 192.168.0.32/27 (192.168.0.33 - 192.168.0.62)
3rd Dept. : 192.168.0.64/28 (192.168.0.65 - 192.168.0.78)
4th Dept. : 192.168.0.80/29 (192.168.0.81 - 192.168.0.86)
5th Dept. : 192.168.0.88/29 (192.168.0.89 - 192.168.0.94)
Server Farm: 192.168.0.96/28 (192.168.0.97 - 192.168.0.110)
Network Info
1st Dept.
IP address range: 192.168.0.1 - 192.168.0.30
Subnet Mask: /27 (or 255.255.255.224)
Gateway: 192.168.0.14
2nd Dept.
IP address range: 192.168.0.33 - 192.168.0.62
Subnet Mask: /27 (or 255.255.255.224)
Gateway: 192.168.0.33
3rd Dept.
IP address range: 192.168.0.65 - 192.168.0.78
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.78
4th Dept.
IP address range: 192.168.0.81 - 192.168.0.86
Subnet Mask: /29 (or 255.255.255.248)
Gateway: 192.168.0.81
5th Dept.
IP address range: 192.168.0.89 - 192.168.0.94
Subnet Mask: /29 (or 255.255.255.248)
Gateway: 192.168.0.94
Server Farm
IP address range: 192.168.0.97 - 192.168.0.110
Subnet Mask: /28 (or 255.255.255.240)
Gateway: 192.168.0.110
Since there will be routing between four routers, Firewall, and the Internet; there will be a need to assign specific subnet for specific connection.
Between Router 4 and Firewall
Host # : 2
Smallest Subnet : /30
Subnet Assignment: 192.168.0.240/30
Between Routers
Host # : 4
Smallest Subnet : /29
Subnet Assignment: 192.168.0.248/29
Router 1
1st interface
IP Address: 192.168.0.14
Subnet Mask: 255.255.255.224
2nd interface
IP Address: 192.168.0.33
Subnet Mask: 255.255.255.224
3rd interface
IP Address: 192.168.0.78
Subnet Mask: 255.255.255.240
Router 2
1st interface
IP Address: 192.168.0.110
Subnet Mask: 255.255.255.240
Router 3
1st interface
IP Address: 192.168.0.81
Subnet Mask: 255.255.255.248
2nd interface
IP Address: 192.168.0.94
Subnet Mask: 255.255.255.248
To route between routers, there must be routes of reaching specific subnets using specific next hop IP address. To support these routes, there will be a need to assign specific IP address to specific router interface.
Router 1
4th interface
IP address: 192.168.0.250
Subnet Mask: 255.255.255.248
Router 2
4th interface
IP address: 192.168.0.251
Subnet Mask: 255.255.255.248
Router 3
4th interface
IP address: 192.168.0.252
Subnet Mask: 255.255.255.248
Router 4
1st interface
IP address: 192.168.0.249
Subnet Mask: 255.255.255.248
Notice that 192.168.0.0/26 (192.168.0.1 - 192.168.0.62) and 192.168.0.64/28 subnets are under Router 1. Similarly, 192.168.0.80/28 (192.168.0.81 - 192.168.0.94) subnet is under Router 3. Lastly 192.168.0.96/28 is under Router 2.
Let's take close look on the 192.168.0.0/26. From other routers' perspective, Router 1 is presenting two consecutive /27 networks; the 192.168.0.0/27 and 192.168.0.32/27. You then have a choice to combine these two /27 networks to become a single larger /26 network of 192.168.0.0/26. In other word, you can supernet both /27 networks to be a /26 network.
Similarly, 4th and 5th Depts subnets (that the Router 3 presenting to other routers) are also candidates for supernetting of 192.168.0.80/28. To conserve router's resources, we then supernet the networks.
From Router 1 perspective, followings are the route reachability
* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.249 as the gateway
From Router 2 perspective, followings are the route reachability
* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.249 as the gateway
From Router 3 perspective, followings are the route reachability
* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.249 as the gateway
To route between Firewall and Routers, there must be routes of reaching specific subnets using specific next hop IP address. To support these routes, there will be a need to assign specific IP address to specific device interface.
Router 4
2nd interface
IP address: 192.168.0.242
Subnet Mask: 255.255.255.252
Firewall
1st interface
IP address: 192.168.0.241
Subnet Mask: 255.255.255.252
2nd interface
IP address: refer to the ISP network info
Subnet Mask: refer to the ISP network info
From Router 4 perspective, followings are the route reachability
* Use 192.168.0.250 as the next hop to reach 192.168.0.0/26
* Use 192.168.0.250 as the next hop to reach 192.168.0.64/28
* Use 192.168.0.252 as the next hop to reach 192.168.0.80/28
* Use 192.168.0.251 as the next hop to reach 192.168.0.96/28
* Use 192.168.0.241 as the gateway
From Firewall perspective, followings are the route reachability
* Use 192.168.0.242 as the next hop to reach 192.168.0.0/24 (another supernet)
* Use ISP Device IP Address as the gateway
With this new network design, we still use static routes to setup gateways. On Cisco routers, followings are the static routes
Router 1
ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 0.0.0.0 0.0.0.0 192.168.0.249
Router 2
ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 0.0.0.0 0.0.0.0 192.168.0.249
Router 3
ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 0.0.0.0 0.0.0.0 192.168.0.249
Router 4
ip route 192.168.0.0 255.255.255.224 192.168.0.250
ip route 192.168.0.64 255.255.255.248 192.168.0.250
ip route 192.168.0.80 255.255.255.240 192.168.0.252
ip route 192.168.0.96 255.255.255.240 192.168.0.251
ip route 0.0.0.0 0.0.0.0 192.168.0.241
Firewall
ip route 192.168.0.0 255.255.255.0 192.168.0.242
ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]
Suggestion
Since only the new servers are Internet accessible, it is a good idea to separate them from the existing servers by group. One group will be the Internet accessible server group and another group will be the non-Internet accessible server group. This separation objective is to provide more secured network and broadcast traffic control.
The separation involves assigning dedicated subnet to each server group. You should be able to do the work by either subnet the existing 192.168.0.96/28 network or reassign/renumber network devices with minimal changes on the existing network design.
Network Design #3
You may notice that above network design is pretty much what small business have as their network. Let's have another look of network design. This time you need to setup private network that consist of three sites as follows.
INTERNET
|
|
Internet Router
|
|
Router 1 ------- Switch 1 --- LAN 1
| |
| |
+--------------------------------+ +-----------------------------------+
| |
| |
Router 2 ---- Switch 2 Switch 3 ---- Router 3
| |
| |
LAN 2 LAN 3
As previous illustration, you are assigned 192.168.0.0/24 to use for private network.
Following is one way of design the network.
* Three /30 subnets for point-to-point network: Router 1-2, Router 1-3, Router 1-Internet Router
* One /25 subnet for LAN 1
* Two /27 subnets for other LAN: LAN 2 and LAN 3
Side Note:
In field, typically the Router 1 and LAN 1 is the Main Office where others are Branch Offices. In addition, Main Office tends to house more hosts to serve all offices. Therefore you may need to assign larger subnet for Main Office and to assign smaller subnet for Branch Office.
Subnet Assignment
Three /30 subnets: 192.168.0.192/30, 192.168.0.196/30, 192.168.0.200/30
One /25 subnet : 192.168.0.0/25
Two /26 subnets : 192.168.0.128/27, 192.168.0.160/27
Site 1
Router 1 - Internet Router: 192.168.0.192/30, where .193 is for Router 1 and .194 is for Internet Router
LAN 1: 192.168.0.0/25, where .1 is for Router 1 (also LAN 1 default gateway) and .2 - .126 are for hosts
Site 2
Router 1 - Router 2: 192.168.0.196/30, where .197 is for Router 1 and .198 is for Router 2
LAN 2: 192.168.0.128/27, where .129 is for Router 2 (also LAN 2 default gateway) and .130 - .158 are for hosts
Site 3
Router 1 - Router 3: 192.168.0.200/30, where .201 is for Router 1 and .202 is for Router 3
LAN 3: 192.168.0.160/27, where .161 is for Router 3 (also LAN 3 default gateway) and .162 - .191 are for hosts
Following are the network setup with their associated subnet assignment
INTERNET
|
|
Internet Router
.193 |
192.168.0.192/30 |
|
.194 |
| 192.168.0.0/25
Router 1 ---------------- Switch 1 --- LAN 1
| | .1 .2 to . 126
| |
.197 | | .201
192.168.0.196/30 | | 192.168.0.200/30
| |
+--------------------------------+ +-----------------------------------+
| |
.198 | 192.168.0.128/27 192.168.0.160/27 | .202
Router 2 ------------------ Switch 2 Switch 3 ------------------ Router 3
.129 | | .161
| |
LAN 2 LAN 3
.130 - .158 .162 - .191
IP Routing Reachability
Router 1
To reach the Internet (0.0.0.0/0): through 192.168.0.193
To reach LAN 2 (192.168.0.128/27): through 192.168.0.198
To reach LAN 3 (192.168.0.160/27): through 192.168.0.202
Router 2
To reach anyplace (other LAN and the Internet which is in other words 0.0.0.0/0): through 192.168.0.197
Router 3
To reach anyplace (other LAN and the Internet which is in other words 0.0.0.0/0): through 192.168.0.201
Internet Router
To reach the Internet (0.0.0.0/0): through ISP router IP address (or the Internet Router default gateway)
To reach any private sites (192.168.0.0/24): through 192.168.0.194
Routing Statement
Router 1:
ip route 0.0.0.0 0.0.0.0 192.168.0.193 name Internet Access
ip route 192.168.0.128 255.255.255.224 192.168.0.198 name LAN 2
ip route 192.168.0.160 255.255.255.224 192.168.0.202 name LAN 3
Router 2:
ip route 0.0.0.0 0.0.0.0 192.168.0.197 name Outside Access
Router 3:
ip route 0.0.0.0 0.0.0.0 192.168.0.201 name Outside Access
Internet Router:
ip route 0.0.0.0 0.0.0.0 [ISP DEFAULT GATEWAY IP ADDRESS]
ip route 192.168.0.0 255.255.255.0 192.168.0.194 name Private Networks
Next Chapter with Subnetting
»Cisco Forum FAQ »Subnetting /24 and larger network
Further Discussion on Network Design
This FAQ is not intended as discussion of network design. As mentioned, the network design discussion here is used only to provide better understanding of subnetting concept and to illustrate how subnetting concept is applied.
If you like further discussion on network design, check out the following FAQ.
»Cisco Forum FAQ »Choosing Gateway IP Address for a network
»Cisco Forum FAQ »Network Design Tips
feedback form
by Covenant edited by aryoba
last modified: 2008-10-01 10:50:11