Demystifying Subnet Masks
In the Fall issue, the author covered "IPv4 Addressing." This article explains implementing IPv4 subnet masks, including methods for determining subnet mask results, such as command output, a Subnet Mask Conversion Chart, and mathematical formulas. Readers can reinforce their understanding with exercises posted on TCdigest OnLine. Though the author's examples are based on IBM AIX V4 platform, most terminology and commands cited are common across TCP/IP implementations.
In the Fall issue, we reviewed the basics of IPv4 addressing. We identified three types of addresses involved in delivering information to an end station — a symbolic name (hostname) for end users' convenience, an IP address for the TCP/IP protocol, and a MAC address for delivery on the physical wire. We also described the three IP address types used for addressing packets bound for systems on an IPv4 network: Class A, B, or C unicast addresses for addressing a single host; broadcast addresses for addressing all hosts on a subnetwork; and the new Class D multicast addresses for ad-dressing all hosts listening in the multicast host group.
In this issue, we describe how to use a subnet mask to alter the default interpretation of the dividing point between network and host parts in a unicast IP address. Moving this dividing point alters the local network's definition; it determines the local network's broadcast address and governs which packets can be delivered to systems on the local network and which packets (because the target system is on a foreign network) must be directed to an IP router.
What is a subnet?
The term subnet is the short form of subnetwork, which is a discrete part of an organization's network. A subnet can be "all the machines in Building 302-B" or "all the machines on the Sales Group's LAN."
What is a subnet mask?
The subnet mask defines the local network. Unicast IP addresses have two parts: a network ID part and a host ID part. The subnet mask further divides the unicast's host ID part into a subnet ID and a host ID. For instance, in Figure 1's sample network, system mel has this unicast address: 9.18.1.3. When subnet mask 255.255.0.0 is applied, the network address interpretation results: N.S.h.h.(NetID.SubnetID. hostID.hostID).
And why would you want to do such a thing?
Users subnet their addresses to make more networks than their Class IP address allows by default. Network managers use subnetting to create more networks when they need to:
| IP ADDRESS CLASSES |
| Class |
Address Range
(First Octet) |
Default
Subnet Mask |
Network/
Host ID Split |
New
Notation |
| A |
0 to 127 |
225.0.0.0 |
N.h.h.h |
/8 |
| B |
128 to 191 |
255.255.0.0 |
N.N.h.h |
/18 |
| C |
192 to 223 |
255.255.255.0 |
N.N.N.h |
/24 |
| D(multicast) |
224 to 239* |
N/A |
N/A |
| R(reserved) |
240 to 247 |
N/A |
N/A |
| *view with the AIX netstat -ian command |
| RESERVED NUMBER RANGES |
| 127 .x.x.x |
Reserved for loopback
(by convention, 127.0.0.1) |
10.x.x.x
172.16.0.0 - 172.31.255.255
192.16.x.x |
RCF 1597 (Routers at the
enterprise's edge may filter out
traffic for "Private" IP addresses.) |
0s (all zeros)
255s (all ones) |
Avoid in host numbers.
(Used to identify network and
broadcast addresses, respectively.) |
| Figure 2. IP Address Quick-View |
- Accommodate different physical network types or geographies
- Improve network performance (for example, to split traffic on a current network)
- Isolate systems (for security, administration, or problem determination)
A single Class A address structure, for example, has 224 (or 16.7 million) possible host addresses — far too many hosts to be practical in a real network; thus, a subnet mask is used to split up the Class A network address into more networks of fewer hosts each. Figure 2 (page 2 on the tear-out) shows a chart of IP address classes, including the default mask for each unicast address class: A, B, or C.
How do subnet masks work?
Essentially, a subnet mask is a type of template defining which bits in an IP address to interpret as network bits. Figure 3 diagrams an IP address and shows how the network and broadcast addresses change when two different subnet masks are applied.
What's this new notation?
In recent years, a new written notation (that combines the address and subnet mask) has been adopted. This notation, stemming from an IP router aggregation concept called Classless InterDomain Routing (CIDR), has become so commonplace that network managers need to understand how to interpret it. (In fact, the new notation can be seen in the netstat -rn command output on RS/6000s running AIX V4.3.)
IPv4 addresses are 32 bits (4 bytes or octets) long. By default, the first 8 bits of a Class A address defines the local network. With Class B addresses, it's the first 16 bits, and for Class C, it's the first 24 bits. The new notation uses the following format: IP Address/number of network bits
This notation begins with the address, followed by a slash, followed by the number of host bits allocated. Thus, if IP address 10.43.6.9 were subnetted on whole bytes, it would be written 10.43.6.9/8, 10.43.6.9/16, or 10.43.6.9/24. System mel's two Ethernet interfaces could be identified as 129.6.7.1/24 and 9.18.1.3/16.
With the move toward classless networking, the Class A, B, and C network terminology is being used less. These networks are now being referred to as "/8s" (pronounced "slash 8s" or just "8s"), "/16s," and "/24s," respectively.
How do you implement a subnet mask?
Subnet masks pertain only to unicast addresses (Classes A, B, and C). Technically speaking, subnet masks may not be applied backward — meaning that a subnet mask of 255.0.0.0 (which specifies that the first octet is network and the last three octets are host) is not valid with a Class B or Class C IP address. If you have a system (e.g., the RS/6000) that supports the concept of supernetting, however, you can break this rule.
Figure 1 illustrates other key subnet mask concepts. Subnet masks have meaning only within the local network, so the internal network organization is hidden from the outside world. In our sample environment, for instance, system don is not aware that systems whose IP addresses begin with 9 may be on one of three different subnets.
EXAMPLE SUBNET MASK
In Figure 1's sample network,
system mel has the unicast
address of 9.18.1.3
When subnet mask
255.255.0.0 is
applied, the resulting address
interpretation becomes:
N.S.h.h.
(Netid.SubnetID.
hostID.hostID)
|
Subnet masks are flexible, because network managers can apply the subnet mask appropriate for each interface — it need not be the same mask for all system interfaces, as on system mel. Subnet masks, however, must be set to the same value for all systems on one subnet, to ensure that all systems on the subnet interpret their network and broadcast addresses the same.
The subnet mask moves the dividing line between the network bits and the host bits. The subnet mask bits should be contiguous and, where possible, end at full octet boundaries. Unfortunately, many companies, including IBM, have been forced to split octets between subnet bits and host bits to accommodate the number of networks needed. When this happens, the results may seem confusing, because the addresses appear "mismatched," as shown in the second subnet mask example in Figure 3.
How do you determine subnet mask results?
You can use the following four methods to "discover" subnet mask results. You'll find that Method 1 is the easiest way to get a snapshot of an existing system. Methods 2 and 3 are useful when you cannot access the system directly. (Method 3 is particularly useful when the subnet mask splits the bits in an octet.) Use Method 4 to help you predict or plan a new network environment.
$ ifconfig en0
en0: flags= ‹UP, BROADCAST, NOTRAILERS, RUNNING, SIMPLEX, MULTICAST›
inet 129.6.7.1 netmask 0xffffff00 broadcast 129.6.7.255
$ ifconfig en1
en0: flags= ‹UP, BROADCAST, NOTRAILERS, RUNNING, SIMPLEX, MULTICAST›
inet 9.18.1.3 netmask 0xffff0000 broadcast 9.18.255.255
netstat -in
| Name |
Mtu |
Network |
Address |
Ipkts |
Ierrs |
Opkts |
Oeers |
Coll |
| lo0 |
16896 |
‹Link› |
|
1064 |
0 |
1064 |
0 |
0 |
| lo0 |
16896 |
127 |
127.0.0.1 |
1064 |
0 |
1064 |
0 |
0 |
| en0 |
1500 |
‹Link› |
8:0:5a:0:2f:c3 |
6720 |
0 |
9313 |
0 |
0 |
| en0 |
1500 |
129.6.7 |
129.6.7.1 |
6720 |
0 |
9313 |
0 |
0 |
| en1 |
1500 |
‹Link› |
8.0.5a.0.e.1a |
3152 |
0 |
2854 |
0 |
0 |
| en1 |
1500 |
9.18 |
9.18.1.3 |
3152 |
0 |
2854 |
0 |
0 |
The command output furnished the following information abour the en0 interface:
| IP Address: |
129.6.7.1 |
| Subnet Mask: |
255.255.255.0 (FFFFFF00 in hex) |
| Network Address: |
129.6.7.0 |
| Broadcast Address: |
129.6.7.255 |
| Hosts on This Subnet: |
129.6.7.1 throuth 129.6.7.254 |
| New Notation |
129.6.7.1/24 |
The command furnishd the following information about the en1 interface:
| IP Address: |
9.18.1.3 |
| Subnet Mask: |
255.255.0.0 (FFFF0000 in hex) |
| Network Address: |
9.18.0.0 |
| Broadcast Address: |
9.18.255.255 |
| Hosts on This Subnet: |
9.18.0.1 throuth 9.18.254.254 |
| New Notation |
9.181.3/16 |
But what about command output that looks like this?
$ netstat -in
| Name |
Mtu |
Network |
Address |
Ipkts |
Ierrs |
Opkts |
Oeers |
Coll |
| tr0 |
1492 |
‹Link› |
8.0.5a.0.11.6a |
465 |
0 |
397 |
0 |
0 |
| tr0 |
1492 |
59.7.128 |
59.7.135.19 |
465 |
0 |
397 |
0 |
0 |
$ifconfig tr0
tr0: flags= ‹UP, BROADCAST, NOTRAILERS, RUNNING, ALLCAST, MULTICAST›
inet 59.7.135.19 netmast 0xfffff000 broadcast 59.7.143.255
Why the apparent mismatch between the unicast, network, and broadcast addresses? It's because the subnet mask 255.255.240.0 (or fffff000 in hex) splits the bits in an octet, giving some host bits to the subnet ID. This "mismatch" signals that a special subnet mask has been used.
|
| Figure 4. Command Output from System mel
|
Method 1: Check command output.
Check the ifconfig and netstat -in command output. Figure 4 shows the command output from system mel, which lists the IP unicast, network, and broadcast addresses for both Ethernet interfaces en0 and en1.
Method 2: Try configuring the subnet mask on an unused interface,
then check results with the netstat and ifconfig commands as described in Method 1. Make sure that the interface is unplugged from a real network before experimenting. Note: Point-to-point and connection-oriented links (such as PPP, X.25, and ATM) do not support broadcast protocols, so the output of the ifconfig command will not include the broadcast address.
Method 3: Consult the Subnet Mask Conversion Chart
Page 1 of the tear-out conversion chart provides the same kind of in- formation found with the ifconfig and netstat commands, such as:
- A list of all possible contiguous subnet masks for a single octet
- Subnet mask values in decimal, hexadecimal, and binary formats
- The number of networks created
- The range of host addresses for each subnetwork
Learn to Use The Conversion Chart — An Example Exercise
- Start with an IP address and subnet mask pair such as:
| IP address:
|
11.66.180.8
|
| Subnet mask:
|
255.255.192.0
|
In this example, the value of the subnet mask's last (third) octet is 192. The corresponding value in the IP address's third octet is 180.
- Find the section for mask decimal value 192 in the chart. (It's in the third box, which starts with 192 11000000 C0.)
- Scan the host address range for host 180. (It's in the third line and lists the subnet ID and broadcast addresses for all hosts in this range.) In this example, the network and broadcast addresses and the range of host addresses also on this network are:
| Network address:
|
11.66.128.0
|
| Broadcast address:
|
11.66.191.255
|
| Host addr. range:
|
11.66.128.1
|
| through
|
11.66.191.254
|
Notice that the host address range always begins at "the network address plus 1" and ends at "the broadcast address minus 1."
| HELP WITH THE MATH — Handy Formulas for Planning the Effects of an IPv4 Subnet Mask
|
Determining the maximum possible host and network addresses.
The subnet mask moves the dividing line between the network bits and the host bits.
- Count the number of host and network bits.
- The number of possible host or network addresses can be calculated by 2 to the power of the number of bits. For example, if 5 bits are allocated for the host address, then 2 5 (which is 2*2*2*2*2) indicates 32 possible host addresses. The same calculation is used for the networks. An IP address is composed of 4 bytes or 32 bits. If 29 bits are designated for the network and 13 are given to hosts, then the number of possible addresses are calculated as follows:
213 = 8192 (possible hosts)
219 = 524288 (possible networks)
- If RFC 950 is being followed, the first and last network addresses should not be used, so to calculate the usable network, subtract 2 from the resultant number of possible networks.
|
Determining the step.
Notice in the conversion chart that the decimal value of the last octet in the subnet mask is the same value as the last subnet address it creates. To quickly determine the step:
256 - mask value = step
There are 256 (0 - 255) possibilities, so using the mask value 248 as an example, the step of 8 is calculated as follows: 256 - 248 = 8
Determining the network addresses and host ranges.
Once the step is calculated, calculate the number of networks as follows:
256 / step = number of networks
Using the step of 8,
256 / 8 = 32 networks
The host range for the first subnet is 0 - 7, where 0 is the network ID and 7 is the broadcast address, leaving 1 - 6 for hosts. To calculate the remaining networks, continually add 8 to these values.
|
| Figure 5. Help with the Math |
Assuming the same IP address, if the example's subnet mask had been 255.192.0.0, then the second octet would have been affected, and, because the second octet of the IP address is 66, it falls in the second line of the 192 mask section's host range. The network and broadcast addresses would then be:
| Network address:
|
11.64.0.0
|
| Broadcast address:
|
11.127.255.255
|
| Host addr. range:
|
11.64.0.1
|
| through
|
11.127.255.254
|
Assuming the same IP address, the following subnet masks result in these network and broadcast addresses:
| Subnet mask:
|
255.255.224.0
|
| Network address:
|
11.66.160.0
|
| Broadcast address:
|
11.66.191.255
|
|
|
| Subnet mask:
|
255.255.128.0
|
| Network address:
|
11.66.128.0
|
| Broadcast address:
|
11.66.255.255
|
Users may want to avoid the 255.255.128.0 subnet mask, because it results in only two subnets, which is considered invalid by RFC 950. (See the Conversion Chart Notes in the tear-out for details.)
Method 4: Use the Formulas in "Help with the Math"
The formulas in Figure 5 (on page 2 of the tear-out sheet) can help you calculate the number of networks, the host address ranges, and the number of possible hosts and/or
networks.
Want a Cheap Thrill?
For your enjoyment, we have some exercises for "Determining Subnet Mask Results" calculate away!
Fix Common IPv4 Routing Problems — Coming in Spring
Though TCP/IP skills are vital today, users seem to make the same mistakes over and over again. With some basics, however, most administrators can solve up to 90 % of common IP routing problems. After quickly reviewing IP routing concepts, the author will identify the most common user mistakes — along with the best commands for troubleshooting.
| Subnet Mask Conversion Chart |
Conversion Chart Notes |
Value of Last Octet
in Subnet Mask
|
No. of
Subnets
(SEE NOTE 1)
|
Step |
Subnet ID |
Host Range
(SEE NOTE 2)
|
Network
Broadcast
Address
|
NOTE 1. RFC 950 warns against using a subnet or host ID of either all zeros or all ones. This eliminates the first and last address ranges for masks on partial octets.
When a subnet mask splits the bits in one octet, the first and the last networks created have all bits off and on, so they are not recommended for use. RFC 1878 obsoletes this practice in modern systems. The RS/6000 has no problem with these numbers, but other system may; therefore, network managers running a mixture of operating systems and machine types are wise to avoid these ranges, or at least, assign these ranges last.
NOTE 2.If the subnet mask extends into the fourth octet (e.g., as in a subnetted Class C network), this column indicates the host range. For other cases, the range is different, as in the case of IP address 11.6.12.8 with subnet mask 255.255.248.0. Here, the network address is 11.6.8.0, the broadcast address is 11.6.15.255, and the host values in the third octet are 9 through 14.
The exact host range is the network address plus 1 and the broadcast address minus 1. Thus, the host range is 11.6.8.1 through 11.6.15.254. Hosts such as 11.6.8.240 and 11.6.9.254 would be parts of this range as well.
NOTE 3.Use the "Step" value to calculate intervening values. For example, to complete the fourth line of the 224 subnet mask, add 32 (the Step value) to the values in the third line. The fourth and fifth lines then become:
| 96 |
97-126 |
127 |
| 128 |
129-158 |
159 |
NOTE 4. The subnet mask 255.255.255.254 is not valid, because there are no numbers left for the host address range.
|
|
|
1 |
(255) |
0 |
1-254 |
255 |
|
|
2 |
128 |
0
128 |
1-126
129-254 |
127
255 |
|
|
4 |
64 |
0
64
128
192 |
1-62
65-126
129-190
193-254 |
63
127
191
255 |
|
|
8 |
32 |
0
32
64
*
*
*
192
224 |
1-30
33-62
65-94
*
*
*
193-222
225-254 |
31
63
95
* (SEE NOTE 3)
*
*
223
255 |
|
|
16 |
16 |
0
16
32
*
*
*
224
240 |
1-14
17-30
33-46
*
*
*
225-238
241-254 |
15
31
47
*
*
*
239
255 |
|
|
32 |
8 |
0
8
16
*
*
*
240
248 |
1-6
9-14
17-22
*
*
*
241-246
249-254 |
7
15
23
*
*
*
247
255 |
|
|
64 |
4 |
0
4
8
*
*
*
248
252 |
1-2
5-6
9-10
*
*
*
249-250
253-254 |
3
7
11
*
*
*
251
255 |
| 254 |
11111110 |
FE |
| (SEE NOTE 4) |
|
128 |
2 |
0
2
4
*
*
*
252
254 |
-
-
-
*
*
*
-
- |
1
3
5
*
*
*
253
255 |
by Cindy K. Young
RS/6000 Networking Technologies
IBM Advanced Technical Support/
Dallas Systems Center
|
