# Understanding IPv4 Subnetting (Part 2)

by Rik Farrow and Scott Pinzon, with updates by Corey Nachreiner

[Editor's note: This article continues our attempt to explain the complex subject of subnetting in terms you can understand even if you're not a rocket scientist. If these concepts are new to you, you'll increase your comprehension by reading Corey Nachreiner's prequel, "Understanding IP Addresses and Binary," and then Rik Farrow's "Understanding IPv4 Subnetting (Part 1)."]

In Part 1, I explained how an IP address is really two addresses in one: part of it is a network address, and part of it is a host address. This split between the network and host portions of the address formerly occurred predictably, on full-byte boundaries. But newer addressing techniques, aimed at stretching the finite number of addresses available to the ever-growing Internet, now allow an IP address to be split anywhere within its 32 bits.

To understand how a subnet mask works, we have to go back to binary, because that's what your computers understand. So, in binary, 192.168.1.0 is:

`11000000.10101000.00000001.00000000`

(If you don't understand where we got that value, see Corey's article.)

The subnet mask is simply a binary value that uses ones to represent how many bits (out of the 32-bit IP address) represent the network portion of the address. Zeros indicate the host portion of the address. So if you want a /26 address, you want 26 bits of the IP address to indicate the network and 6 bits for indicating host addresses, written like this:

`11111111.11111111.11111111.11000000`

```  11000000.10101000.00000001.00000000
+ 11111111.11111111.11111111.11000000
11000000.10101000.00000001.00000000```

Convert the answer back to decimal, and you still have 192.168.1.0 -- but because you've specified a non-standard subnet mask, your OS now understands that this is 192.168.1.0/26, and that this network's range is 64 addresses rather than 256.

#### Bits of Pain

You don't have to go through the painful labor of calculating binary every time you want to specify a subnet. Though your OS uses binary bits internally, your OS permits you to specify the subnet mask in decimal or in slash notation. If you'll recall Corey's article, a full byte with all eight bits turned on (11111111) adds up to a value of 255 (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1), so when subnet masks are expressed in decimal, you'll often see some 255s. For example, the decimal representation for /16 becomes 255.255.0.0.

So, just to create another example, what is the subnet mask for a /22 address? Well, first there will be 22 ones, and the rest zeroes, or 11111111.11111111.11111100.00000000, or 255.255.252.0. Converting the binary into decimal can get tricky, so it's nice to have a calculator or computer program that does the math for you, or a table. You can find such "cheats" all over the Web, including these:

This is also why slash notation is so nice (no binary-to-decimal conversions).

#### Why Subnet?

If you've followed the logic thus far, you might wonder, "Was this trip really necessary?" The answer: yes, because subnetting lets you split a single network address into many subnets.

Remember, every time an individual host on your network receives another packet of data, the one thing that host wants to know is, What do I do with this? For example, take a typical networked host, called Gandalf. Gandalf assesses every outgoing packet's Destination field in its IP header to decide whether the packet's destination is "local" or "not local." If the destination is local, Gandalf consults an ARP table for the MAC address of the destination machine, then sends the packet to it. If the destination is not local, Gandalf forwards the packet to his all-knowing buddy that handles everything else, a device we refer to as the default gateway. (This is some kind of device that routes, whether an actual router or something that can perform routing, such as your Firebox.) How does Gandalf define "local"? Simple: local is any device having the same subnet address as Gandalf.

Subnets are used throughout the Internet. But you can decide to use subnetting yourself on your own network, if you want. You can subnet for any reason, including security reasons -- for example, to split a single network into two or more parts, using one or more routers to connect each subnet together. Using routers means that broadcasts will (generally) be limited to each subnet. You could also use the Optional and Trusted interfaces of a Firebox to isolate two subnets, even if they were both internal networks. You can subnet to ease troubleshooting. Tracing a problem on a network segment is easier if the network has been cut into halves through subnetting; you're dealing with fewer hosts at a time.

Though at one time subnetting implied breaking your network down into shorter physical segments, today subnetting is not necessarily tied to the physical world. You can subnet simply because you want each department (or remote office, or floor in your highrise, or building on your campus, or ...) to have its own subnet address. You can decide, for example, that anything beginning with 192.168.100 indicates mobile users, and, say, 192.168.200 indicates executive users. You can make wireless addresses instantly recognizable to you, so you can keep an eye on them in your logs easily. Or whatever -- use your imagination!

#### But don't start yet...

As an example, suppose someone wanted to split their Class C network up into four smaller CIDR networks. Dividing the 256 possible addresses in a Class C network by 4 tells us each subnet can have 64 addresses. (However, for the reasons I just cited, only 62 of those addresses can be used for hosts.) Instead of using a Class C subnet mask of 255.255.255.0, or /24, you would use 255.255.255.192, or /26. This works because it leaves six bits (out of the 32 bits in an IP address) for addressing hosts. Six bits (32 + 16 + 8 + 4 + 2 + 1) is enough to make 64 addresses (the bits total 63, but 0 also counts as one of the addresses).

How does IP addressing look when you slice up a network this way? Let's use 192.168.1.0/26 as the Class C network address to split up.

 Subnet # Network Address Broadcast Address Usable Host Addresses 1 192.168.1.0 192.168.1.63 192.168.1.1 to 62 2 192.168.1.64 192.168.1.127 192.168.1.65 to 126 3 192.168.1.128 192.168.1.191 192.168.1.129 to 190 4 192.168.1.192 192.168.1.255 192.168.1.193 to 254

The routing for this will work whether all four subnets are on the same physical wire or not, as long as you have at least one strategically placed router that knows what's going on.

The binary arithmetic involved in using CIDR block addressing is painful. It is much easier to start with another private network address space, say 172.16.0.0, and use the third byte to represent internal subnets: 172.16.1.0, 172.16.2.0, 172.16.3.0, and so on. Now you use the default ( or "classful") subnet mask of 255.255.255.0 (or /24) and each subnet includes 254 host addresses. See how much easier it is to start with a Class B (/16) network, and split it into 254 Class Cs (/24)? Perhaps the designers of TCP/IP weren't so dumb after all when they chose to use byte boundaries in the initial network addressing scheme.

Subnets aren't black magic — just a place where administrators come face to face with binary arithmetic, often for the first time. We've barely scratched the surface of this topic. But at least now when networking experts are having one of those subnetting conversations where the technical concepts seem to rush past you at superhighway speeds, you have an onramp. You've got enough basics to join in the fun. Use your new powers wisely!

## Resources

#### ACERCA DE WATCHGUARD

WatchGuard ha implementando casi un millón de dispositivos de gestión de amenazas multifunción integrados a nivel mundial. Nuestras características cajas rojas están diseñadas para ser los dispositivos de seguridad más inteligentes, rápidos e implacables del sector, con cada motor de análisis funcionando a toda velocidad. ¿Por qué comprar Watchguard? Descúbralo aquí.

#### COMUNÍQUESE CON NOSOTROS

• Oficinas de España
Avenida de Europa 19-3ºA
Parque Empresarial La Moraleja