TCP/IP Protocol Suite and IP Addresses - SubNetting

by Squire James

1.1 Introduction
2.1 Just why did you throw this together?
2.2 Basic (and I mean real basic) concepts of Subnetting
2.3 Basic Binary
	2.3.1 How do we go from a Decimal Number to a Binary Number?
	2.3.2 How do we go from a Binary Number to a Decimal Number?
	2.3.3 Practice Questions (but only if you want to)'
3.1 The presentation of an IP Address
4.1 Why do we subnet?
	4.1.1 Broadcast Domains
	4.1.2 Security with multiple networks
	4.1.3 Administrative Purposes
	4.1.4 So What's the down side?
5.1 So how does the Computer know where the data's going?
6.1 Established Divisions within the IP Address Scheme (Classes A, B, & C)
7.1 How to SubNet
7.2 Subnetting Cheat sheet
8.1 Final Shout
9.1 Question Answers


1.1 Introduction

This files explains the principles, reasons and practices behind
subnetting.  This is not intended to be a complete or definitive
article on any of the topics covered (hey, I ain't getting paid for
this ;-), but it should give the reader enough of an understanding to
begin some reliable experiments.  Of course, I do not support or take
responsibility for the actions of any individual or group based on any
information that is provided in this document. All information
presented here is for educational use only. 

Now, on to the fun stuff

2.1 Just why did you throw this together?

In my experience online, subnetting is something that everybody seems
to have heard about, yet very few people grasp the basic core of what
subnetting does. To that end, I have decided to throw together a
document that details these items.  This paper is intended to be read
by people with at least a real world working knowledge of the basics
of TCP/IP.  If you're a little unsure, or have troubles comprehending
some of the bits n' bolts, then I'd advise you to read "TCP/IP
Protocol Suite and IP Addresses – The Basics" by Idlehands which can
be found on the Black Box eZine issue #10 at
http://black.box.sk/issue.php3?issue=10. Now, read on McDuff. 

2.2 Basic (and I mean real basic) concepts of Subnetting

Subnetting, as the name implies, basically involves dividing an IP
network into smaller chunks.  This may be done for a couple of
reasons, but the most common, and the original concept of subnetting,
is to break down broadcast domains.  The payoff for this breakdown is
that the total number of available hosts across all subnets will
reduce. 

2.3 Basic Binary

This section is intended for people that have never come across binary
before.  If you can preform binary calculations with 8 bit numbers,
feel free to skip this section and head straight for section 3.1 

Computers are only capable of performing calculations based on two
states, ON or OFF. Therefore, all math that a computer performs will
be done on a Base-2 system, which has only two numbers (0 & 1).  The
decimal system that we use is a Base-10 system, and as such is
comprised of 10 numbers (0-9).  If we (as humans) request a
calculation from a computer and provide it with a decimal number, the
computer must change that number to a binary number before calculation
can take place. 

For example, the decimal number 159 is represented in Binary Notation
as 10011111. 

2.3.1 How do we go from a Decimal Number (159) to a Binary
Number(10011111)? 
 
Imagine that we have 8 "Switches"

[ ]	[ ]	[ ]	[ ]	[ ]	[ ]	[ ]	[ ]

Now, imagine that each one of these "switches" have to  be switched as
either "On" or "Off", and when these switches are "On", they are worth
a particular value. 

[ ]	[ ]	[ ]	[ ]	[ ]	[ ]	[ ]	[ ]
128	 64	 32	 16	 8	 4	 2	 1

Take our decimal number (159), and starting from the left, see if you
can remove the binary switch amount from the decimal number, whilst
still ending up with a number greater than or equal to zero. If this
calculation can be completed, then the bit in question is "Switched
on", and the new number to subtract from the next bit is the remainder
of that calculation. 

eg

159 - 128 = 31, therefore the 128bit is "Switched on"
31 - 64 = Does not return a number greater than or equal to Zero,
64bit is "Switched Off" 
31 - 32 = Does not return a number greater than or equal to Zero,
32bit is "Switched Off"
31 - 16 = 15, therefore the 16bit is "Switched on"
15 - 8 = 7, therefore the 8bit is "Switched on"
7 - 4 = 3, therefore the 3bit is "Switched on"
3 - 2 = 1, therefore the 2bit is "Switched on"
1 - 1 = 0, therefore the 1bit is "Switched on"

So our number ends up looking like this

[1]	[0]	[0]	[1]	[1]	[1]	[1]	[1]
128	 64	 32	 16	 8	 4	 2	 1
On	Off	Off	On	On	On	On	On

or to put it simpler: 10011111

If we have a number which does not require the higher order bits (such
as the decimal number 2, it can be represented in binary as 10), then
as with decimal notation, we do not need to provide leading zeroes
(i.e., if we have the decimal number 956, we do not write it as
00956).  However, when subnetting it is a de facto standard to include
leading zeroes, so that there are always 8 bits listed (i.e., if used
in an IP Address, the decimal number 2 would be written in binary
notation as 0000010) 

2.3.2 How do we go from a Binary Number (10011111) to a Decimal Number
(159)?

Let's get our 8 switches out again, and fill in the binary "Switches"

[1]	[0]	[0]	[1]	[1]	[1]	[1]	[1]
128	 64	 32	 16	 8	 4	 2	 1

So 128+16+8+4+2+1 = 159

That one's the easy one to work out.  Unfortunately, we normally have
to go from Decimal to Binary, rather than Binary to decimal, to work
out what we need to when subnetting. 

2.3.3 Practice Questions

Well, I figured that if a billion people read this paper, I may have
one that would actually like to practice a little bit of binary to
make sure he/she/it had grasped it, so here's a couple of questions.
The answers are at the bottom of this paper.

Convert the following numbers from Decimal to Binary

i) 	128
ii) 	86
iii)	9
iv)	67
v)	196

Convert the following numbers from Binary to Decimal

i)	01010111
ii)	01100001
iii)	11110011
iv)	00101101
v)	00111110

3.1 The presentation of an IP Address

An IP Address, in the decimal notation (also known as Internet
Address) and binary notation, consists of two sections made up of four
values, each one separated by a period (full stop for any
non-Americans).  The first of these sections is the actual IP address
itself, and the second section is the Subnet Mask. For example, in
decimal notation an IP address would look something like this, 

192.168.0.1	(IP Address)
255.255.255.0	(SubNet Mask)

The Internet Address/Decimal Notation system is the one that will be
used during this paper.The other two ways to represent an IP address
are with Binary Notation and Short Form. 

In binary notation, we simply convert each separate value to binary,
and separate each total value with a period, using the example above 

11000000.10101000.00000000.00000001 (IP Address)
11111111.11111111.11111111.00000000 (SubNet Mask)

In short form notation, we write the IP Address and follow it with a
forward slash and the number of "1's" that are contained in the
subnet.  Once again using the above example, 

192.168.0.1/24	(IP Address and SubNet Mask)

Please remember well that no value can ever be higher than 255, or
11111111 in binary, as we only use 8 bits. This gives us a maximum of
256 values as in computing, the number zero is a valid value.

4.1 Why do we SubNet?

Subnetting itself is done for a number of reasons. As stated before,
the main reason that it was established was to cut down on broadcast
domains 

4.1.1 Broadcast Domains

A broadcast, in simple definition, is a request that all hosts on
specific network must respond to.  By network, we mean logically, not
geographically (i.e. As defined by the TCP/IP suite, not as defined by
an area).  A broadcast is not a good thing to happen on a network, as
all nodes must stop what they are doing and at least read, at worst
respond to the request.  The unfortunate thing about broadcasts is
that they have to happen.  For example, there is a process called ARP
(which I will cover if I ever do an OSI stack paper), which the TCP/IP
suite uses to resolve a networks address to a physical address (MAC
Address).  If the destination physical address is not known to the
host, then the host will institute an ARP request for the information.
This ARP request essentially broadcasts across the network for the
information.  Every machine on the network has to stop what it's doing
and process the request. As you can imagine, this reduces the
available bandwidth on the network and chews up CPU time on the
hosts. 

Currently, there is not a networking Service to help reduce the amount
of ARP related broadcasts on a network, so there is nothing we can do
to stop the broadcast happening.  All that we can do is reduce the
amount of Hosts on a network through subnetting. Therefore, there will
be less broadcasts in total on that network, so more network time will
be freed. 

The other two main reasons are for security, and for administrative ease

4.1.2 Security with multiple networks

Once two or more subnets on an intranetwork have been established, the
only way to pass data from one network to another is via a Router
(much like connecting to the internet). By doing this, an
administrator can guarantee that data can only reach or leave the
network by a small, finite number of pathways.  This means that a
tighter lockdown of security can be implemented. For example, a
company that is security conscious would place their servers in a
different network to their workstations, then apply a firewall between
the servers and workstations.  This would allow the workstations to
run a more relaxed firewall out to the internet (possibly allowing
things such as telnet sessions to be established etc. etc.), whilst
running a much tighter one for the servers.  This way, an
administrator would be able to ensure maximum functionality for a user
on a workstation, whilst making it as difficult as possible for
unauthorised access to the servers.Protocol Analysers and Packet
Sniffers will generally have problems sniffing data off other
networks, especially in a switched environment, so a hacker’s ability
to grab data or Password Hashes are reduced significantly. 

4.1.3 Administrative Ease 

There's not really too much to say in here.  This is generally
imnplemented if a head administrator wants their administrators to be
able to deal with their network, and only their network, or to keep
users in certain location only (eg, only want them to be able to
access servers at their location). 

4.1.4 So what's the down side with SubNetting?

There are three main downsides to subnetting, the first is that the
administrator has to implement routers, which can at times be more of
a security hole if not setup correctly (eg. without access lists for
all you Cisco heads etc.), and increase the total cost of ownership of
the network.  The other problem is that your administrative overheads
increase because an administrator needs to have staff that understands
at least the basics of routing.  The third problem is that we reduce
the number of available host ID's on the network, which is explained
in the section covering subnet creations. 

5.1 So how does the Computer know where the data's going?

This bit is the easy bit for the computer the computer simply takes
the DESTINATION IP Address and the SOURCE subnet mask, then converts
them to Binary 

192.168.0.1	(DESTINATION IP Address)
255.255.255.0	(SOURCE SubNet Mask)

11000000.10101000.00000000.00000001 (DESTINATION IP Address)
11111111.11111111.11111111.00000000 (SOURCE SubNet Mask)

The computer will then preform a logical AND between the subnet and
the destination address. If the resulting answer is the subnet address
of the local subnet, then the packet is sent locally.  If the
resulting answer is not the network address of the local subnet, then
the destination is checked against the routing table, to see if a
route is present for that network, if not then the packet is sent to
the default gateway.  Note that last bit well.  In a hypothetical hack
situation, if a hacker hacks into a network, but cannot find any
servers, he would run a protocol analyser on the network.  As he would
assume most data would go to the server, all he would have to do to
find the MAC (physical) address of the gateway to the server is view
the destination address that appears most in all packets being sent
externally. 

An AND operation on a computer is pretty simple to perform.  The
result is only on (i.e. "1"), if both are on. 

Therefore

A	B	Result
1	1	   1
0	1	   0
1	0	   0
0	0	   0

So,

11000000.10101000.00000000.00000001 (DESTINATION IP Address)
11111111.11111111.11111111.00000000 (SOURCE SubNet Mask)
11000000.10101000.00000000.00000000 (Result of an AND query)

So the resulting answer (in decimal notation) is: 192.168.0.0, which
is the network address of the 192.168.0.0, 255.255.255.0 network, so
the packet is internal.  That's all there is to it. 

6.1 Established Divisions within the IP Address Scheme (Classes A, B, & C)

When the TCP/IP protocol was developed, it was decided to establish
some natural divisions between the networks so that people could
choose a subnet type based upon the size and purpose of their
network. 

One of the ways that these splits were created, was by using the
subnet mask.  The easiest way to look at the subnet mask is as follows


192.168.0.1 (IP Address)
255.255.255.0 (Subnet Mask)

Every Octet that has a Subnet Mask of 255 linked with it (i.e. 192,168
& 0) comprise the network ID.  Each Octet with a Mask of 0 linked to
it (i.e. 1) comprise of available host ID's.  In the event of
subnetting, you will have numbers other than 0 in the last Octets, but
we will deal with this later. 

Following this through, by changing the IP address to

192.168.1.1 (IP Address)
255.255.255.0 (SubNet Mask)

We have changed the network that the machine belongs to.  Don't
believe me? Convert the address and mask to binary and perform a
Logical AND on the bits.  You will receive a different answer for
192.168.0.1 and 192.168.1.1.  If we did not have a router between
these networks, then data would no longer flow from 192.168.1.1 to
192.168.0.x (x being any number from 1 - 254). So, with the form of
address just mentioned, we have 254 hosts per network and about 2
million networks.  By changing the Subnet mask we can alter how many
Hosts we can have per network, and how many networks we can have in
total. 

For example

128.0.0.1 (IP Address)
255.255.0.0 (SubNet Mask)

By changing our subnet mask we can now use our last two octets for
Host ID's.  This will then allow us to have approximately 16,000
networks and 65,000 hosts per network.As you may have noticed, in the
last example I have changed the main section of the IP address.  This
is because there is a defined range of numbers that you can use for
each subnet type. 

CLASS TYPE	CONSTRUCTION		SubNet		Binary      Range	Details 

CLASS A		Net.Host.Host.Host	255.0.0.0	0xxxxxxx    1-127	127 networks
										16M Hosts

CLASS B		Net.Net.Host.Host	255.255.0.0	10xxxxxx    129-191	16K networks
										65K Hosts

CLASS C		Net.Net.Net.Host	255.255.255.0	110xxxxx    192-223	2M Networks
										254 Hosts

**Please keep in mind that 127.0.0.1 is a reserved IP Address. So
don't ever try to use it 

So, that's how we normally have networks split up.  Now we have the
fun part.  Just how do the propellerheads and ISP's divide them up
into subnets??? 

7.1 How to SubNet

Well, the easy way is just to use a subnet calculator ;-)

To manually (ugh!!) calculate a new subnet, we perform the following steps.

1. Decide how many nodes you require on the network (at a minimum),
add two to this number, and calculate the number in binary. 

eg. I want 16 subnets, therefore my number is 18.  In binary, 18 is
written as follows 

i.e.. 10010

2. Count the number of bits in the number (do not include leading
zeroes). 

Therefore, there are 5 bits in the number.
 
3. Complete the Subnet Mask as follows, mark each octet as all zeroes,
until you get 5 bits (the number we go in section 2) away from the end
of the complete subnet 

i.e.. 11111111.11111111.11111111.111 

4. Make the last 5 bits zero (once again the number we got in section 2) 

i.e.. 11111111.11111111.11111111.11100000

5. Now change the number to decimal to get a decimal notation subnet mask

i.e. 255.255.255.224

6. The subnet mask has now been worked out

7. To calculate the range of each address, calculate the number that
would be in place if all the bits in section 2 were switched, and add
1. 

With all 5 bits switched on = 31+1 = 32

Now we know that all of our subnets are 32 Bits long.  Due to
subnetting restrictions, we must also remove our first and last
subnet.  Therefore the subnets from 0-31 and 224-255 will be removed. 

Therefore the network ranges are;

RANGE		NETWORK ADDR	BROADCAST ADDR	HOST RANGE
32 - 63		     32		      63	   33-62
64 - 95		     64	              95	   65-94
96 - 127	     96		      127	   97-126
128 - 159	     128	      159	   129-158
160 - 191	     160	      191	   161-190
192 - 223	     192	      223	   193-221

So, we now have 6 SubNets, with 30 Hosts per SubNet

This is essentially the core of subnetting.  Now that you understand
how it all works, try downloading a subnet calculator and being slack
like me :D 

7.2 Subnetting Cheat sheet

Decimal Subnets 	# Class A Hosts 	# Class B Hosts 	# Class C Hosts 
.192 	2 		4,194,302 		16,382 				62 
.224 	6 		2,097,150 		8,190 				30 
.240 	14 		1,048,574 		4,094 				14 
.248 	30 		524,286 		2,046 				6 
.252 	62 		262,142 		1,022 				2 
.254 	126 		131,070 		510 				NA 
.255 	254 		65,534 			254 				NA 

8.1 Final Shouts

Well, not really too much to put in here.  I haven't included a
references section because everything in here has basically come out
of my head.  I'm sure that it must have originated somewhere, but I'm
not really sure where each bit came from.  For those of you that are
interested, I am thinking about writing an OSI Stack and Routing
paper, which will cover many of the things that I only brushed on in
here (such as MAC/Physical Layer addresses etc.), but if you want all
the basic information that I have in a generically presented mode, I'd
suggest that you pick up a Cisco CCNA study book, or something of that
ilk, and start there.  A thank you to Idle Hands for starting the
TCP/IP Protocol suite papers way back in issue number 10, which
motivated me to expand on it a little..... 

Cheers,

Squire

9.1 Answers to the questions (if anybody actually did them)

Convert the following numbers from Decimal to Binary

i) 	128 (10000000)
ii) 	86  (01010110)
iii)	9   (00001001)
iv)	67  (01000011)
v)	196 (11000100)

Convert the following numbers from Binary to Decimal

i)	01010111 (87)
ii)	01100001 (97)
iii)	11110011 (243)
iv)	00101101 (45)
v)	00111110 (62)