Subnet Masking Summary
By John Lambert
This article is a variation of the one I authored for Microsoft Certified
Professional Magazine (MCPMag), published online (May/June 1997) as "Breeze
Through Subnet Masking." (They titled it. I've never said you can breeze
through this.) That article was specific to preparing for the Microsoft TCP/IP
certification exam, and I've tried to make this version more generic.
Subnet masking is possibly the hardest sub-topic of TCP/IP to learn, but it can
be essential to make your network behave the way you need it to. If all you
need is to understand its basic functionality, see my article
defining subnet masking, otherwise, keep reading for some how-to based
on three charts you can print and save to make your calcuations easier. I also
have a definition of IP addressing, if
you're fuzzy on that.
|
|
Class
|
1st Binary Digits
|
Decimal Range of 1st Octet |
|
A |
0 |
1-126 |
|
B |
10 |
128-191 |
|
C |
110 |
192-223 |
Table 1: IP Class Chart
IP Class Chart, Table 1: This table allows you to quickly
determine the class of an IP address given the first binary digits or the first
octet. 127 is left out of the range on purpose. If you want to understand why,
you will need to understand some binary math and know that network and host IP
addresses may never be all ones or zeroes. (The best tutorial I've seen is a
pamphlet titled "Lifting the Mask: How IP Addressing Works," by Jonathan D.
Ely. It used to be included with
Transcender's TCP/IP test prep software.) Since 127 can’t be used for
network/host ID’s, 127.0.0.1 is the IP address used for loopback testing.
Why are the first binary digits for class C 110 instead of just 11? It makes the
class-C range end at 223. Initial octets (w in the w.x.y.z scheme) of 224-255
are reserved for multicasting, research, etc., and may not be used for normal
network/host ID’s that are going to be connected to the Internet.
|
Bit Split
|
Subnet Mask
|
Block Size |
Max Useable Subnets |
# C IP’s/Subnet |
# B IP’s/Subnet |
# A IP’s/Subnet |
|
2/6 |
192 |
64 |
2 |
62 |
16382 |
4,194,302
|
|
3/5 |
224 |
32 |
6 |
30 |
8190 |
2,097,152
|
|
4/4 |
240 |
16 |
14 |
14 |
4094 |
1,048,576
|
|
5/3 |
248 |
8 |
30 |
6 |
2046 |
524,286
|
|
6/2 |
252 |
4 |
62 |
2 |
1022 |
262,142
|
|
7/1 |
254 |
2 |
126 |
0 |
510 |
131,070 |
|
8/0 |
255 |
1 |
254 |
0 |
254 |
65,534
|
Table 2: Subnet Mask Chart
Subnet Mask Chart, Table 2: If an octet (8 bits) that is
usually used for a host ID is masked, the Bit Split column shows how many of
the 8 bits are added to the network ID and how many remain for the host ID.
This is very important for determining validity of IP addresses and masks when
masks other than zero or 255 are used.
The Subnet Mask column shows all standard masks – no other number can work as a
mask. (Zero can appears in a masks, but a zero octet does not mask any bits.)
Each octet can have decimal numbers ranging from 0-255. If you divide them into
4 equal blocks, you have 64 in each block, and hence you have the "block size"
column. You will use this column to refer to Table 3.
For reasons I won't go into here, when you divide an octet into blocks, you
cannot use the top and bottom block. So when you divide it into 4 blocks and
can’t use the top (0-63) or bottom (192-255) blocks, you only have 2 useable
blocks. If you divide it into 32 blocks, you only have 30 useable blocks, and
this is where the Maximum Useable Subnets column comes from – total blocks
minus 2.
If you have a specific subnet mask, the 3 columns on the right show how many IP
addresses are available for each subnet. For example, if you are given a
network address of 194.87.192.0 and a mask of 255.255.255.248, you look up 194
on Table 1 to confirm that it’s a Class C address. Then look in Table 2 at the
row with mask number 248 and the column for the Number of Class C IP’s Per
Subnet, and see that each subnet can have up to 6 IP addresses. (Those six are
all you have for hosts, servers, and routers on one subnet.)
|
Block Size 16
|
Block Size 32
|
Block Size 64 |
|
0-15 |
0-31 |
0-63 |
|
16-31 |
32-63 |
64-127 |
|
32-47 |
64-95 |
128-191 |
|
48-63 |
96-127 |
192-255 |
|
64-79 |
128-159 |
|
|
80-95 |
160-191 |
|
|
96-111 |
192-223 |
|
|
112-127 |
224-255 |
|
|
128-143 |
|
|
|
144-159 |
|
|
|
160-175 |
|
|
|
176-191 |
|
|
|
192-207 |
|
|
|
208-223 |
|
|
|
224-239 |
|
|
|
240-255 |
|
|
Table 3: Minus-2 Block Chart
Minus-2 Block Chart, Table 3: Okay, this is a block chart.
Why call it a "Minus 2" block chart? It reinforces two critical issues: 1.) The
top and bottom ranges are not usable (marked with a dark background); and, 2.)
In the valid ranges, the first and last IP addresses are not usable. For
example, with a class C subnet, if you're checking the validity of the IP
address 198.204.35.160 with a mask of 255.255.255.224, if you forget that the
first IP in that range is invalid, you will incorrectly think that there's
nothing wrong with that address and subnet mask combination.
Here's a class B example: With a subnet mask of 255.255.224.0, an IP address of
130.214.160.1 is perfectly valid, and so are 130.214.160.255 and 130.214.161.0.
(Those who say you can never have a zero or 255 octet may not understand how
the system design was affected by the binary numbering system.) This mask
creates a block of addresses from 130.214.160.0 to 130.214.191.255. Dropping
the top and bottom of the range gives you valid addresses of 130.214.160.1 -
130.214.191.254.
If you're troubleshooting communication between two hosts that are supposed to
be in the same subnet, use this chart to double-check that they are both in the
same block. Each block designates a subnet, so if they're in different blocks,
they're in different subnets. If a host communicates with computers inside its
subnet correctly, but not with those outside, check to see if the host's IP
address is in a different block than the IP address of the default gateway that
it's configured for—either the host IP or gateway IP must be wrong!
Here's the most important tip for Microsoft TCP/IP exam-takers: Memorize the
charts and write them out in the testing room before you begin the exam. You
are not allowed to bring it in already written, but you are provided
blank paper and pen/pencil, and you are allowed to write them out before
you begin. It will make the subnetting questions easy that might otherwise be
quite difficult, save you a great deal of time that you can use on other
questions, it will increase the accuracy of your answers. Its also much faster
than using the Windows calculator to convert between binary and decimal.
Finally, here are a few additional FAQ's:
-
Can "invalid" IP ranges work?
Yes, in some, but not all, circumstances. However, they won’t meet RFC
standards and may cause major problems for yourself and others.
-
Can IP addresses that can't be routed correctly over the Internet be used in
LAN's or other internal networks?
Yep, it's very common. You can also set your machines to the same IP's that are
used by others on the Internet as long as you don't connect yours to the
Internet.
-
Are any subnet masking limitations due to Microsoft's O/S's?
No, it's inherent in the architecture of DNS.
-
Can mask octets other than 192, 224, 240, 248, 252, 254, 255 be used?
Yes, there are circumstances where you might use other masks, but it is
extremely unlikely unless you're a olympic champion networking/routing expert.
-
Are there still other exceptions? Of course. For example, 10.anything
isn’t valid for IP addresses that need to be routed over the Internet, nor is
192.168.anything (except for the exceptions).
If you have specific questions you need answered, try the
Networking Resource Channel at Experts-Exchange.
Copyright © 1999-2006 John Lambert, all rights reserved. John is a premier field engineer with Microsoft.
Subnet Masking Articles MENU
|
|
