The great subnet roundup
You should know about a few additional restrictions that are placed on subnets and subnet masks. In particular
The minimum number of network ID bits is eight. As a result, the first octet of a subnet mask is always 255.
The maximum number of network ID bits is 30. You have to leave at least two bits for the host ID portion of the address to allow for at least two hosts. If you use all 32 bits for the network ID, that leaves no bits for the host ID. Obviously, that won't work. Leaving just one bit for the host ID won’t work, either, because a host ID of all ones is reserved for a broadcast address, and all zeros refers to the network itself. Thus, if you use 31 bits for the network ID and leave only 1 for the host ID, host ID 1 would be used for the broadcast address, and host ID 0 would be the network itself, leaving no room for actual hosts. That's why the maximum network ID size is 30 bits.SUBNETS VERSUS VLANsAll of this talk of subnets might have you wondering: What’s the difference between subnets and virtual local area networks (VLANs)? If you’ve read Book 1, Chapter 2, you know that VLANs are a divide-and-conquer technique for managing large networks. Subnetting is also a divide-and-conquer technique.So, are they the same thing, and do they serve the same purpose?The answer is: No, but sort of kind of. But really, no.Although VLANs and subnets seem similar, VLANs are a layer 2 construct, and subnets are a layer 3 construct.In other words, VLANs have nothing to do with IP addresses and subnets have nothing to do with MAC addresses.That being said, it is very common — and usually desirable — to design your network with a one-to-one correspondence between VLANs and IP subnets. This usually simplifies the task of managing both.As an example, suppose you want to divide a single-office network with just a hundred or fewer users into three groups: End-user devices like computers and printers, servers and network devices, and Voice over Internet Protocol (VoIP) phones. You could use three VLANs to do this — call them VLAN 10, VLAN 20, and VLAN 30.You could then use three subnets — 192.168.10.x, 192.168.20.x, and 192.168.30.x.There’s a natural correspondence between these three VLANs and the three subnets, and network setup and management will be easier because the VLANs and subnets correspond to one another.Although you can have a single VLAN that supports multiple subnets, in most networks there is a one-to-one correspondence that allows the benefits of VLANs and subnets to complement one another.
Because the network ID portion of a subnet mask is always composed of consecutive bits set to 1, only eight values are possible for each octet of a subnet mask: 0, 128, 192, 224, 248, 252, 254, and 255.
A subnet address can't be all zeros or all ones. Thus, the number of unique subnet addresses is two less than two raised to the number of subnet address bits. For example, with three subnet address bits, six unique subnet addresses are possible (23 – 2 = 6). This implies that you must have at least two subnet bits. (If a single-bit subnet mask were allowed, it would violate the “can’t be all zeros or all ones” rule because the only two allowed values would be 0 or 1.)
IP block parties
A subnet can be thought of as a range or block of IP addresses that have a common network ID. For example, the CIDR 192.168.1.0/28 represents the following block of 14 IP addresses:
192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4192.168.1.5 192.168.1.6 192.168.1.7 192.168.1.8192.168.1.9 192.168.1.10 192.168.1.11 192.168.1.12192.168.1.13 192.168.1.14
Given an IP address in CIDR notation, it’s useful to be able to determine the range of actual IP addresses that the CIDR represents. This matter is straightforward when the octet within which the network ID mask ends happens to be 0
, as in the preceding example. You just determine how many host IDs are allowed based on the size of the network ID and count them off.
However, what if the octet where the network ID mask ends is not 0? For example, what are the valid IP addresses for 192.168.1.100 when the subnet mask is 255.255.255.240? In that case, the calculation is a little harder. The first step is to determine the actual network ID. You can do that by converting both the IP address and the subnet mask to binary and then extracting the network ID as in this example:
IP address: 11000000 10101000 00000001 01100100 (192.168..100)Subnet mask: 11111111 11111111 11111111 11110000Network ID: 11000000 10101000 00000001 01100000 (192.168.1.96)
As a result, the network ID is 192.168.1.96.
Next, determine the number of allowable hosts in the subnet based on the network prefix. You can calculate this by subtracting the last octet of the subnet mask from 254. In this case, the number of allowable hosts is 14.
To determine the first IP address in the block, add 1 to the network ID. Thus, the first IP address in my example is 192.168.1.97. To determine the last IP address in the block, add the number of hosts to the network ID. In my example, the last IP address is 192.168.1.110. As a result, the 192.168.1.100 with subnet mask 255.255.255.240 designates the following block of IP addresses:
192.168.1.97 192.168.1.98 192.168.1.99 192.168.1.100192.168.1.101 192.168.1.102 192.168.1.10 192.168.1.104192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108192.168.1.109 192.168.1.110
Private and public addresses
Any host with a direct connection to the Internet must have a globally unique IP address. However, not all hosts are connected directly to the Internet. Some are on networks that aren't connected to the Internet. Some hosts are hidden behind firewalls, so their Internet connection is indirect.
Several blocks of IP addresses are set aside just for this purpose, for use on private networks that are not connected to the Internet or to use on networks that are hidden behind a firewall. Three such ranges of addresses exist, summarized in Table 3-5. Whenever you create a private TCP/IP network, you should use IP addresses from one of these ranges.
TABLE 3-5 Private Address Spaces
CIDR | Subnet Mask | Address Range |
---|---|---|
10.0.0.0/8 | 255.0.0.0 | 10.0.0.1–10.255.255.254 |
172.16.0.0/12 | 255.240.0.0 | 172.16.1.1–172.31.255.254 |
192.168.0.0/16 | 255.255.0.0 | 192.168.0.1–192.168.255.254 |
Pondering Ports
When you use an IP address, you often associate that IP address with a port, which enables a connection to a particular service. The best-known port is port 80, which corresponds to the HTTP of the World Wide Web. The combination of a transport protocol (for example, TCP), an IP address, and a port is called an Internet socket.
Although IP addresses are defined at layer 3 of the OSI model (the network layer), ports are a layer 4 construct. Layer 4 is the transport layer, so it makes sense that ports would live there.
Ports are commonly combined with IP addresses when used in URLs (also known as web addresses.) I dive deep into URLs in