target="_blank" rel="nofollow" href="#ulink_4b37aabf-5751-58f0-b323-5990052c1ec8">FIGURE 3-3: A network before and after subnetting.
In the second network, the first four bits of the host ID are used to divide the network into two small networks, identified as subnets 16 and 32. To the outside world (that is, on the other side of the router), these two networks still appear to be a single network identified as 144.28.0.0. For example, the outside world considers the device at 144.28.16.22 to belong to the 144.28.0.0 network. As a result, a packet sent to this device will be delivered to the router at 144.28.0.0. The router then considers the subnet portion of the host ID to decide whether to route the packet to subnet 16 or subnet 32.
Subnet masks
For subnetting to work, the router must be told which portion of the host ID should be used for the subnet network ID. This little sleight of hand is accomplished by using another 32-bit number, known as a subnet mask. Those IP address bits that represent the network ID are represented by a 1 in the mask, and those bits that represent the host ID appear as a 0 in the mask. As a result, a subnet mask always has a consecutive string of ones on the left, followed by a string of zeros.
For example, the subnet mask for the subnet shown in Figure 3-3, where the network ID consists of the 16-bit network ID plus an additional 4-bit subnet ID, would look like this:
11111111 11111111 11110000 00000000
In other words, the first 20 bits are ones, and the remaining 12 bits are zeros. Thus, the complete network ID is 20 bits in length, and the actual host ID portion of the subnetted address is 12 bits in length.
To determine the network ID of an IP address, the router must have both the IP address and the subnet mask. The router then performs a bitwise operation called a logical AND on the IP address in order to extract the network ID. To perform a logical AND, each bit in the IP address is compared with the corresponding bit in the subnet mask. If both bits are 1, the resulting bit in the network ID is set to 1. If either of the bits are 0, the resulting bit is set to 0.
For example, here’s how the network address is extracted from an IP address using the 20-bit subnet mask from the previous example:
IP address: 10010000 00011100 00010000 00010001 (144.28.16.17)Subnet mask: 11111111 11111111 11110000 00000000Network ID: 10010000 00011100 00010000 00000000 (144.28.16.0)
Thus, the network ID for this subnet is 144.28.16.0.
The subnet mask itself is usually represented in dotted-decimal notation. As a result, the 20-bit subnet mask used in the previous example would be represented as 255.255.240.0:
Subnet mask: 11111111 11111111 11110000 00000000 255 . 255 . 240 . 0
Don’t confuse a subnet mask with an IP address. A subnet mask doesn’t represent any device or network on the Internet. It’s just a way of indicating which portion of an IP address should be used to determine the network ID.
Note that a subnet mask cannot be an arbitrary collection of octets. Instead, a subnet mask always has a certain number of binary 1s on its left side, and the remaining bits of the mask are always 0. This limits the dotted-decimal representation of a subnet mask to certain values.
Network prefix notation
Because a subnet mask always begins with a consecutive sequence of ones to indicate which bits to use for the network ID, you can use a shorthand notation — a network prefix — to indicate how many bits of an IP address represent the network ID. The network prefix is indicated with a slash immediately after the IP address, followed by the number of network ID bits to use. For example, the IP address 144.28.16.17 with the subnet mask 255.255.240.0 can be represented as 144.28.16.17/20 because the subnet mask 255.255.240.0 has 20 network ID bits.
Network prefix notation is also called classless interdomain routing notation (CIDR, for short) because it provides a way of indicating which portion of an address is the network ID and which is the host ID without relying on standard address classes.
Default subnets
The default subnet masks are three subnet masks that correspond to the standard Class A, B, and C address assignments. These default masks are summarized in Table 3-4.
TABLE 3-4 The Default Subnet Masks
| Class | Binary | Dotted-Decimal | Network Prefix |
|---|---|---|---|
| A | 11111111 00000000 00000000 00000000 | 255.0.0.0 | /8 |
| B | 11111111 11111111 00000000 00000000 | 255.255.0.0 | /16 |
| C | 11111111 11111111 11111111 00000000 | 255.255.255.0 | /24 |
The great subnet roundup
You should know about a few additional restrictions that are placed on subnets and subnet masks. In particular
The minimum number of network ID bits is eight. As a result, the first octet of a subnet mask is always 255.
The maximum number of network ID bits is 30. You have to leave at least two bits for the host ID portion of the address to allow for at least two hosts. If you use all 32 bits for the network ID, that leaves no bits for the host ID. Obviously, that won't work. Leaving just one bit for the host ID won’t work, either, because a host ID of all ones is reserved for a broadcast address, and all zeros refers to the network itself. Thus, if you use 31 bits for the network ID and leave only 1 for the host ID, host ID 1 would be used for the broadcast address, and host ID 0 would be the network itself, leaving no room for actual hosts. That's why the maximum network ID size is 30 bits.SUBNETS VERSUS VLANsAll of this talk of subnets might have you wondering: What’s the difference between subnets and virtual local area networks (VLANs)? If you’ve read Book 1, Chapter 2,
