technique for managing large networks. Subnetting is also a divide-and-conquer technique.So, are they the same thing, and do they serve the same purpose?The answer is: No, but sort of kind of. But really, no.Although VLANs and subnets seem similar, VLANs are a layer 2 construct, and subnets are a layer 3 construct.In other words, VLANs have nothing to do with IP addresses and subnets have nothing to do with MAC addresses.That being said, it is very common — and usually desirable — to design your network with a one-to-one correspondence between VLANs and IP subnets. This usually simplifies the task of managing both.As an example, suppose you want to divide a single-office network with just a hundred or fewer users into three groups: End-user devices like computers and printers, servers and network devices, and Voice over Internet Protocol (VoIP) phones. You could use three VLANs to do this — call them VLAN 10, VLAN 20, and VLAN 30.You could then use three subnets — 192.168.10.x, 192.168.20.x, and 192.168.30.x.There’s a natural correspondence between these three VLANs and the three subnets, and network setup and management will be easier because the VLANs and subnets correspond to one another.Although you can have a single VLAN that supports multiple subnets, in most networks there is a one-to-one correspondence that allows the benefits of VLANs and subnets to complement one another.
Because the network ID portion of a subnet mask is always composed of consecutive bits set to 1, only eight values are possible for each octet of a subnet mask: 0, 128, 192, 224, 248, 252, 254, and 255.
A subnet address can't be all zeros or all ones. Thus, the number of unique subnet addresses is two less than two raised to the number of subnet address bits. For example, with three subnet address bits, six unique subnet addresses are possible (23 – 2 = 6). This implies that you must have at least two subnet bits. (If a single-bit subnet mask were allowed, it would violate the “can’t be all zeros or all ones” rule because the only two allowed values would be 0 or 1.)
IP block parties
A subnet can be thought of as a range or block of IP addresses that have a common network ID. For example, the CIDR 192.168.1.0/28 represents the following block of 14 IP addresses:
192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4192.168.1.5 192.168.1.6 192.168.1.7 192.168.1.8192.168.1.9 192.168.1.10 192.168.1.11 192.168.1.12192.168.1.13 192.168.1.14
Given an IP address in CIDR notation, it’s useful to be able to determine the range of actual IP addresses that the CIDR represents. This matter is straightforward when the octet within which the network ID mask ends happens to be 0, as in the preceding example. You just determine how many host IDs are allowed based on the size of the network ID and count them off.
However, what if the octet where the network ID mask ends is not 0? For example, what are the valid IP addresses for 192.168.1.100 when the subnet mask is 255.255.255.240? In that case, the calculation is a little harder. The first step is to determine the actual network ID. You can do that by converting both the IP address and the subnet mask to binary and then extracting the network ID as in this example:
IP address: 11000000 10101000 00000001 01100100 (192.168..100)Subnet mask: 11111111 11111111 11111111 11110000Network ID: 11000000 10101000 00000001 01100000 (192.168.1.96)
As a result, the network ID is 192.168.1.96.
Next, determine the number of allowable hosts in the subnet based on the network prefix. You can calculate this by subtracting the last octet of the subnet mask from 254. In this case, the number of allowable hosts is 14.
To determine the first IP address in the block, add 1 to the network ID. Thus, the first IP address in my example is 192.168.1.97. To determine the last IP address in the block, add the number of hosts to the network ID. In my example, the last IP address is 192.168.1.110. As a result, the 192.168.1.100 with subnet mask 255.255.255.240 designates the following block of IP addresses:
192.168.1.97 192.168.1.98 192.168.1.99 192.168.1.100192.168.1.101 192.168.1.102 192.168.1.10 192.168.1.104192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108192.168.1.109 192.168.1.110
Private and public addresses
Any host with a direct connection to the Internet must have a globally unique IP address. However, not all hosts are connected directly to the Internet. Some are on networks that aren't connected to the Internet. Some hosts are hidden behind firewalls, so their Internet connection is indirect.
Several blocks of IP addresses are set aside just for this purpose, for use on private networks that are not connected to the Internet or to use on networks that are hidden behind a firewall. Three such ranges of addresses exist, summarized in Table 3-5. Whenever you create a private TCP/IP network, you should use IP addresses from one of these ranges.
TABLE 3-5 Private Address Spaces
| CIDR | Subnet Mask | Address Range |
|---|---|---|
| 10.0.0.0/8 | 255.0.0.0 | 10.0.0.1–10.255.255.254 |
| 172.16.0.0/12 | 255.240.0.0 | 172.16.1.1–172.31.255.254 |
| 192.168.0.0/16 | 255.255.0.0 | 192.168.0.1–192.168.255.254 |
Pondering Ports
When you use an IP address, you often associate that IP address with a port, which enables a connection to a particular service. The best-known port is port 80, which corresponds to the HTTP of the World Wide Web. The combination of a transport protocol (for example, TCP), an IP address, and a port is called an Internet socket.
Although IP addresses are defined at layer 3 of the OSI model (the network layer), ports are a layer 4 construct. Layer 4 is the transport layer, so it makes sense that ports would live there.
Ports are commonly combined with IP addresses when used in URLs (also known as web addresses.) I dive deep into URLs in Chapter 6 of this minibook, so hold tight.
Ports are represented by 32-bit numbers, so they range from 0 to 65535. There are three ranges of port numbers:
0 to 1023: These are called well-known ports, and they’re used for the widely used services available on the Internet. Refer to Table 3-6 for a list of some of the most popular well-known ports.
1024 to 49151: These are called registered ports, and they’re assigned by the Internet’s governing authorities to various service providers. For example, Apple’s iTunes uses port 3689 and Adobe’s Media Server uses port 8134.
49152 to 65535: These are called dynamic ports, private ports, or ephemeral ports. These ports cannot be registered and are used only for a specific communication.
TABLE 3-6 Well-Known
