Friday, May 21, 2010

Subnet Masking

Subnet masking is possibly the hardest sub-topic of TCP/IP to learn, but it can be essential to make your network behave the way you need it to. If all you need is to understand its basic functionality, you can also see article defining subnet masking, otherwise, keep reading for some how-to based on three charts you can print and save to make your calcuations easier. I also have a definition of IP addressing, if you're fuzzy on that.












IP Class Chart, Table 1: This table allows you to quickly determine the class of an IP address given the first binary digits or the first octet. 127 is left out of the range on purpose. If you want to understand why, you will need to understand some binary math and know that network and host IP addresses may never be all ones or zeroes. (The best tutorial I've seen is a pamphlet titled "Lifting the Mask: How IP Addressing Works," by Jonathan D. Ely. It used to be included with Transcender's TCP/IP test prep software.) Since 127 can’t be used for network/host ID’s, 127.0.0.1 is the IP address used for loopback testing.
Why are the first binary digits for class C 110 instead of just 11? It makes the class-C range end at 223. Initial octets (w in the w.x.y.z scheme) of 224-255 are reserved for multicasting, research, etc., and may not be used for normal network/host ID’s that are going to be connected to the Internet.









Subnet Mask Chart, Table 2: If an octet (8 bits) that is usually used for a host ID is masked, the Bit Split column shows how many of the 8 bits are added to the network ID and how many remain for the host ID. This is very important for determining validity of IP addresses and masks when masks other than zero or 255 are used.
The Subnet Mask column shows all standard masks – no other number can work as a mask. (Zero can appears in a masks, but a zero octet does not mask any bits.)
Each octet can have decimal numbers ranging from 0-255. If you divide them into 4 equal blocks, you have 64 in each block, and hence you have the "block size" column. You will use this column to refer to Table 3.
For reasons I won't go into here, when you divide an octet into blocks, you cannot use the top and bottom block. So when you divide it into 4 blocks and can’t use the top (0-63) or bottom (192-255) blocks, you only have 2 useable blocks. If you divide it into 32 blocks, you only have 30 useable blocks, and this is where the Maximum Useable Subnets column comes from – total blocks minus 2.
If you have a specific subnet mask, the 3 columns on the right show how many IP addresses are available for each subnet. For example, if you are given a network address of 194.87.192.0 and a mask of 255.255.255.248, you look up 194 on Table 1 to confirm that it’s a Class C address. Then look in Table 2 at the row with mask number 248 and the column for the Number of Class C IP’s Per Subnet, and see that each subnet can have up to 6 IP addresses. (Those six are all you have for hosts, servers, and routers on one subnet.)





Minus-2 Block Chart, Table 3: Okay, this is a block chart. Why call it a "Minus 2" block chart? It reinforces two critical issues: 1.) The top and bottom ranges are not usable (marked with a dark background); and, 2.) In the valid ranges, the first and last IP addresses are not usable. For example, with a class C subnet, if you're checking the validity of the IP address 198.204.35.160 with a mask of 255.255.255.224, if you forget that the first IP in that range is invalid, you will incorrectly think that there's nothing wrong with that address and subnet mask combination.
Here's a class B example: With a subnet mask of 255.255.224.0, an IP address of 130.214.160.1 is perfectly valid, and so are 130.214.160.255 and 130.214.161.0. (Those who say you can never have a zero or 255 octet may not understand how the system design was affected by the binary numbering system.) This mask creates a block of addresses from 130.214.160.0 to 130.214.191.255. Dropping the top and bottom of the range gives you valid addresses of 130.214.160.1 - 130.214.191.254.
If you're troubleshooting communication between two hosts that are supposed to be in the same subnet, use this chart to double-check that they are both in the same block. Each block designates a subnet, so if they're in different blocks, they're in different subnets. If a host communicates with computers inside its subnet correctly, but not with those outside, check to see if the host's IP address is in a different block than the IP address of the default gateway that it's configured for—either the host IP or gateway IP must be wrong!
Here's the most important tip for Microsoft TCP/IP exam-takers: Memorize the charts and write them out in the testing room before you begin the exam. You are not allowed to bring it in already written, but you are provided blank paper and pen/pencil, and you are allowed to write them out before you begin. It will make the subnetting questions easy that might otherwise be quite difficult, save you a great deal of time that you can use on other questions, it will increase the accuracy of your answers. Its also much faster than using the Windows calculator to convert between binary and decimal.
Finally, here are a few additional FAQ's:
Can "invalid" IP ranges work? Yes, in some, but not all, circumstances. However, they won’t meet RFC standards and may cause major problems for yourself and others.
Can IP addresses that can't be routed correctly over the Internet be used in LAN's or other internal networks? Yep, it's very common. You can also set your machines to the same IP's that are used by others on the Internet as long as you don't connect yours to the Internet.
Are any subnet masking limitations due to Microsoft's O/S's? No, it's inherent in the architecture of DNS.
Can mask octets other than 192, 224, 240, 248, 252, 254, 255 be used? Yes, there are circumstances where you might use other masks, but it is extremely unlikely unless you're a olympic champion networking/routing expert.
Are there still other exceptions? Of course. For example, 10.anything isn’t valid for IP addresses that need to be routed over the Internet, nor is 192.168.anything (except for the exceptions).