ICND1 100-105

ICND1 100-105

Constructing an IP Network Addressing Scheme

Our knowledge of binary numbers leads us directly into the structure of IP addresses, and best practices in allocating them. We are going to describe classful and classless operations, including use of subnets. Using real-life examples we will describe the process of calculating sudden host addresses. In doing so, we will describe the use of subnet masks, and how they are used by insistence and by routers. You will actually get a chance to practice, subnet mask operations using class A, B, and C IP addresses.

Flat Topology

When talking about routing one tends to think about forwarding packets to remote destinations. The immediate thought is WAN and the Internet; however, routing also makes sense in the campus network and even in smaller local area networks for the purposes of traffic segmentation. If we do not have routing, then we are talking about one flat network or flat topology where all devices belong to the same logical segment. A logical segment is a broadcast domain and so all the devices in a flat topology would share the same broadcast domain and all of them would see each others’ broadcasts affecting performance and throughput in the network. The only intelligence in filter mechanism would be a layer 2 switch, which forwards based on MAC addresses. MAC addresses have no hierarchical structure and we are still talking about a flat network. The more machines you add, and more devices you add, the more performance degradation you are going to experience. Routers can be used in these scenarios to break the network into multiple broadcast domains or subnets.

Subnetworks

The advantages are not only on the performance side. With the segmentation like this in multiple subnets, overall traffic is reduced, each subnet is a broadcast domain and, therefore, broadcasts coming from engineering in this example would not touch manufacturing.

Subnetworks

A router effectively stops local broadcasts; however, there are more advantages with the subnetting. You are breaking things into smaller pieces and this divide-and-conquer approach will make things easier to manage. Also, you compartmentalize the network and then you can apply different polices to the different compartments. The router would be a policy in force or at that point, because it controls traffic from one subnet to the other, here also isolating network problems. If something happens on one subnet, then the effect is mitigated even by the router in other subnets.

Examples are also related to security. A denial of service attack may not reach other subnets if the router is acting as some sort of a firewall in the middle, regardless of the reason for subneting when we do we need to assign each subnet a different network or subnet ID and then hosts within that subnet would have a unique host ID portion of the IP address.

What a Subnet Mask Does

How can we tell which portion of the IP address is the network and which portion is the host? In classful routing, the class would tell us which bytes are dedicated to the network ID and which bytes are dedicated to the host. When we subnet a classful IP address, what we are doing is stealing bits from the host portion of the address and then making them part of the subnet portion of the address. We are effectively creating a third leg of the hierarchy. We are going to have the network defined by the class, but also a subnet and also then the host. We are dividing networks into subnets and then subnets contain hosts.

This is a hierarchy that is similar to our telephone numbering system; we have country codes and then city codes and then telephone numbers. Telephone numbers make sense within a city, which has a city code and the cities are part of a country. When we do this, we are talking about a classless environment. In classless routing, the class of the address no longer tells us what portion of the address is network, subnet, or host. It is in the subnet mask, the one component that will tell us each section. In this context, then the mask is not similar to the Halloween masks that your kids may use. This is a mask that serves as a pair of glasses to look at the addresses differently. It is a measuring tool that tells you how far to look into the IP address to find the network piece, then the subnet piece, and then what is left is the host piece.

Possible Subnets and Hosts for a Class C Network

The subnet mask is going to be used by hosts, to identify traffic that goes outside of their own subnet, and it is also going to be used by routers to identify networks and subnets and be able to forward traffic toward those destinations. In more specific terms, it is nothing more than a tool for borrowing bits, the example here is a class C network. The classful paradigm tells us that the first three bytes of the address represent the network portion, whereas the last byte represents the host portion. Well, when subnetting, we want to create subnets out of the network; the network bytes are fixed and so we are going to need to use some of the bits dedicated to the host as subnet bits. One general rule here is that we are borrowing bits, in other words, the more bits we take from the host portion, the fewer hosts we are going to be able to represent. But the more subnets we will have, how many subnets and how many hosts, it depends on the number of bits we borrow; it will also be a factor of powers of 2.

Class C Network

Number of Bits Borrowed
(s)
Number of Subnets Possible
(2s)
Number of Bits Remaining in Host ID
(8 - s = h)
Number of Hosts Possible Per Subnet
(2h - s)
1 2 7 128
2 4 6 64
3 8 5 32
4 16 4 16
5 32 3 8
6 64 2 4
7 128 1 2

In this class C example, we will call the number of borrowed bits S, and then that gives us H number of hosts, where H is nothing more than 8-S. Again, the more subnet bits we borrow, the fewer hosts we are going to have and the total bits we have available to borrow in a class C is 8. With 1 bit, we are going to be able to represent 2 to the first power as a number of subnets that is 2 subnets. That leaves us with the 7 bits for the host and that means 126 possible hosts per subnet. Notice that 2 to the seventh power is 128, but we do have 2 reserved addresses, all 0s and all ls. Neither can be used as a host address because those are reserved; they represent the network itself and the broadcast. You can reach similar conclusions if you increase the number of bits borrowed. The more bits you borrow, the more subnets you will have, the fewer hosts you will have.

Possible Subnets and Hosts for a Class B Network

In this class B example, we have more room to borrow bits from the host portion. But it follows the similar process and a similar logic. In this example, we borrow, let us say, 4 bits. That means we have room for 16 subnets out of the class B network; that leaves us with 12 bits for the host. This time we have 16 available minus 4 and that is 12; 2 to the 12th power is 4096, but we have to subtract the two reserved addresses and that gives us 4094 hosts for each one of the four subnets.

Class B Network

Number of Bits Borrowed
(s)
Number of Subnets Possible
(2s)
Number of Bits Remaining in Host ID
(8 - s = h)
Number of Hosts Possible Per Subnet
(2h - s)
1 2 15 32 766
2 4 14 16 382
3 8 13 8 190
4 16 12 4 094
5 32 11 2 046
6 64 10 1 022
7 128 9 510
... ... ... ...

Possible Subnets and Hosts for a Class A Network

The same goes for class A addresses. This time, we have a lot more bits to borrow and this is probably the most flexible one in terms of subnetting. That is probably why one of the most popular private IP addresses or network addresses is the network 10, the class A private address. With that, you can actually borrow the whole second byte to represent your subnets and still you have a few thousand hosts available per subnet.

Class A Network

Number of Bits Borrowed
(s)
Number of Subnets Possible
(2s)
Number of Bits Remaining in Host ID
(8 - s = h)
Number of Hosts Possible Per Subnet
(2h - s)
1 2 23 8 388 606
2 4 22 4 194 302
3 8 21 2 097 150
4 16 20 1 048 574
5 32 19 524 286
6 64 18 262 142
7 128 17 131 070
... ... ... ...

End System Mask Operation

End systems and hosts will use the subnet mask to identify the network that they are located at in terms of the IP hierarchy. They will then compare that network with the destination address of their packets; if the destination matches their own network according to the mask, then they will try to send an ARP request in trying to obtain the MAC address of the destination. It will then forward a packet straight to the destination in the local subnet.

Mask Operation

If the networks do not match on the other hand, then that means the destination is another remote network and they will need to resolve for the router’s IP address. The router is the component that will take them to or forward their packets to the remote destination. The router’s IP address is nothing more than the default gateway configured in each one of the machines.

How Routers Use Subnet Masks

The function of the subnet mask is the same in the case of routers, but the routers are going to use the information differently. They will receive packets in understanding that they are responsible for forwarding them to the intended destination. They will use the mask to compare the destination IP with the known destinations in the routing table. In this example, the naming convention for the subnet mask is / and then the number, where the number tells the router which bits are the network portion of the address.

Routers Subnet Masks

A /24 means that the first 3 bytes or 24 bits are the network portion of the address. Also, in this example, host A is trying to send packets to destination 10.3.1.23; that host will use the mask /24 to compare its own subnet ID. This time, 10.1.1, the first 3 bytes to the destination subnet ID, which is 10.3.1. They do not match, so host A will send the packet to the router. The router then will use the mask information to match that destination subnet to the entries in the routing table, and again the entries in the routing table are /24s and so it will compare those 3 bytes with the destination IP and it will find that there is an entry that matches the destination. Not only that, but it follows that the outgoing interface to forward that packet through is Fa0/0. That is how the packet reaches router B, which follows the same procedure and delivers the packet to the directly connected subnet.

Applying the Subnet Address Scheme

So when subnetting the network, we need to make sure of several things. First, we need to plan our subnetting scheme and our subnetting strategy and steal as many bits from the host portion of the address as needed to represent the subnets that we have and the hosts that we have. When that design portion is complete, then we need to allocate and assign the subnets to actual network segments. The subnet mask is a tool that will tell all devices, hosts, and routers how to read the destinations and how to forward packets accordingly.

Octet Values of a Subnet Masks

We know why we need subnet masks, but what does one look like and how do we build them and design them? Well, a subnet mask will be nothing more than a 4-byte word similar to an IP address. In other words, it is a string of 32 bits, 1s or 0s. So the subnet mask looks like an IP address, but it is not, because along with the IP address to allow you to identify the host portion of the address, the subnet ID and the network portion of the address, in that sense, all 1s in the subnet mask indicate that the corresponding bits of the IP address is part of the network portion of the address. All 0s in the subnet mask indicate that the corresponding bit of the IP address will be part of the host portion of the address.

Now remember, we said that subnet masks are nothing more than a borrowing mechanism. We will shift the default mask to the right and borrowing bits from the host portion of the address, and so that results in one of the key features of the subnet mask, which is that the 1s are always consecutive and so are the 0s.

Octets of a Subnet Masks

As we move down this diagram, then we will see that this makes sense in terms of our knowledge of the binary to decimal conversions. In the end, you also see that all 1s is number 255, which is the greatest subnet mask or representation of the subnet mask in decimal numbers for any byte. That is why in the example below, 24 consecutive bits set to 1 results in the subnet mask 255.255.255.0. This is starting to get annoying, so let us take a look at couple of examples.

Default Subnet Masks

In the case of a class A address, the 10.0.0.0 up there at the top, the default subnet mask, the one that tells us how the address class, identifies the network portion of the address is going to be all 1s in the first octet, and rest of the three bytes are 0s. Well that is nothing more than 255.0.0.0 in decimal notation. What is the /8 then? We human beings are not only not too smart but also we tend to be a little lazy, and so instead of typing 255.0.0.0, we want to do better; /8 means that the mask has 8 consecutive bits set to one and the rest are 0s. This gives you another feature of subnet masks.

Example Class A address (decimal) 10.0.0.0
Example Class A address (binary) 00001010.00000000.00000000.00000000
Default Class A mask (binary) 11111111.00000000.00000000.00000000
Default Class A mask (decimal) 255.0.0.0
Default classful prefix length /8
Example Class B address (decimal) 172.16.0.0
Example Class B address (binary) 10101100.00010000.00000000.00000000
Default Class B mask (binary) 11111111.11111111.00000000.00000000
Default Class B mask (decimal) 255.255.0.0
Default classful prefix length /16
Example Class C address (decimal) 192.168.42.0
Example Class C address (binary) 11000000.10101000.00101010.00000000
Default Class C mask (binary) 11111111.11111111.11111111.00000000
Default Class C mask (decimal) 255.255.255.0
Default classful prefix length /24

When we subnet, we always start from the left and move to the right in defining the number of bits set to 1 that will give us the network and subnet IDs. Knowing that a subnet mask has 32 bits, all we need to know is how many bits are set to 1, because with that we know that the rest of the bits will be a consecutive string of 0s. Something similar happens in classes B and C. For class B, 172.16.0.0, is the default mask, the one that tells us that the class one is 2 bytes set to 1 that is 255.255.0.0 or /16. The same thing is true for class C addresses with that default mask, which is nothing more than a /24.

Procedure for Implementing Subnets

It is now time to look at this as a process in which we obtain an IP address from a registry authority like IANA or Internet Assigned Numbers Authority and then split it into multiple subnets. We get one network; will need more than one, because most likely we do not have a flat structure or topology. The number of segments in our network will give us the number of subnets we need. It is time then to define a new subnet mask that extends the default mask to the right. Well, we know that the subnet mask is nothing more than a borrowing tool and so we will go ahead and calculate the number of bits we need to borrow in order to represent the number of subnets required.

Remember that every bit we borrow from the host will take away from the host number. The more subnets we have, the fewer hosts per subnet. With that in mind we will reach a new subnet mask. It will most likely be a string of 1s and 0s, rather consecutive 1s followed by consecutive 0s. It will be our job to make it a decimal value and represent it in dotted decimal notation. With the new mask, it is now time to define the subnets. In other words, it is similar to creating or generating area codes. If we compare the network that was given by the registry authority to a country code, we will then create area codes out of the country code. Each network segment will be allocated a different unique subnet ID within the network and then each host will need to have unique host identifiers within the subnet to create our hierarchy. When the planning is done, it is time to go into each host, device, and router and apply the IP addressing scheme with the appropriate mask.