Subnet Masks in Binary
The easiest way to explain a subnet mask is by looking at the IP address and subnet mask in its binary format. Before you continue, be sure you have a good grip on counting with binary, we have provided a quick binary primer if you need a refresher. If you do not care for the intricasies of calculating a subnet mask and just need to know the correct mask for your situation, we have provided a reference table.
Not to mention you should already be familiar with the IP address. This article explains the basic use of an IP address and why we need a subnet mask.
A regular IP address when converted to binary is 32 bits in length, each segment being 8 bits long. Refer to our first address example of 63.26.15.5 with a subnet mask of 255.255.255.0 in binary.
Network and Host Addresses
In this example, it is only the last segment that changes from one host to another; this last segment is known as the host address; the first 3 segments, for this example, make up the network address. If we were to use an address with a subnet mask of 255.255.0.0 then the first 2 segments would make up the network address and the last two would be the host address. This is the kind of effect the subnet mask has on your IP address. It determines how big your network group is.
With that said, to go into any deeper detail we must look at the addressing in binary. Since we are just dealing with 32 binary bits we can stop grouping them in sets of 8 bits per segment and deal with them as a 32 bit string. Now when you create a mask, it does not have to be limited to groups of 8 bits (and it can have man more values than 255 or 0). These are called Variable Length Subnet Masks (VLSMs). By calculating out your VLSM you can create any block of IP addresses in sizes of powers of 2 minus 2.
For example, We can create a mask that only allows for 14 hosts (remember 14 hosts is 2 to the power of 4 then we subtract 2). Knowing that it is 2 to the power of 4, we know that we have an address block (subnet) with 4 bits for the hosts. That leaves a remaining 28 bits for the network address, also known as a /28. Now that we know the size of the network block we want (14 hosts) let's calculate the subnet mask that we would use for a /28 network.
CLUE: A block of IP addresses is referred to as a subnet. Because of this that is how subnet masks got their name,they are key into declaring how large a subnet actually is.
First map out your binary numbers again and keep them in groups of 8 bits each. That makes it easy to get the decimal number for each segment. Since our network size is 28 bits long we represent that with a string of 28 1s and the remainings 4 bits as 0s. So the first 3 segments (of 8 bits each) are all 1s. The decimal equivalent of an 8 bit segment of all 1s is 255. So the first 3 segments are 255. That leaves us with 4 bits left in the mask for the last segment. It will look something like this:
128 64 32 16 8 4 2 1
1 1 1 1 0 0 0 0
To make it easy, we have included a subnet mask calculator. This calculator converts decimal IP addresses and Subnet Masks. You can also optionally enter a destination IP address to see the results.
Add up the bits that are flagged with a one and we see that the last segment of the subnet mask with 14 hosts ( 16 - 2 ) is 240. For a subnet mask of 255.255.255.240 That is pretty much it with creating subnet masks, but now you need to learn a new rule about addressing.
IP Addresses with VLSMs
When you use a subnet mask of 255.255.255.192 what you have essentially done is divided up your last segment into 4 blocks (subnets). Using the binary of the last segment we can see our subnet mask only uses the first 2 most significant bits. Recall that the network address is made up from all the bits that line up with the 1s in the subnet mask. So in this case the network address 'overflows' into the last segment because it has two bits available in the last segment. The host address has the last 6 bits in the last segment. Let's see what this subnet masks looks like:
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
First lets say we have a network subnet of 10.10.10.X and we are using the same subnet mask 255.255.255.192 Our network host (HOST1) is currently using the address 10.10.10.75 Now lets display the binary of the last segment for both the subnet mask and the address of our host.
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0
HOST1 0 1| 0 0 1 0 1 1
|
Network Host
Notice the bar I drew in that divides the bits of the last segment. The last 6 bits on right are the host bits, we know this because it matches up with all the 0s in the subnet masks. Fromt he same logic we know about all the bits for the entwork masks because of the same reason, the network address matches up with all the 1s in the subnet mask.
So let's calculate the first and last addresses that can exist on the subnet of HOST1. To do this, that the ful address of the host and make the host side all 0s and do it again with all 1s. Look at the example:
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0=192
HOST1 0 1| 0 0 1 0 1 1=75
0s 0 1| 0 0 0 0 0 0=64
1s 0 1| 1 1 1 1 1 1=127
|
Network Host
The valid host addresses in the same subnet as our sample host are in the range of 10.10.10.64 - 10.10.10.127
Notice how there is specific requirements of the available addresses in the subnet.
So why doesn't a host with the IP address of 10.10.10.33 and SM 255.255.255.192 (HOST2) see HOST1 as a local computer?
Let's display all the data in binary:
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0=192
HOST1 0 1| 0 0 1 0 1 1=75
HOST2 0 0| 1 0 0 0 0 1=33
|
Network Host
Look at the first 2 bits in the network section of the each host. HOST1 and HOST2 have DIFFERENT network addresses! So a subnet mask plays a much more complicated role than just declaring the size of a subnet. It also limits that addresses you can use in a subnet. In our last example we noticed that a subnet mask of 255.255.255.192 will create a subnet of 64 addresses (for 62 hosts). But if you tried to start the addressing at 10.10.10.32 - 10.10.10.95 what actually happens is that your subnet overlapps into two separate subnets. Just do the calculations and you will see (just as I displayed above) that the network addresses of the first 32 hosts in the invalid subnet will have a different network address than the last 32 hosts in the invalid subnet.
Application
Learing how to create and declare subnet masks is not only useful for the technicians of ISPs who are assigning subnets to their customers. Using subnet masks is also key for firewalls and access lists. If you group IP addresses together based on host type (such as assigning all the workstations the addresses 10.10.10.128 - 10.10.10.254 and the servers the addresses 10.10.10.1 - 10.10.10.127) but use the subnet mask 255.255.255.0 (so that the hosts will communicate directly) you can then use masking as a way to apply different access rules with your firewall without having to specify each IP address individually.
No comments:
Post a Comment