Subnet Masks


Subnet Masks

Subnet masks are essential tools in network design, but can make things more difficult to understand. Subnet masks are used to split a network into a collection of smaller subnetworks. This may be done to reduce network traffic on each subnetwork, or to make the internetwork more manageable as a whole. To all intents and purposes, each subnetwork functions as if it were an independent network, as far as entries in the routing table are concerned. The illustration below shows how a routing table looks when subnet masks are used on a network.

Interface configuration for router 1

Interface IP Address  Subnet mask
E0        150.4.2.1   255.255.255.0
E1        150.4.3.1   255.255.255.0
E2        150.4.1.1   255.255.255.0


150.4.0.0 is subnetted with three subnets
c    150.4.1.0   directly connected   Ethernet 2
c    150.4.2.0   directly connected
   Ethernet 0
c    150.4.3.0   directly connected   Ethernet 1


As you can see, the routing table notes that the class B network is subnetted, and recognizes each subnet as a separate entry in the routing table.

As the subnet mask is the area that causes most confusion, let's look more closely at how the subnet mask works.

Communication between a node on a local subnetwork and a node on a different subnetwork is like communication between nodes on two different networks. To a user, routing between subnetworks is transparent. Internally, however, the IP software recognizes any IP addresses that are destined for a subnetwork and sends those packets to the gateway for that subnetwork.

When subnet masks are used, an IP address is interpreted as follows:

[IP address] = [Network address][Subnetwork address][Host address]

This shows that when a network is divided into subnetworks, the host address portion of the IP address is divided into two parts, the subnetwork address and the host address.
For example, if a network has the Class B IP network address portion 129.47, the remainder of the IP address can be divided into subnetwork addresses and host addresses. This division is controlled by the network administrator to allow the most flexibility for network development at the site.

A subnet mask is the mechanism that defines how the host portion of the IP address is divided into subnetwork addresses and local host address portions. The subnet mask is a 32-bit, (four byte) number, just as an IP address is.

To understand the mechanics of the subnet mask, it is important to know a little of binary arithmetic. We will go through the process of working out how subnet masks work longhand, then show a shortcut.

In binary numbers, the only digits available are 0 and 1. The rightmost digit of a binary number represents the amount of ones in the number (either 0 or 1). The next number represents the amount of twos, either 0 or 1, the next number, the amo unt of fours etc. Thus to convert the eight bit binary number 01101001, to the more familiar decimal, we need to use the map below:


128 64 32 16 8 4 2 1


  0  1  1  0 1 0 0 1
 

Thus, the binary number 01101001 is in fact 105 in the more familiar decimal notation. If you have eight zeroes in a binary number, the decimal value is obviously zero. If you have eight ones, the decimal value is 255.

To see how a subnet mask splits up the host portion into subnet address and host address, it is necessary to convert both the IP address and the subnet mask to binary numbers. Once the IP address and subnet mask have been converted to binary, a logical AND is performed between the address and subnet mask (which means the resultant value is 1 if both IP and subnet mask value are a 1; otherwise the result is zero). Let's look at an example:


IP Address  : 201.222.5.121
Subnet Mask : 255.255.255.248

201.222.5.121 : 11001001.11011110.00000101.01111 001 255.255.255.248 : 11111111.11111111.11111111.11111 000 Subnet : 11001001.11011110.00000101.01111 000 201. 222. 5. 120

Thus, the resultant subnet address is 201.222.5.120. This subnet mask is said to have five bits in the subnet field, which leaves three bits to define hosts. (Note that the last three bits of the fourth byte are separated off to show the effect of the subnet mask.) With three binary bits, there are eight possible values (0 through7). However, there are only six of these addresses that can be used for hosts on this subnet. This is because the first and last values are reserved. The first is reserved as identifying the subnet number itself and the last is the broadcast address for that subnet. This is shown for our example IP address and subnet mask below:
IP address = 210.222.5.121 
Subnet Mask = 255.255.255.248 
Subnet Address = 201.222.5.120 
Usable Host Addresses on Subnet = 201.222.5.121 - 201.222.5.126 
Subnet Broadcast Address = 2 01.222.5.127
It is good to work through a few example to understand how it works. Try to work out the subnet address, usable host addresses and broadcast address for the following:

IP address = 164.2.34.35 
Subnet mask = 255.255.255.224
IP address = 101.2.3.18 
Subnet Mask = 255.255.0.0

(The answers are given at the end of this article.)

For subnetting the last octet (which is the most common task) the quicker way to work it out is as follows: subtract the value of the last octet of the subnet mask from 256, and that will tell you how many IP addresses there are in the subnet.

For example, with a subnet mask of 255.255.255.224, take 224 from 256 and you get 32. This tells you that for a subnet mask ending in 224, you are splitting the network number into subnets that have 30 usable IP addresses in them (remembering that the first and last IP address in a subnet is not useable for host addressing).

An alternate method that works for subnets that extend in to the third octet (such as 255.255.192.0) starts with writing down the subnet mask in binary.
Look at the decimal value of the rightmost 1 in the subnet mask.
This decimal value tells you what increment in the IP address puts you into a new subnet.
This is best explained by using an example. Let's say we have a subnet mask of 255.255.255.224; converting this to binary, we get:

11111111.11111111.11111111.11100000

We can see that the ones end in the spot that represents the number of 32's we have in the number. This means that with every increment of 32 in the IP address, we go in to a new subnet. We can illustrate this by applying this subnet mask to the following IP address:
150.2.3.56
With the 255.255.255.224 subnet mask we get a new subnet every 32 addresses, so the subnets will start at:
150.2.3.0 
150.2.3.32 
150.2.3.64 
150.2.3.96 
150.2.3.128 
150.2.3.160 
150.2.3.192 
150.2.3.224
So, for the address 150.2.3.56, with a subnet mask of 255.255.255.24, the subnet address is 150.2.3.32.
The following tables show how many hosts per subnet, and total subnets result when a range of subnet masks are applied to both class B and C networks.

Class B Subnetting

#Subnet Bits   Subnet Mask      #Subnets   #Hosts 
2              255.255.192.0    4          16382
3              255.255.224.0    8           8190
4              255.255.240.0    16          4094
5              255.255.248.0    32          2046
6              255.255.252.0    64          1022
7              255.255.254.0    128          510
8              255.255.255.0    256          254
9              255.255.255.128  512          126
10             255.255.255.192  1024          62
11             255.255.255.224  2048          30
12             255.255.255.240  4096          14
13             255.255.255.248  8192           6
14             255.255.255.252  16384          2

Class C Subnetting

#Subnet Bits   Subnet Mask      #Subnets   #Hosts 
2              255.255.255.192  4              62
3              255.255.255.224  8              30
4              255.255.255.240  16             14
5              255.255.255.248  32              6
6              255.255.255.252  64              2

RFCs 760, 791 and 1812 caution against the use of the first and last subnet, and in some installations, either the last subnet, or the first and last subnet are unavailable. Whether these subnets are usable depends on the routing protocols in use on the network and the IP implementation on the routing devices on the network.

In practice an RFC is a guideline--not an officially sanctioned standard--and vendors are free to implement workarounds to problems highlighted in RFCs. If your network uses UNIX hosts and RIP version 1 as its routing protocol, you cannot use the first and last subnet. (In this instance, the number of subnets listed in the tables needs to be reduced by two in each case.) If your network consists of Cisco routers using OSPF or EIGRP, you can use the f irst and last subnet. If you are using Cisco routers and IGRP, you can always use the first subnet, but not always the last. Of course, there are other combinations that will or will not work--either refer to the documentation of your specific devices, or refer to the manufacturer to see if the first and last subnet can be used.

If you are at all unclear on whether your combination will work with the first and last subnet, avoid their use. However, if you are short on available IP addresses and your configuration supports it, there is no reason not to use them.

What defines whether a routing protocol will support use of the first and last subnet correctly is whether the routing protocol in use sends subnet mask information in route updates. RIP and other distance vector protocols do not, link state and hybrid protocols (such as EIGRP and OSPF) do.

The reason this is so, is best illustrated with an example. Suppose you have a Class C network of 200.200.200.0, using a subnet mask of 255.255.255.192 and allocate an interface on a router with an IP address of 200.200.200.195. This is in the last subnet in the network which starts at 200.200.200.192. The broadcast address for this subnet is 200.200.200.255, which also happens to be the broadcast address for the whole class C network. If the value of the subnet mask is not sent in routing updates, a remote router that has the 200.200.200.192 subnet listed in its routing table may not know if a packet addressed to 200.200.200.255 is meant for just that subnet or the whole class C.

As if all this was not enough, there are other issues that need to be considered, that make the definition of hard and fast rules complex.

Routing Protocols 
As the routing table is the center of what goes on for a routed network, there are routing protocols implemented to keep it updated automatically. A routing protocol runs on each router in the network and has the goal of notifying all other routers regarding the networks it knows about and any changes to the network that occur (for example, as the result of a link failure making a remote network reachable via a different route.
Unfortunately, the behavior of these routing protocols is different enough that you need to be aware of what they will do to the routing table under various conditions.
Distance vector routing protocols, like RIP and IGRP, send updates on a regular basis (defaults are 30 seconds for RIP, 90 seconds for IGRP, although this is configurable) that include information on all the routes know about in the routing table. For large routing tables, these updates can consume signficant bandwidth (for example, a couple of thousand entries in a routing table will consume a 128k line every time an update is sent out). These updates are only sent to neighboring routers.
Link state protocols use a different mechanism. These protocols send out small hello packets every 30 seconds to all routers in the network as keep-alive messages. Route information is only sent out whenever something changes, and them, only to the routers that need to know. Link state protocols may be a bit better on bandwidth consumption, but require more processing and memory within the router to operate well.

If a router learns of two ways to get to a remote subnet via RIP, the route with the lowest metric will be selected and placed in the routing table. If the metrics are equal, how the router behaves varies from vendor to vendor. The router may place either of the routes in the routing table, however, with RIP, you are sure that only one route will be used.

If a router learns of two ways to get to a remote subnet via IGRP, things are different. If the two routes have equal metric, they will both be put in the routing table and traffic split between them. If the metric for the two routes is within a pre-defined variance, traffic will be split between them in proportion to their metric values. If the difference between the metrics is greater than the pre-defined variance, the route with the lowest metric alone will be entered in to the routing table. For IGRP the default variance is 1.
Within a network, you can restrict the distribution and acceptance of route updates via passive interfaces and trusted routers. If a router interface is defined as passive, it will only listen for route updates and not send any out. If there are only certain routers that you want to receive route update information from, you can use the neighbor command (for Cisco routers). This identifies the list of router IP addresses you will accept updates from.
In multi-protocol networks, there may be more than one routing protocol in use. If a router learns of the same network number from two different routing protocols, how does it select which set of information to put in the routing table? In this case comparing metrics is useless as RIP uses a different metric calculation than IGRP, which is different again from OSPF. The way this problem is handled in a Cisco environment is to assign an administrative distance to each protocol, and prefer the information from the protocol with the lowest administrative distance. RIP has an administrative distance of 120, OSPF of 110, IGRP of 100, EIGRP of 90. Static roues have an administrative distance of 1 and directly connected networks of 0.

The next issues to consider are Autonomous Systems and OSPF areas. In the thinking presented so far, the network number is the highest level in the IP address hierarchy, which may or may not have subnets allocated underneath it. With RIP version 1 as a routing protocol, this remains true. With more modern protocols, the concept of an Autonomous System (AS) comes in to play. An AS is a collection of network numbers under a common administration. By default, routers will process route updates that originate from the same AS and will disregard updates from other ASes. The AS that a particular router is configured for is set when the routing process is enabled.

So, with an IGRP router, the IP address hierarchy starts with Autonomous Syst em number, then network number, then subnet number.

With an OSPF system, another level of hierarchy is introduced, which is the Routing Area. Each OSPF system has to have at least one Area configured. As link state routing protocols maintain a topological database of all network numbers, which is used to calculate entries to the routing table, there needs to be some way to reduce the size of the topological database to make it manageable for a large network. This is achieved by splitting an OSPF system into multiple areas, each of which are inter-connected via Area 0, the backbone area.

So, with an OSPF system, the hierarchy is Autonomous System, OSPF Area, network number, subnet number.

With link state and hybrid routing protocols, there is the option to use Variable Length Subnet Masks (VLSM). With a distance vector protocol such as RIP or IGRP, only one subnet mask value can be used on a network, as subnet mask values are not sent in routing updates. In this situation, the routing protocol looks to see the mask used on the interface it received the routing update on and assumes that mask value is in use throughout the network.

In link state and hybrid protocols, subnet mask information is sent in routing updates, which allows a different subnet mask value to be used in different parts of the network. This adds a measure of flexibility in assigning subnet masks, but does add complexity.

Next, an issue that continually causes confusion, and that is route summarization for distance vector protocols (link state protocols can be configured to enable or disable route summarization). What route summarization means is that when a router connects two different network numbers together, subnet information is not passed between the two networks. This is best illustrated with an example.

An incorrectly configured network for use with distance vector protocols subject to route summarization
In this figure, the 180.5.0.0 network has a sub net mask of 255.255.255.0 in use. Because of route summarization, router 2 and router 3 will both advertise 180.5.0.0 without subnet information to router 1. Router 1 will therefore have two equal cost routes to the 180.5.0.0 network. Any packets that router 1 needs to send to the 180.5.1.0 subnet will be split between router 2 and router 3, as all router 1 knows about is the 180.5.0.0 network. Potentially, this could cause only half the packets to be delivered to a host on the 180.5.1.0 subnet.

The routing protocols discussed so far have been interior gateway routing protocols. Exterior protocols also exist. These protocols are designed to regulate what traffic can travel between different Autonomous Systems (AS) and protect each from any bugs in another AS. The mechanisms we will examine here are static routing, the Exterior Gateway Protocol and the Border Gateway Protocol. An AS is a collection of network numbers and equipment that is under a common administration. Routing processes like IGRP and OSPF are initiated with as AS number in the router configuration and only accept updates from other routers within the same AS. Different AS numbers are used on the Internet

0 comments:

Copyright © 2013 Link4Networking.