IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
- IPv4 Addressing and Subnetting -
Hardware Addressing
The hardware address is used by devices to communicate on the local
network. Hardware addressing is a function of the data-link layer of the OSI
model (Layer-2).
The hardware address for Ethernet networks is the MAC address, a 48-bit
hexadecimal address that is usually hard-coded on the network card. In
theory, this means the MAC address cannot be altered; however, the MAC
address is often stored in flash on the NIC, and thus can be changed with
special utilities.
MAC addresses can be represented in two formats (either notation is
acceptable):
00:43:AB:F2:32:13
0043.ABF2.3213
The MAC address has one shortcoming – it contains no hierarchy. There is
no mechanism to create boundaries between networks.
Instead, the first six hexadecimal digits of a MAC identify the manufacturer
of the network card (referred to as the OUI (Organizational Unique
Identifier)), and the last 6 digits identify the host device (referred to as the
host ID). Still, there is no way to distinguish one network from another.
Imagine the difficulties this poses. If only hardware addressing existed, all
devices would technically be on the same network. Modern internetwork
systems like the Internet could not exist, as there would be no way to
separate my network from your network.
Furthermore, imagine if the entire Internet was a purely switched, data-link
layer environment. Switches, as a rule, forward broadcasts out all ports.
Guesstimating that there are billions devices on the Internet, with each
device sending out a broadcast on average every few seconds, the resulting
broadcast storms would be devastating. The Internet would simply collapse.
The need for logical addressing, and routers, became apparent.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Logical Addressing
Logical addressing is a function of the network layer of the OSI Model
(Layer-3).
Logical addresses, unlike hardware addresses, provide a hierarchical
structure to separate networks. A logical address identifies not only a unique
Host ID, but also the network that host belongs to. Additionally, logical
addresses are rarely hard-coded onto hosts, and can be changed freely.
Two common logical addressing protocols are IPX (Internetwork Packet
Exchange) and IP (Internet Protocol). IPX was predominantly used on
Novell networks, but is mostly deprecated. IP is the most widely-used
logical address today.
Internet Protocol (IP)
IP was developed by the Department of Defense (DoD) during the late
1970’s. It was included in a group of protocols that became known as the
TCP/IP protocol suite.
The DoD developed their own networking model to organize and define the
TCP/IP protocol suite. This became known as the DoD Model, and consists
of four layers:
OSI Model DoD Model Example Protocols
7 Application
6 Presentation
5 Session
4 Application FTP, HTTP, SMTP
4 Transport 3 Host-to-Host TCP, UDP
3 Network 2 Internet IP
2 Data-link
1 Physical
1 Network Access Ethernet
IP provides two core functions:
• Logical addressing of hosts
• Routing of packets between networks.
IP has undergone several revisions. IP Version 4 (IPv4) is currently in
widespread deployment, but will eventually be replaced with IP Version 6
(IPv6). This guide will concentrate on IPv4, and IPv6 will be covered
extensively in a separate guide.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
IPv4 Addressing
One of IP’s core functions is to provide logical addressing for hosts. An IP
address provides a hierarchical structure to separate networks. Consider the
following address as an example:
158.80.164.3
An IP address is separated into four octets:
First Octet
Second Octet Third Octet Fourth Octet
158 .80 .164 .3
Each octet is 8 bits long, resulting in a 32-bit IP address. A computer
understands an IP address in its binary form; the above address in binary
would look as follows:
First Octet
Second Octet Third Octet Fourth Octet
10011110 .01010000 .10100100 .00000011
Part of the above IP address identifies the network. The other part of the
address identifies the host. A subnet mask helps make this distinction.
Consider the following:
158.80.164.3 255.255.0.0
The above IP address has a subnet mask of 255.255.0.0. The subnet mask
follows two rules:
• If a binary bit is set to a 1 (or on) in a subnet mask, the corresponding
bit in the address identifies the network.
• If a binary bit is set to a 0 (or off) in a subnet mask, the corresponding
bit in the address identifies the host.
Looking at the above address and subnet mask in binary:
Address: 10011110.01010000.10100100.00000011
Subnet Mask: 11111111.11111111.00000000.00000000
The first 16 bits of the subnet mask are set to 1. Thus, the first 16 bits of the
address (158.80) identify the network. The last 16 bits of the subnet mask are
set to 0. Thus, the last 16 bits of the address (164.3) identify the unique host
on that network.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
IPv4 Addressing (continued)
Hosts on the same logical network will have identical network addresses,
and can communicate freely. For example, the following two hosts are on
the same network:
Host A: 158.80.164.100 255.255.0.0
Host B: 158.80.164.101 255.255.0.0
Both share the same network address (158.80), which is determined by the
255.255.0.0 subnet mask. Hosts that are on different networks cannot
communicate without an intermediating device. For example:
Host A: 158.80.164.100 255.255.0.0
Host B: 158.85.164.101 255.255.0.0
The subnet mask has remained the same, but the network addresses are now
different (158.80 and 158.85 respectively). Thus, the two hosts are not on
the same network, and cannot communicate without a router between them.
Routing is the process of sending packets from one network to another.
Consider the following, trickier example:
Host A: 158.80.1.1 255.248.0.0
Host B: 158.79.1.1 255.248.0.0
The specified subnet mask is now 255.248.0.0, which doesn’t fall cleanly on
an octet boundary. To determine if these hosts are on separate networks, first
convert everything to binary:
Host A Address: 10011110.01010000.00000001.00000001
Host B Address: 10011110.01001111.00000001.00000001
Subnet Mask: 11111111.11111000.00000000.00000000
Remember, the 1 (or on) bits in the subnet mask identify the network portion
of the address. In this example, the first 13 bits (the 8 bits of the first octet,
and the first 5 bits of the second octet) identify the network. Looking at only
the first 13 bits of each address:
Host A Address: 10011110.01010
Host B Address: 10011110.01001
Clearly, the network addresses are not identical. Thus, these two devices are
on separate networks, and require a router to communicate.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
IP Address Classes
The IPv4 address space has been structured into several classes. The value
of the first octet of an address determines the class of the network:
Class First Octet Range
Default Subnet Mask
Class A 1 - 127 255.0.0.0
Class B 128 - 191 255.255.0.0
Class C 192 - 223 255.255.255.0
Class A networks range from 1 to 127. The default subnet mask is
255.0.0.0; thus, by default, the first octet defines the network, and last three
octets define the host. This results in a maximum of 127 Class A networks,
with 16,777,214 hosts per network!
Example of a Class A address:
Address: 64.32.254.100
Subnet Mask: 255.0.0.0
Class B networks range from 128 to 191. The default subnet mask is
255.255.0.0; thus, by default, the first two octets define the network, and the
last two octets define the host. This results in a maximum of 16,384 Class B
networks, with 65,534 hosts per network.
Example of a Class B address:
Address: 152.4.12.195
Subnet Mask: 255.255.0.0
Class C networks range from 192 to 223. The default subnet mask is
255.255.255.0; thus, by default, the first three octets define the network, and
the last octet defines the host. This results in a maximum of 2,097,152 Class
C networks, with 254 hosts per network.
Example of a Class C address:
Address: 207.79.233.6
Subnet Mask: 255.255.255.0
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
CIDR (Classless Inter-Domain Routing)
Classless Inter-Domain Routing (CIDR) is simplified method of
representing a subnet mask. CIDR identifies the number of binary bits set to
a 1 (or on) in a subnet mask, preceded by a slash.
Consider the following subnet mask: 255.255.255.240
Looking at the above subnet mask in binary:
11111111.11111111.11111111.11110000
The first 28 bits of the above subnet mask are set to 1. To represent this in
CIDR notation: /28
Consider this next example:
192.168.1.1 255.255.255.0
The above address/subnet mask can be represented as follows using CIDR:
192.168.1.1 /24
Address “Classes” vs. Subnet Mask
Remember the following three rules:
• The first octet on an address dictates the class of that address.
• The subnet mask dictates what portion of an address identifies the
network, and what portion identifies the host.
• Each class has a default subnet mask.
Thus, the address 10.1.1.1 is a Class A address, and its default subnet mask
is 255.0.0.0 (or in CIDR, /8). However, it is possible to use subnet masks
other than the default, such as applying a Class B mask to a Class A address:
10.1.1.1 /16
However, this does not change the class of the above address. It remains a
Class A address, which has been subnetted using a Class B mask.
Remember, the only thing that determines the class of an IP address is the
first octet of that address. Likewise, the subnet mask is the only thing that
determines what portion of an address is the network, and which portion is
the host.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Subnet and Broadcast Addresses
Two addresses have been reserved on each network for special use. Each
network must have a subnet (or network) address, and a broadcast address.
Neither of these addresses can be assigned to a host device.
The subnet address is used to identify the network itself. Routing tables
contain lists of networks, and each network is identified by its subnet
address. Subnet addresses contain all 0 bits in the host portion of the
address.
For example, the following is a subnet address: 192.168.1.0/24
The broadcast address identifies all hosts on a particular network. A packet
sent to the broadcast address will be received and processed by every device
on that network. Broadcast addresses contain all 1 bits in the host portion
of the address.
For example, the following is a broadcast address: 192.168.1.255/24
Broadcasts are one of three types of IP packets:
• Unicasts are packets sent from one host to another host
• Multicasts are packets sent from one host to a group of hosts
• Broadcasts, as stated earlier, are packets sent from one host to all
other hosts on the local network
A router, by default, will never forward a multicast or broadcast packet
from one interface to another.
A switch, be default, will forward a multicast or broadcast out every port,
except for the port that sent the multicast/broadcast.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Subnetting
Subnetting is the process of creating new networks (or subnets) by stealing
bits from the host portion of a subnet mask. There is one caveat: stealing bits
from hosts creates more networks but fewer hosts per network. Thus, every
time a network is subnetted, addresses are lost.
Consider the following Class C network:
192.168.254.0
The default subnet mask for this network is 255.255.255.0. This single
network can be segmented, or subnetted, into multiple networks. For
example, assume a minimum of 10 new networks are required. Resolving
this is possible using the following magical formula:
2n – 2
The exponent ‘n’ identifies the number of bits to steal from the host portion
of the subnet mask. The default Class C mask (255.255.255.0) looks as
follows in binary:
11111111.1111111.1111111.00000000
There are a total of 24 bits set to 1, which are used to identify the network.
There are a total of 8 bits set to 0, which are used to identify the host, and
these host bits can be ‘stolen.’
Stealing bits essentially involves changing host bits (set to 0 or off) in the
subnet mask to network bits (set to 1 or on). Network bits in a subnet mask
must always be sequential, skipping bits is not allowed.
Consider the result if three bits are stolen. Using the above formula:
2n – 2 = 23 – 2 = 8 – 2 = 6 new networks created
However, a total of six new networks does not meet the original requirement
of at least 10 networks. Consider the result if four bits are stolen:
2n – 2 = 24 – 2 = 16 – 2 = 14 new networks created
A total of fourteen new networks does meet the original requirement.
Stealing four host bits results in the following new subnet mask:
11111111.11111111.11111111.11110000 = 255.255.255.240
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Subnetting (continued)
In the previous example, a Class C network was subnetted to create 14 new
networks, using a subnet mask of 255.255.255.240 (or /28 in CIDR). Four
bits were stolen in the subnet mask, leaving only four bits for hosts.
To determine the number of hosts this results in, for each of the new 14
networks, the same formula can be used: 2n – 2
Consider the result if four bits are available for hosts:
2n – 2 = 24 – 2 = 16 – 2 = 14 usable hosts per network
Thus, subnetting a Class C network with a /28 mask creates fourteen new
networks, with fourteen usable hosts per network.
The “-2” Rule of Subnetting
There is a specific purpose for the ‘– 2’ portion of the 2n – 2 formula.
Previously, it was unacceptable to use an address that contained all ‘0’ or all
‘1’ bits in the network portion of the address.
However, this is no longer true on modern systems. Specifically, on Cisco
IOS devices, the following command is now enabled by default:
Router(config)# ip subnet-zero
The ip subnet-zero commands allows for the use of networks with all ‘0’ or
all ‘1’ bits in the network portion of the address. Thus, the formula for
calculating the number of new network is slightly altered, to simply 2n.
Consider if four bits are stolen for networks:
2n
= 24
= 16 new networks created
However, it is never possible to assign an address with all ‘0’ or all ‘1’
bits in the host portion of the address. These are reserved for the subnet
and broadcast addresses, respectively. Thus, the formula for calculating
usable hosts is always 2n – 2.
Some have questioned whether CCNA/CCNP simulations and questions
have ip subnet-zero enabled. It is generally accepted that having this enabled
is now default behavior, and test questions should be answered accordingly.
All future examples in this guide will assume the command is enabled.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Determining the ‘Range’ of Subnetted Networks
Determining the range of the newly created networks can be accomplished
using several methods. The ‘long’ method involves some binary magic.
Still looking at the example 192.168.254.0 network, which was subnetted
using a 255.255.255.240 mask:
192.168.254.0: 11000000.10101000.11111110.00000000
255.255.255.240: 11111111.11111111.11111111.11110000
Subnetting stole four bits in the fourth octet, creating a total of 16 new
networks (assuming ip subnet-zero is enabled). Looking at only the fourth
octet, the first newly created network is 0000. The second new network is
0001. Calculating all possible permutations of the four stolen bits:
Binary Decimal Binary Decimal Binary Decimal
.0000 xxxx .0 .0110 xxxx .96 .1100 xxxx .192
.0001 xxxx .16 .0111 xxxx .112 .1101 xxxx .208
.0010 xxxx .32 .1000 xxxx .128 .1110 xxxx .224
.0011 xxxx .48 .1001 xxxx .144 .1111 xxxx .240
.0100 xxxx .64 .1010 xxxx .160
.0101 xxxx .80 .1011 xxxx .176
Note that this equates to exactly 16 new networks. The decimal value
represents the first (or the subnet) address of each newly created network. To
determine the range for the hosts of the first new network:
Binary Decimal Binary Decimal Binary Decimal
.0000 0000 .0 .0000 0110 .6 .0000 1100 .12
.0000 0001 .1 .0000 0111 .7 .0000 1101 .13
.0000 0010 .2 .0000 1000 .8 .0000 1110 .14
.0000 0011 .3 .0000 1001 .9 .0000 1111 .15
.0000 0100 .4 .0000 1010 .10
.0000 0101 .5 .0000 1011 .11
The binary value has been ‘split’ to emphasize the separation of the network
bits from the host bits. The first address has all 0 bits in the host portion
(0000), and thus is the subnet address for this network. The last address has
all 1 bits in the host portion, and thus is the broadcast address for this
network. Note that there are exactly 14 usable addresses to assign to hosts.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Determining the ‘Range’ of Subnetted Networks (continued)
Calculating the ranges of subnetted networks can quickly become tedious
when using the ‘long’ binary method. The ‘shortcut’ method involves taking
the subnet mask (255.255.255.240 from the previous example), and
subtracting the subnetted octet (240) from 256.
256 – 240 = 16
Assuming ip subnet-zero is enabled, the first network will begin at 0. Then,
simply continue adding 16 to list the first address of each new network:
0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Knowing the first address of each new network makes it simple to determine
the last address of each network:
First address of network 0 16 32 48 64 80 96 112 128 144
Last address of network 15 31 47 63 79 95 111 127 143 159
Only the first 10 networks were calculated, for brevity. The first address of
each network becomes the subnet address for that network. The last address
of each network becomes the broadcast address for that network.
Once the first and last address of each network is known, determining the
usable range for hosts is straightforward:
Subnet address 0 16 32 48 64 80 96 112 128 144
Usable Range
1
14
17
30
33
46
49
62
65
78
81
94
97
110
113
126
129
142
145
158
Broadcast address 15 31 47 63 79 95 111 127 143 159
Hosts on the same network (such as 192.168.254.2 and 192.168.254.14) can
communicate freely.
Hosts on different networks (such as 192.168.254.61 and 192.168.254.66)
require a router to communicate.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Class A Subnetting Example
Consider the following subnetted Class A network: 10.0.0.0 255.255.248.0
Now consider the following questions:
• How many new networks were created?
• How many usable hosts are there per network?
• What is the full range of the first three networks?
By default, the 10.0.0.0 network has a subnet mask of 255.0.0.0. To
determine the number of bits stolen:
255.0.0.0: 11111111.00000000.00000000.00000000
255.255.248.0: 11111111.11111111.11111000.00000000
Clearly, 13 bits have been stolen to create the new subnet mask. To calculate
the total number of new networks:
2n
= 213
= 8192 new networks created
There are clearly 11 bits remaining in the host portion of the mask:
2n – 2 = 211 – 2 = 2048 – 2 = 2046 usable hosts per network
Calculating the ranges is a bit tricky. Using the ‘shortcut’ method, subtract
the third octet (248) of the subnet mask (255.255.248.0) from 256.
256 – 248 = 8
The first network will begin at 0, again. However, the ranges are spread
across multiple octets. The ranges of the first three networks look as follows:
Subnet address 10.0.0.0 10.0.8.0 10.0.16.0
Usable Range
10.0.0.1
10.0.7.254
10.0.8.1
10.0.15.254
10.0.16.1
10.0.23.254
Broadcast address 10.0.7.255 10.0.15.255 10.0.23.255
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Private vs Public Addresses
The rapid growth of the Internet resulted in a shortage of IPv4 addresses. In
response, the powers that be designated a specific subset of the IPv4 address
space to be private, to temporarily alleviate this problem.
A public address can be routed on the Internet. Thus, devices that should be
Internet accessible (such as web or email servers) must be configured with
public addresses.
A private address is only intended for use within an organization, and can
never be routed on the internet. Three private addressing ranges were
allocated, one for each IPv4 class:
• Class A - 10.x.x.x
• Class B - 172.16-31.x.x
• Class C - 192.168.x.x
NAT (Network Address Translation) is used to translate between private
addresses and public addresses. NAT allows devices configured with a
private address to be stamped with a public address, thus allowing those
devices to communicate across the Internet. NAT is covered in-depth in
another guide.
NAT is only a temporarily solution to the address shortage problem.
Eventually, IPv4 will be replaced with IPv6. This also is covered extensively
in another guide.
Two other ranges, while not considered “private,” have been reserved for
specific use:
• 127.x.x.x - reserved for diagnostic purposes. One such address
(127.0.0.1), identifies the local host, and is referred to as the loopback
or localhost address.
• 169.254.x.x - reserved for Automatic Private IP Addressing (APIPA).
A host assigns itself an APIPA address if a DHCP server is
unavailable to dynamically assign an address.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
The IPv4 Header
The IPv4 header has 12 required fields and 1 optional field¸ and is 160 bits
long.
Field Length Description
Version 4 bits Version of IP (in this case, IPv4)
Header Length 4 bits Specifies the length of the IP header (minimum 160 bits)
Type of Service 8 bits Classifies traffic for QoS
Total Length 16 bits Specifies the length of both the header and data payload
Identification 16 bits Uniquely identifies fragments of a packet
Flags 3 bits Flags for fragmentation
Fragment Offset 13 bits Identifies the location of a fragment in a packet
Time to Live 8 bits Decremented by each router traversed
Protocol 8 bits Specifies the next upper layer protocol
Header Checksum 16 bits Checksum for error checking
Source Address 32 bits Source IPv4 address
Destination Address 32 bits Destination IPv4 address
Options 32 bits Optional field for various parameters
The Identification, Flags, and Fragment Offset fields are used in
conjunction with each other. An IP packet larger than the MTU size of a link
must be fragmented. Each fragment of the packet is marked with the same
Identification number. The Fragment Offset allows the destination device to
reassemble the fragments in the proper order.
The Flags field can dictate two conditions:
• Don’t Fragment (DF) – indicates the packet cannot be fragmented. If
the packet reaches a link with a small MTU, the packet is then
dropped, and an ICMP error message is sent back to the source.
• More Fragments (MF) – all fragments have this bit set to one, except
for the last fragment, where the bit is set to zero. This allows the
destination device to know it has received all fragments.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
IPv4 Protocol Numbers
The Next Header field is of some importance. This field identifies the next
upper-layer header (for example, UDP, TCP or ICMP). These upper layer
protocols are identified using IP Protocol Numbers.
The following is a list of common IP Protocol Numbers:
Protocol
Number
Upper-Layer Protocol
1 ICMP
2 IGMP
6 TCP
9 IGRP
17 UDP
46 RSVP
47 GRE
50 IPSEC ESP
51 IPSEC AH
88 EIGRP
89 OSPF
(Reference: http://www.iana.org/assignments/protocol-numbers)
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Resolving Logical Addresses to Hardware Addresses
Hosts cannot directly send data to another device’s logical address. Network
communication occurs across the data-link layer, using hardware addresses.
A mechanism is required to map logical addresses to hardware addresses.
When using IP over an Ethernet network, the Address Resolution Protocol
(ARP) provides this function for us. ARP allows a host to determine the
MAC (hardware) address for a particular IP (logical) address.
Observe the above diagram. Following the step-by-step path a packet travels
from HostA to the 10.2.1.5 address (HostB):
• First, HostA determines if the 10.2.1.5 address is itself. If the address
is configured on a local interface, the packet never leaves HostA.
• Second, HostA determines if the 10.2.1.5 address is on the same
network (or subnet). If it is, HostA will broadcast an ARP request, and
wait for the appropriate host to reply with its MAC address.
• HostA determines that the 10.2.1.5 address is indeed on a separate
network. It now parses its local routing table for a route to this remote
network. Usually, hosts will be equipped with a default route (or,
default gateway), to reach all other networks.
• Host A determines that RouterA is its default gateway. The host
broadcasts an ARP request for RouterA’s MAC address, and then
forwards the packet to RouterA’s MAC (4444.5555.6666).
• RouterA receives the packet, and parses at its own routing table. It
determines that the 10.2.x.x network is directly attached off of its fa1
interface. The router then broadcasts an ARP request for the 10.2.1.5
address.
• HostB responds to the router’s ARP request with its MAC address
(AAAA.BBBB.CCCC). RouterA is then able to forward the packet to
HostB.
IPv4 Addressing and Subnetting v1.32 – Aaron Balchunas
* * *
Troubleshooting IP using ICMP
Internet Control Message Protocol (ICMP) is used for a multitude of
informational and error messaging purposes.
The following is a list of common ICMP types and codes:
Type Code Description
0 0 Echo Reply
- Destination Unreachable
0 Network Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed – Don’t Fragment Flag Set
6 Destination Network Unknown
7 Destination Host Unknown
9 Destination Network Administratively Prohibited
10 Destination Host Administratively Prohibited
3
5 Redirect
8 Echo
11 TTL Exceeded
Several IP troubleshooting tools utilize ICMP, including Packet Internet
Groper (ping) and traceroute.
Ping utilizes the Echo Request and Echo Reply ICMP messages to
determine if a host is responding on a particular address.
Traceroute determines the routing path a packet takes to reach its
destination.
IPv4 Addressing and Subnetting in cisco.
10:30 PM
Govil
