Skip to main content

Subnetting

More
17 years 11 months ago #19184 by jtartist
Subnetting was created by jtartist
I have a few subnetting questions. They may have already been asked; if they have I apologize for the duplicate post.

I wanted to know if, when it comes to borrowing host bits when subnetting, if you always had to borrow at least 2 host bits. Also, lets say if I was using a class B address, and if I wanted to subnet that address, is it possible to borrow 7 bits from the 3rd octect? Using a Class C adress, is it possible to to borrow more than 6 host bits?

I hope this makes sense.

Thank You,

Carlos
More
17 years 11 months ago #19189 by Smurf
Replied by Smurf on topic Re: Subnetting
Hi there,

When subnetting you have to use the hosts in increments of each bit in the subnet mask.

For example,

255.255.255.0 - Gives you (256 - 2) hosts using the last octect.

255.255.255.254 - Doesn't work as it only gives you 2 hosts but these are the networkid and broadcast addresses (although it will work within other octects)

255.255.255.252 - Gives you (64 - 2) network segments with (4 - 2) Hosts within each segment

255.255.255.248 - Gives you (32 - 2) network segments with (8 - 2) Hosts within each segment

etc...

If you notice this is terms of bits you get

11111111.11111111.11111111.00000000 - Full Class C giving 256 - 2 hosts

11111111.11111111.11111111.11111110 - (255.255.255.254) this doesn't work as you only get the 1 bit at the end which gives 2 hosts which are not valid.

11111111.11111111.11111111.11111100 - (255.255.255.252) this leaves the 2 bits at the end which gives us 2^2 = 4 but you cannot use the first and last as these are the networkID and broadcast addresses, so its gives us (2^2-2)=2 addressible hosts. Also you get 2^6 network segments but you cannot have the first and last again (although some TCP/IP implementations do allow this but for compatability its best not to), so you get (2^6-2)=62.

11111111.11111111.11111111.11111000 - (255.255.255.248) this leaves the 3 bits at the end which gives us 2^3-2 = 6 hosts and 2^5-2 = 30 segments.

etc... (decreasing the bit each time).

You can see that you have to keep all 1's at the left and all 0's at the right to identify the networkID and Host sections of the subnet. You cannot have something like 11101000 as a subnet.

This is because the way the routing will determain if its on the same segment or not is to us a logical AND using the subnet and then compair if the destination NetworkID is the same to the local machines NetworkID, if not it needs to route the traffic elsewhere.

Hope that makes sense

Wayne

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 11 months ago #19194 by jtartist
Replied by jtartist on topic Subnetting Questions
Wayne,

Thank you very much for the informative reply.

I just wanted to clarify one more thing. If i'm using a Class B address, and I end up subnetting that address using a subnet of 255.255.254.0. Is that possible?

If I do that, I notice that I get (128-2) networks, and (512-2) hosts. That means for the 3rd octect I only get IP's in increments of 2 but one has to be the network ID and the other has to be the broadcast ID right? Leaving me no useable host ID's. So unless I'm doing this wrong, it seems like using a .254 mask when subdoesn't work?



>255.255.255.254 - Doesn't work as it only gives you 2 hosts but these are the networkid and broadcast addresses (although it will work within other octects)
More
17 years 11 months ago #19196 by Starfire
Replied by Starfire on topic Re: Subnetting
Your nearly there in your understanding JT.

* It is important to do this in binary when you are learning *

255.255.254.0 = 7 bits for subnet and 9 bits for hosts.

1111 1111 . 1111 1111 . nnnn nnn|h . hhhh hhhh

So this will actually give you:

128 subnets each of 512 addresses of which 510 of these addresses can be hosts because of subnet and broadcast.

ie 150.0.0.0 with sn of 255.255.254.0 (or /23)

gives

[ subnets ] [ host ranges ] [ broadcast ]
[ 150.0.0.0 ] [ 150.0.0.1 - 150.0.1.254 ] [ 150.0.1.255 ] ... Yes.. 150.0.0.255 is a valid host address.
[ 150.0.2.0 ] [ 150.0.2.1 - 150.0.3.254 ] [ 150.0.3.255 ] ... Yes.. 150.0.2.255 is a valid host address.
[ 150.0.4.0 ] [ 150.0.4.1 - 150.0.5.254 ] [ 150.0.5.255 ] ... Yes.. 150.0.4.255 is a valid host address.
etc

If you use the 256-subnet rule (256-"254.0" = "2.0") as the subnet increments as can be seen above.

I only recently got an understanding of this after a lot of time bashing my head against the wall so if my maths are wrong I would be glad if someone could point it out.

As someone who has only recently got this down, I highly recomend working in binary whilst you learn it.

Once you think your getting it, spend a lot of time here to fully work it in.
www.subnettingquestions.com/default_uk.asp
More
17 years 11 months ago #19202 by jtartist
Replied by jtartist on topic Subnetting Questions
So from what I understand, in this case you can use the subnet ID and broadcast address as valid addresses?


[ subnets ] [ host ranges ] [ broadcast ]
[ 150.0.0.0 ] [ 150.0.0.1 - 150.0.1.254 ] [ 150.0.1.255 ] ... Yes.. 150.0.0.255 is a valid host address.
[ 150.0.2.0 ] [ 150.0.2.1 - 150.0.3.254 ] [ 150.0.3.255 ] ... Yes.. 150.0.2.255 is a valid host address.
[ 150.0.4.0 ] [ 150.0.4.1 - 150.0.5.254 ] [ 150.0.5.255 ] ... Yes.. 150.0.4.255 is a valid host address.
etc

Thanks,

JTartist
More
17 years 11 months ago #19205 by Smurf
Replied by Smurf on topic Re: Subnetting
Yes thats bob on.

Some really old tcp/ip implementation may still go for the NetworkIDs = (2^x - 2) so in this case its 2^7-2 = 128 - 2 rule.

I am seeing more of a shift away from this now though and people are starting to use the all 0's and all 1's for the NetworkID portion of the subnet as valid NETWORKID's. Most TCP/IP implementation will now allow for this.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.139 seconds