|
|
By Joshua Erdman Subnet Masks in BinaryThe easiest way to explain a subnet mask is by looking at the address and subnet mask in binary. A regular ip address when converted to binary is 32 bits in length, each segment being 8 bits long. Network and Host AddressesIn this example, it is only the last segment that changes from one host to another, this is the host address, it is the first 3 segments that make up the network address. And if we were to use an address with a subnet mask of 255.255.0.0 then the first 2 segments would make up the network address and the last two would be the host address. With that said, since we are just dealing with 32 binary bits we can stop grouping them in sets of 8 bits per segment and deal with them as a 32 bit string. Now when you create a mask, it does not have to be at every 8 bits. These are called Variable Length Subnet Masks (VLSMs). We can create a mask that only allows for 14 hosts (remember 14 hosts is 2 to the power of 4 then we subtract 2). So this is an address block (subnet) with 4 bits for the hosts and 28 bits for the network address, also known as a /28. Let's now calculate the subnet mask for a /28 network. CLUE: A block of IP addresses is referred to as a subnet. Because of this that is how subnet masks got their name, they are key into declaring how large a subnet actually is. First map out your binary numbers again and keep them in groups of 8 bits each. That makes it easy to get the decimal number for each segment. So the first segment is all 1s which is equivalent to 255, so the the second and third segments. That leaves us with 4 bits left in the mask for the last segment. It will look something like this: 128 64 32 16 8 4 2 1 1 1 1 1 0 0 0 0 Add up the bits that are flagged with a one and we see that the last segment of the subnet mask with 14 hosts ( 16 - 2 ) is 240. For a subnet mask of 255.255.255.240 That is pretty much it with creating subnet masks, but now you need to learn a new rule about addressing. IP Addresses with VLSMsWhen you use a subnet mask of 255.255.255.192 what you have essentially done is divided up your last segment into 4 blocks (subnets). Using the binary of the last segment we can see our subnet mask only uses the first 2 most significant bits. Recall that the network address is made up from all the bits that line up with the 1s in the subnet mask. So in this case the network address 'overflows' into the last segment because it has two bits available in the last segment. The host address has the last 6 bits in the last segment. Let's see what this subnet masks looks like: 128 64 32 16 8 4 2 1 1 1 0 0 0 0 0 0 First lets say we have a network subnet of 10.10.10.X and we are using the same subnet mask 255.255.255.192 Our network host (HOST1) is currently using the address 10.10.10.75 Now lets display the binary of the last segment for both the subnet mask and the address of our host. |
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0
HOST1 0 1| 0 0 1 0 1 1
|
Network Host
Notice the bar I drew in that divides the bits of the last segment. The last 6 bits on right are the host bits, we know this because it matches up with all the 0s in the subnet masks. Fromt he same logic we know about all the bits for the entwork masks because of the same reason, the network address matches up with all the 1s in the subnet mask. So let's calculate the first and last addresses that can exist on the subnet of HOST1. To do this, that the ful address of the host and make the host side all 0s and do it again with all 1s. Look at the example: |
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0 = 192
HOST1 0 1| 0 0 1 0 1 1 = 75
0s 0 1| 0 0 0 0 0 0 = 64
1s 0 1| 1 1 1 1 1 1 = 127
|
Network Host
The valid host addresses in the same subnet as our sample host are in the
range of 10.10.10.64 - 10.10.10.127 So why doesn't a host with the IP address of 10.10.10.33 and SM
255.255.255.192 (HOST2) see HOST1 as a local computer? |
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0 = 192
HOST1 0 1| 0 0 1 0 1 1 = 75
HOST2 0 0| 1 0 0 0 0 1 = 33
|
Network Host
Look at the first 2 bits in the network section of the each host. HOST1 and HOST2 have DIFFERENT network addresses! So a subnet mask plays a much more complicated role than just declaring the size of a subnet. It also limits that addresses you can use in a subnet. In our last example we noticed that a subnet mask of 255.255.255.192 will create a subnet of 64 addresses (for 62 hosts). But if you tried to start the addressing at 10.10.10.32 - 10.10.10.95 what actually happens is that your subnet overlapps into two separate subnets. Just do the calculations and you will see (just as I displayed above) that the network addresses of the first 32 hosts in the invalid subnet will have a different network address than the last 32 hosts in the invalid subnet. ApplicationLearing how to create and declare subnet masks is not only useful for the technicians of ISPs who are assigning subnets to their customers. Using subnet masks is also key for firewalls and access lists. If you group IP addresses together based on host type (such as assigning all the workstations the addresses 10.10.10.128 - 10.10.10.254 and the servers the addresses 10.10.10.1 - 10.10.10.127) but use the subnet mask 255.255.255.0 (so that the hosts will communicate directly) you can then use masking as a way to apply different access rules with your firewall without having to specify each IP address individually.
|