Professional Documents
Culture Documents
Calculating Subnet Masks
Calculating Subnet Masks
Calculating Subnet Masks
By Joshua Erdman
Digital Foundation, inc.
Not to mention you should already be familiar with the IP address. This article explains the basic
use of an IP address and why we need a subnet mask.
A regular IP address when converted to binary is 32 bits in length, each segment being 8 bits
long. Refer to our first address example of 63.26.15.5 with a subnet mask of 255.255.255.0 in
binary.
With that said, to go into any deeper detail we must look at the addressing in binary. Since we
are just dealing with 32 binary bits we can stop grouping them in sets of 8 bits per segment and
deal with them as a 32 bit string. Now when you create a mask, it does not have to be limited to
groups of 8 bits (and it can have man more values than 255 or 0). These are called Variable
Length Subnet Masks (VLSMs). By calculating out your VLSM you can create any block of IP
addresses in sizes of powers of 2 minus 2.
For example, We can create a mask that only allows for 14 hosts (remember 14 hosts is 2 to the
power of 4 then we subtract 2). Knowing that it is 2 to the power of 4, we know that we have an
address block (subnet) with 4 bits for the hosts. That leaves a remaining 28 bits for the network
address, also known as a /28. Now that we know the size of the network block we want (14
hosts) let's calculate the subnet mask that we would use for a /28 network.
CLUE: A block of IP addresses is referred to as a subnet. Because of this that is how subnet
masks got their name, they are key into declaring how large a subnet actually is.
First map out your binary numbers again and keep them in groups of 8 bits each. That makes it
easy to get the decimal number for each segment. Since our network size is 28 bits long we
represent that with a string of 28 1s and the remainings 4 bits as 0s. So the first 3 segments (of 8
bits each) are all 1s. The decimal equivalent of an 8 bit segment of all 1s is 255. So the first 3
segments are 255. That leaves us with 4 bits left in the mask for the last segment. It will look
something like this:
128 64 32 16 8 4 2 1
1 1 1 1 0 0 0 0
To make it easy, we have included a subnet mask calculator. This calculator converts decimal IP
addresses and Subnet Masks. You can also optionally enter a destination IP address to see the
results.
Add up the bits that are flagged with a one and we see that the last segment of the subnet mask
with 14 hosts ( 16 - 2 ) is 240. For a subnet mask of 255.255.255.240; That is pretty much it with
creating subnet masks, but now you need to learn a new rule about addressing.
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
First lets say we have a network subnet of 10.10.10.X and we are using the same subnet mask
255.255.255.192 Our network host (HOST1) is currently using the address 10.10.10.75 Now
lets display the binary of the last segment for both the subnet mask and the address of our host.
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0
HOST1 0 1| 0 0 1 0 1 1
|
Network Host
Notice the bar I drew in that divides the bits of the last segment. The last 6 bits on right are the
host bits, we know this because it matches up with all the 0s in the subnet masks. From the same
logic we know about all the bits for the network masks because of the same reason, the network
address matches up with all the 1s in the subnet mask.
So let's calculate the first and last addresses that can exist on the subnet of HOST1. To do this,
that the ful address of the host and make the host side all 0s and do it again with all 1s. Look at
the example:
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0=192
HOST1 0 1| 0 0 1 0 1 1=75
0s 0 1| 0 0 0 0 0 0=64
1s 0 1| 1 1 1 1 1 1=127
|
Network Host
The valid host addresses in the same subnet as our sample host are in the range of 10.10.10.64 -
10.10.10.127
Notice how there is specific requirements of the available addresses in the subnet.
So why doesn't a host with the IP address of 10.10.10.33 and SM 255.255.255.192 (HOST2) see
HOST1 as a local computer?
Let's display all the data in binary:
|
128 64|32 16 8 4 2 1
SM 1 1| 0 0 0 0 0 0=192
HOST1 0 1| 0 0 1 0 1 1=75
HOST2 0 0| 1 0 0 0 0 1=33
|
Network Host
Look at the first 2 bits in the network section of the each host. HOST1 and HOST2 have
DIFFERENT network addresses! So a subnet mask plays a much more complicated role than just
declaring the size of a subnet. It also limits that addresses you can use in a subnet. In our last
example we noticed that a subnet mask of 255.255.255.192 will create a subnet of 64 addresses
(for 62 hosts). But if you tried to start the addressing at 10.10.10.32 - 10.10.10.95 what actually
happens is that your subnet overlaps into two separate subnets. Just do the calculations and you
will see (just as I displayed above) that the network addresses of the first 32 hosts in the invalid
subnet will have a different network address than the last 32 hosts in the invalid subnet.
Application
Learning how to create and declare subnet masks is not only useful for the technicians of ISPs
who are assigning subnets to their customers. Using subnet masks is also key for firewalls and
access lists. If you group IP addresses together based on host type (such as assigning all the
workstations the addresses 10.10.10.128 - 10.10.10.254 and the servers the addresses 10.10.10.1
- 10.10.10.127) but use the subnet mask 255.255.255.0 (so that the hosts will communicate
directly) you can then use masking as a way to apply different access rules with your firewall
without having to specify each IP address individually.