There are two tutorials on Subnet masking already and both were pretty good. So why have I decided to try adding another. Well for a couple of reasons: each person explains it in their own way and while to one person it is confusing to another it is enlightening, second there were some minor holes I wanted to see filled.

NETWORK MASK

Before working with a subnet mask you must first determine what the network mask is. The network mask is required by standard and cannot be modified. There are three common network types that are commonly dealt with and these are called Classes. So you have a Class A, Class B, and Class C network. There are also Class D and Class E but these are specially reservered addresses that most of us will never use.

To work with Masks we must work in binary or memorize things. If we look at a standard IP address written in decimal 192.168.4.67 we know that this points to a specific device. But, can we tell what class it is? If you have spent a lot of time with networking you probably can. But if we rewrite this in Binary form 11000000.10101000.00000100.01000011. Now while this is much harder to try to memorize it helps us to analyze the class. If you look at the far left Octet the first three binary positions tell you the class.

CLASS LEFT OCTET DESIGNATOR DECIMAL RANGE OF CLASS
CLASS A = 0 0 - 127
CLASS B = 10 128-191
CLASS C = 110 192-223

From this example we can see that our first octet starts off 110 so we have a Class C network. Each Class of network has it's own network mask.

CLASS NETWORK MASK NETWORK MASK BIT NOTATION
CLASS A 255.0.0.0 8
CLASS B 255.255.0.0 16
CLASS C 255.255.255.0 24

Remember the network mask is REQUIRED and connot be modified. All subnetting takes place in the "0" or masked portion of the Network Mask. This area is yours to play with. Let us use a Class B network for our Examples. With a Class B we will be given the first two octets and will control the last two octets. So we will choose a Class B, the first octet must be between 129 and 190 decimal. Our network will be 129.64.0.0.

BROADCAST AND MULTICAST

Two special addresses are reserved for broadcast messages and multicast messages. Broadcast = all zero's and multicast = all one's. So whenever we subnet we are going to lose a certain number of networks.

SUBNET MASK

The subnet mask is an addition to the network mask. The subnet mask can only be add by us to the portion of the network address we control. In this case, since we have a Class B network, we control the last two octets. We can mask these further to create a series of Subnets and Hosts. Why would we want to do this? Control and speed. A Class B network has 65534 possible addresses (minus the multicast and broadcast addresses). If you do not subnet them then the administrator of the system must keep track of the and the router being used will have a large lookup table which will slow operations down. So sub-netting helps us with management and speed on our network.

HOW DOES A NETWORK/SUBNET MASK WORK

Again we need to go to binary. A Mask operation is a bitwise AND of two binary numbers, the address and the mask. Lets take two addresses and see if they are on the same subnet or not. We have 129.64.32.2 and 129.64.32.129. Without any subnetting we will put these into binary:

Address 129.64.32.2 = 10000001.01000000.00100000.00000010
Network Mask 255.255.0.0 =11111111.11111111.00000000.00000000
Address AND Net Mask = 10000001.01000000.00000000.00000000

Address 129.65.32.129 = 10000001.01000000.00100000.10000001
Network Mask 255.255.0.0= 11111111.11111111.00000000.00000000
Address AND Net Mask = 10000001.01000000.00000000.00000000

As you can see whereever there is a 1 in the mask the network address just shows right through, but where there is a 0 it is hidden or masked. Now we can see that the two masked numbers are the same, therefore they are on the same network. It didn't matter that the third and fourth octets were different because they were masked. Only the first two were used to determine if they were on the same network. A subnet extends this mask to make subnets.

SUBNETS vs HOSTS

When you subnet you are going to split your address space up into Subnets and Hosts. Subnets are the area of the address that are allowed through, Hosts are the area of the address that are masked. When you subnet you are setting up a number of subnets and a number of hosts. To calculate how many of each you use the same formula with slightly different input. The formula is 2^n-2 where n is the number of 1's in the subnet mask for subnets and n is the number of 0's in a mask for hosts.

For example: Lets say we want to have no more than 128 hosts per subnet. Then we could determine the number of zeros by working backward. 128 <= 2^n-2. The closest we come is 7. 2^8-2 = 254, 2^7-2 = 126, and 2^6 -2 = 62. So we will use 7 zero's. Now the total length of the address that we can subnet is 16 therefore we must have 9 one's. So our Subnet Mask will be 11111111.10000000 or in decimal 255.128, the entire mask would be 255.255.255.128 or in bit notation 25 (the number of 1's in the mask).

Did we lose any addresses? You bet we did. Remember a Class B has 65534 addresses. Now we have 2^9-2 = 510 Subnets with 126 Hosts per subnet or 510*126 = 64260. We lost 1274 addresses due to our subnetting. But we gained a lot of control over our network and made the lookup tables on the routers very small indeed.

Let's see what has happened to our two addresses we used earlier


Address 129.64.32.2 = 10000001.01000000.00100000.00000010
Subnet Mask 255.255.0.0 = 11111111.11111111.11111111.10000000
Address AND Net Mask = 10000001.01000000.00100000.00000000

Address 129.65.32.129 = 10000001.01000000.00100000.10000001
Subnet Mask 255.255.0.0= 11111111.11111111.11111111.10000000
Address AND Net Mask = 10000001.01000000.00100000.10000000

If you look they are not on the same subnet anymore. The last Octet is different which means that the router will recognize that they are on different subnets and proceed to route them to the proper port or router to deliver their packets as swiftly and efficiently as possible.

We can also approach this same problem from a different viewpoint. Rather than selecting hosts lets determine a number of networks. I think I would rather administer 254 networks and see how many hosts that will give me per network. So using 2^n-2 and some trial and error 2^7-2 = 126, 2^8-2 =254, 2^9-2=510, I can see that 8 bits is dead on. Since I have a Class B with 16 bits and I am using 8 for the subnets that leaves me 8 for the hosts as well. Now I have 254 subnets with 254 Hosts per subnet. I am still losing 1018 addresses but so what, I have good control and my routers will not be overtaxed by bad addressing. So the subnet mask looks like 255.255.255.0. Hold on, that looks like a Class C network mask. Well it is, and this is very common. By subnetting our Class B to look like a Class C we, humans, can compare addresses and determine if they are on the same subnet easily. Now the third octet is the subnet determiner, if it is the same then the addresses are on the same subnet, if it is different then they are not.

129.64.32.2 and 129.64.32.4 are because the first three octets are the same
129.64.32.2 and 129.64.33.2 are not because the 3rd octet is different.

Summary:

Steps in Subnet Masking:

1. Determine the type of network you have (A, B, C)
2. Apply the correct network Mask. This cannot be changed.
3. Determine the number of octets you have to control (multiply by 8 to get bits)
4. Decide on the number of Hosts/subnet you want or the number of subnets you want.
5. Use the formula 2^n-2 to determine the number of bits required to achieve your goal (1's for subnets, 0's for hosts)
6. Subract that number from the number of bits you control to find the opposite number.
7. Write out the subnet mask in binary with all 1's to the left and all zero's to the right.
8. Convert to decimal, or count the 1's to get the bit notation
9. Gloat and dance like a madman because you're a real networker now