:: TCP/IP Subnetting ::
IP Tutorial: Subnetting
Subnets allow network traffic between hosts to be segregated
based on the network's configuration. In IP networking, traffic
takes the form of packets. IP subnets improve network security
and performance to some degree by organizing hosts into logical
groups.
Subnet Masks
Probably the most easily recognizable aspect of subnetting
is the "mask." Just like IP addresses, subnet masks
contain four bytes (32 bits) and usually appear in the same
"dotted decimal" notation. For example, a very common
subnet mask in its binary representation
11111111 11111111 11111111 00000000
will usually be shown in the equivalent, more human-readable
form
255.255.255.0
Masking Rules
A subnet mask neither serves as an IP address nor does it
exist independently from them. Instead, subnet masks must
be applied to IP addresses. Masking a full IP address has
the effect of splitting it into two parts -- an "extended
network address" and a host address.
For a subnet mask to be valid, its leftmost bits must be
set to one; a mask of all zeros
00000000 00000000 00000000 00000000
is invalid. In addition, its rightmost bits must be set to
zero; the mask of all ones
11111111 11111111 11111111 11111111
is likewise invalid. In other words, all valid subnet masks
contain two parts: the all-ones left side (the extended network
portion) and the all-zeros right side (the host portion).
Subnetting in Practice
An extended network address includes the basic network address
as well as additional bits that represent the "subnet
number." Used in conjuction with a network address, a
subnet number supports a two-level, "extended" addressing
scheme recognized in a standard way by implementations of
IP. Taken together, the extended network address with the
host address actually produce a three-level scheme.
Consider the following real-world example. A small business
plans to use the "192.168.1.0" network for its internal
(intranet) hosts. The human resources department wants their
computers to be on a controlled part of this network because
they store payroll information and other sensitive employee
data. But because this is a Class C network, its default subnet
mask of "255.255.255.0" will allow all computers
to be peers on the network by default.
The first four bits of 192.168.1.0 -- 1100 -- place this
network in the Class C range and also fix the length of the
network address at 24 bits. To subnet this network, more than
24 bits must be set to one on the left side of the subnet
mask. For instance, the 25-bit mask "255.255.255.128"
creates a two-subnet network as follows.
Network address (24 bits) Subnet number (1 bit) Extended
network Host address range
11000000 10101000 00000001 0 192.168.1.0 192.168.1.1 - 192.168.1.127
11000000 10101000 00000001 1 192.168.1.128 192.168.1.129 -
192.168.1.255
For every additional bit set to one in the mask, another bit
becomes available in the subnet number to index additional
subnets. A two-bit subnet number can support up to four subnets,
a three-bit number supports up to eight, and so on.
Private Networks
The governing bodies that administer the Internet Protocol
have identified certain networks as reserved for internal
use. In general, intranets that use these networks can reduce
the difficulty in administering their IP configuration and
Internet access. These three networks, along with their default
masks, are listed below.
Network address Default mask
10.0.0.0 255.0.0.0
172.16.0.0 255.240.0.0
192.168.0.0 255.255.0.0
Consult RFC 1918 for more details about these special networks.
Conclusion
Subnetting allows network administrators some flexibility
in defining relationships among network hosts. Hosts on different
subnets can only "talk" to each other through specialized
network gateway devices like routers. The ability to filter
traffic between subnets can make more bandwidth available
to applications and can limit access in desirable ways.
|
