If you've connected a computer to the Internet, you've probably heard of an IP address. Most people, however, quickly gloss over IP's little brother, the often forgotten and sorely misunderstood, Subnet Mask. You've seen him, but probably never knew his name. He usually looks like this.
While this is the Subnet Mask you'll most often see, you may run into others that look very different. 255.255.255.255, 188.8.131.52, & 255.252.0.0, while less common, are all valid Subnet Masks. Now don't get all excited and start playing around with the Subnet Mask in your network settings. This could cause you to lose that precious Internet connection that has become more important than eating and sleeping. The Subnet Mask is actually a very significant number that tells your computer important information like how many IP's are in its subnet. A Subnet, is a group of networked computers and devices with a set number of IP addresses. It's literally short for Sub-Network so from now on when you see it, just replace it with the word Network. If you're a busy admin and want to skip the lesson and take the easy way out, I suggest you check out ipcalc from my last post.
What is the Subnet Mask hiding?
In actuality, the Subnet Mask isn't hiding anything. Its pretty transparent with its information. You just need to know how to read it. You can think of a Subnet Mask as a kind of Network Area Code except this area code tells you exactly how many people are in your Network Neighborhood...joke from the days of Windows 95. OMG, that was 21 years ago.
So how do we go about reading this number with its seemingly endless supply of 2's and 5's and 0's? The first thing you need to realize is that Subnet Masks are given in Base 256. That means that instead of the decimal system we're used to or even the binary world that is native to computers, Subnet Masks are counted from 0 to 255. Each Subnet Mask is broken up into 4 Octets separated by periods for "easier" reading. Each Octet is represented by a 3-digit number that is equivalent to 1 Byte of data. A Byte is equal to 8 bits which means it can store up to 256 unique numbers hence the use of Base 256. That means a Subnet Mask which is comprised of four 3-digit numbers between 0 and 255 represents 4 Bytes or 32-bits of data. If you need a primer/refresher on Bits & Bytes, you're in luck. I have a fun, yet comprehensive read entitled, What's a Bit?.
Since each Octet can store 256 unique numbers, that gives us 4,294,967,296 possible combinations. We come to that number by multiplying each Octet together or to put it plainly, 256 x 256 x 256 x 256 = 4,294,967,296. Every possible combination represents an IP address which means there are a total of 4,294,967,296 IP's in the world. What's even more mind blowing is that we're actually running out of IP addresses. Don't fret though, there are smart engineers that have a plan to solve this problem, but that's a topic for another time.
Computing the Subnet
Now that we've got a basic understanding of the Subnet Mask, this table presents every valid Subnet Mask in the known universe along with how many Total IP's are encompassed by each Subnet Mask. I'll talk about what the CIDR is a bit later.
|Subnet Mask||Total IP's||CIDR (Bit Mask)|
I was debating whether to include every Subnet Mask in this table as it was a pain to type and most likely a pain to read, but I felt it was important to list all of them so that you can start to see the patterns that will make understanding them a lot easier. As you work your way down the list, you'll notice every Subnet Mask repeats the same numbers as it counts down to 0.0.0.0. It kind of reminds me of the scene in Predator when he sets off his 80's digital watch bomb and you see the alien symbols repeat in each panel until it detonates. Who can forget seeing the Predator laugh as he attempts to blow Arnold up. Even hardcore aliens hunters need to have fun. Back to the lesson.
You may also have noticed that the total number of IP's continually double as the Subnet Masks get smaller. This is because the Subnet Mask represents the number of bits that are not available in the subnet. To computers, this makes complete and total sense. To us slow, inferior humans, we first need to calculate the inverse value of the Subnet Mask which tells us how many bits are available and in turn how many total IP's are included in our subnet. I know this seems daunting and a little more than confusing, but stick with me and I'll reward you with an easy to use formula to calculate the total IP's given any Subnet Mask.
Let's take the Subnet Mask 255.255.255.254 for example. To find the inverse value of this Subnet Mask, which is given in base 256, we subtract 254 from 256 and get the inverse value of 2. The inverse value tells us there is 1 Bit available in this subnet. We know this because a single bit gives us 2 possible values, which means we have 2 IP's in this subnet. We do the same calculation on 255.255.255.252 and find the inverse value is 4 which means there's 22 or 4 possible values. That gives us 2 bits, and therefore we have 4 IP's available. If we jump further down the table and look at 255.255.255.192, we find the inverse is 64, which gives us 26 or 64 possible values equivalent to 6 bits or 64 IP's. Hmmm, if you look carefully at the previous examples, the inverse value and the Total IP's always equal each other. Is this true for every Subnet Mask?
We Don't Need No Stinking Calculators!
To answer the question in the last section, you bet your butt it is. That makes calculating the IP's in our subnet a whole lot easier. Instead of doing 2 calculations, we just need to do one.
Here's the "reward" I promised you. To calculate the total IP's given any Subnet Mask, all you need to do is subtract each Octet from 256 and multiply the values together. Seem too easy? Let's try it out.
Subtract Each Octet from 256
Multiple the Totals
Subtract Each Octet from 256
Multiple the Totals
Subtract Each Octet from 256
Multiple the Totals
OK, looking at the last example, maybe I stretched the truth a tad bit about not needing a calculator, but you should be able to calculate most Subnets in your head or with a pen and paper.
Now that we've got a firm grasp on the Subnet Mask and learned the Magic Subnet Formula, I'll explain the CIDR or Bit Mask which is listed in the last column of our pretty pink Subnet Table. The CIDR is just another way of representing the value of a Subnet Mask. It's important to learn about it for the mere fact that at some point in your IT career, you're going to hear someone give a Subnet Mask as a /24 or "Slash 24". While at first you may think this person is just being pretentious, it's actually a lot easier to say or write /24 instead of 255.255.255.0. The number following the / is not arbitrary of course. As noted in the previous section, the Subnet Mask denotes the number of bits not available in the subnet. So the 24 in a /24 means there are 24 bits not in the subnet. Since we know that Subnet Masks are 32-bit numbers, we subtract 24 from 32 and get 8 bits. 8 bits gives us 256 unique values or 256 IP's which we now know equals the Subnet Mask, 255.255.255.0.
Most people only remember /8, /16 & /24 which are also known by the names Class A, Class B & Class C respectively. You'll be able to get by remembering that these CIDR's represent the Subnet Masks 255.0.0.0, 255.255.0.0 and 255.255.255.0, but if you're seeking true Jedi Master status, you'll want to learn the rest of the CIDR values as well. If you have a good understanding of the key points in this article, you should be able to at least calculate the subnet if someone comes at you with a /18. If you're in a rush or hate your brain, you can always turn to the IP Calculator to do the work for you.
The Finer Points
There's 3 points I'd like to clarify about Subnetting before we say goodbye. I want to make sure everyone walks away from this article a little smarter and avoid hate from more experienced techs.
Subnetting for Routing
There's 2 main uses for Subnetting. The most common is when an ISP issues a block of routable IP's to an individual or organization. The second is applying rules or ACL's (Access Control Lists) to a group of IP's. When Subnetting is used for the former, the first IP in a subnet is reserved for the Network Address and the last IP in a subnet is reserved for the Broadcast Address. Without going into too much detail, these IP's are considered unusable and cannot be assigned to a computer or network device. A 3rd IP called the Gateway or Default Route is usually assigned to the first usable IP after the Network Address. Contrary to popular belief, the Gateway address is not reserved and can potentially be assigned to any usable IP in your subnet.
This leads me to my first point which is there's a difference between Total IP's and Usable IP's in a subnet. If you receive a block of IP's from your ISP, you'll need to Subtract 3 from the Total IP's to calculate your Usable IP's. If you set up your own private routable network, you'll need to Subtract 2 from your Total IP's. You can then use one of the usable IP's and assign it to your Gateway. In any case, it's not difficult to calculate your usable IP's once your know your subnet's total IP's.
Subnetting for Grouping
When Subnetting for the purpose of grouping computers together for rules assignment or easier management, you don't really need to take into account the Network & Broadcast addresses because we aren't using our subnet to route traffic. The most common scenario is we have a Class C like 192.168.1.0/24 assigned to our company's network. We have an Accounting Server that only the users in the Accounting department should have access to. You could write an individual rule for every IP address in Accounting which would be a tedious pain or you could use Subnetting to make your life easier.
All you need to do is pick a smaller subnet within your company's subnet like 192.168.1.128/28 or 192.168.1.128 255.255.255.224, reserve these IP's for the Accounting department and apply the rule to that single subnet instead of individually to 32 IP's. Since we aren't using this subnet for routing, your rule will apply to all 32 IP's in the subnet. If you decide to use Subnetting in this manner, always make sure to account for growth. The worst thing you can do is have a department outgrow your assigned subnet and then be forced to assign random IP's. You may remember those extra IP's when applying rules, but your co-workers surely won't.
Where It Begins & Ends
You may have noticed in the last example that we picked a subnet in the middle of our company's Class C. Now you may be wondering if you can start your subnet at any address or if you need to do more math. Unfortunately, you need to do more math. When you select a subnet in the middle of a larger subnet, you always need to pretend as if the larger subnet is divided into equal parts.
Using the previous example, we start with a Class C that includes 256 IP's ranging from 192.168.1.0 to 192.168.1.255. We want to carve out a 32 IP block from our Class C. To do that we must divide our 256 IP Class C by 32 which gives us 8 equal blocks of 32 IP's.
192.168.1.0 to 192.168.1.255
(256 Total IP's)
Divide Parent Subnet by Desired Subnet
256 IP's ÷ 32 IP's = 8 Blocks
8 Blocks of 32 IP's
|Blocks||First IP||Last IP|
From the table we can see that every block begins with a multiple of 32 and ends with a number one less than the next multiple of 32. If we wanted to use a subnet of 16 IP's instead, all of our blocks would begin with multiples of 16 and end with a number one less than the next multiple of 16. This rule holds true for any subnet we choose. I guess it isn't so hard to calculate the IP's in our subnets after all...at least with smaller subnets.
While we can technically use any of the blocks in our table to apply our rules to, its best to avoid using the first and last blocks in our parent subnet. As mentioned in the previous section, if the first block is selected, our rules will apply to the unusable Network Address and most likely our Gateway. If the last block is used, the unusable Broadcast Address would be included as well.
This was another long post, but I hope you enjoyed the read. As usual, if you have any questions or see something I've overlooked, feel free to comment below.