This week, while going through A+ materials I learned quite a bit about TCP/IP and subnetting. I found subnetting particularly easy to understand because well, an IP of 192.168.3.2 must be in the same network with 192.168.3.66, right? After all the first 3 octets are the same! So subnet mask, I feel, is a bit redundant and simple to understand. The 255 octets will mark the network part of the IP, and the remain is the hosts, right?
That is until I came across an article from Windows document giving example of subnetting using /26 mask. First of all wth is /26 or /24 mask? Then I realised I didn’t understand anything (or at least not deep enough) about subnetting.
The way many online resources give example of subnet mask created false simplicity of the topic, and very few mentioned why we want to subnet. Only after going through several YouTube videos and articles and cheat sheets and asking why more, then I gradually had a firmer grasp of the topic.
Here are my notes, hopefully it’s useful to someone who’s confused or inquisitive as I was. Please feel free to correct me where I’m wrong.
What is subnet mask? #
I think in order to intuit subnet mask, one should start with a problem.
Problem: computer A with IP 192.168.3.2 wants to send and receive data to and from computer B with IP 192.168.3.66. To do that, computer A must determine the address of the network that computer B belong to. Is it the same or different from computer A network? One can simply say that “Hey, the first 3 octets 192.168.3 (making up 24 bits) look the same, so they must be in the same network.”
But since the computer can only read binary, not decimal, it sees:
Computer A IP binary form: 11000000 10101000 00000011 00000011
Computer B IP binary form: 11000000 10101000 00000011 01000010
When computer A compares the 2 IPs, it sees that any combination of the first 25 bits (not 24) are the same! So where does computer A know to draw the line to know which bit represents the network address of computer B?
Solution: Here, subnet mask 255.255.255.0 can step in as a ruler and guide computer A:
255 . 255 . 255 . 0 (decimal)
11111111 11111111 11111111 | 00000000 (binary)
11000000 10101000 00000011 | 00000011
11000000 10101000 00000011 | 01000010
As you can see, when lining up the subnet mask with the 2 IPs, computer A can see that “Ah, the first 24 bits of subnet mask tell me to compare the first 24 bits of our IPs only. That means the address of the network computer B belongs to is 11000000.10101000.00000011 (or 192.168.3), and computer B’s own address is 01000010 (or 66) in that network. We are in the same network!”
So by using subnet mask, you can tell computer A which “logic region” computer B belongs so they can establish connection. Without subnet mask, computer A can wander for a very long time, trying to establish connection with the wrong computer/host.
Using the same scenario above, if the subnet mask is instead changed to 255.255.255.192, then this is what it looks like in binary:
255 . 255 . 255 . 192 (decimal)
11111111 11111111 11111111 11 | 000000 (binary)
11000000 10101000 00000011 00 | 000011
11000000 10101000 00000011 01 | 000010
Now the subnet mask is no longer 24 bits, but 26 bits. So when computer A compares the first 26 bits representing network address, they are different! That means now computer A and computer B are not in the same network anymore.
Subnetting #
By altering the subnet mask’s bits, a person can logically divide a network into smaller subnets i.e. subnetting. You can read more here, scroll to subnetting part. Microsoft gave a pretty clear example when and how to do it with a network having a class-C IP.
On a larger scale, it can be said that the entire Internet based on IPv4 consists of multiple subnets, as showed in the table below, which is modified based on RFC 1878 subnet table
Based on the table, a network with a class-C IP address (e.g. 192.168.1.0) with the default subnet mask of 255.255.255.0 (or /24) can have maximum 254 hosts/devices/usable IP addresses in it.
Why 254 but not 256 addresses? Because each network need to reserve the first address (all 0 binary) and last address (all 1 binary) for network ID and broadcast respectively, therefore subtracting 2 IPs from the available pool. For example from the scenario above:
11000000 10101000 00000011 00000000 (192.168.3.0) - network ID address
11000000 10101000 00000011 11111111 (192.168.3.255) - broadcast address
So the available IP address ranges from 192.168.3.1 to 192.168.3.254.
The above network can also be divided into:
- /25 gives 2 subnets of 126 hosts [192.168.3.1 - 126] and [192.168.3.128 - 254]
- /26 gives 4 subnets of 62 hosts [192.168.3.1 - 62] [192.168.3.65 - 126]… [192.168.3.193 - 254]
- /27 gives 8 subnets of 30 hosts …
- /28 gives 16 subnets of 14 hosts …
- /29 gives 32 subnets of 6 hosts each …
- /30 gives 64 subnets of 2 hosts each [192.168.3.1 & 2] [192.168.3.5 & 6] … [192.168.3.253 & 254]
Purpose of subnetting #
Why would we want to subnet?
1. First is for improving traffic quality within the network
Problem: in the same setup above, whenever computer A wants to talk to computer B, it sends out (or rather, broadcasts) ARP packets to every computer within that network to see if it hears back from computer B.
That means if the network has 254 hosts, there will be 253 ARP packets sent out from merely one computer; and only 1 out of 253 hosts need to return the MAC address, while other 252 hosts stay irrelevant. So it can get crowded very quickly if all 254 hosts start talking to each other.
Solution: by subnetting, say /26, you limit the boundary of the ARP broadcast, so now only 61 hosts within computer A subnet will get the ARPs packets, saving lots of spaces in other subnets of the network.
2. Second is for security
Problem: in the same network of 254 hosts, if computer A was compromised, it’s easy for attackers to move to other hosts – say computer B – and stay undetected because they have to go through much less security measures. Just like a burglar can move easily from room to room within the same building, only to have to pick some locks here and there.
Solution: by subnetting, and using a router to control traffic between subnets, you put walls and roads and a gate between groups of host (separation and compartmentalisation). So now attackers have to go through a router/gate to reach computer B, where they can be stopped or quickly detected by different security measures in the router that you control such as ACLs, QoS or route maps… From the point of view of a network administrator, you have a single point of control – the router – making your job much easier.
3. Third is for ease of organisation and management
This reason support the previous reason well, because a well-organised network can greatly assist network management and security. By assigning each subnet for different group of users, for example different departments in the same organisation, you can manage the growth of each subnet more easily, and control the access amongst them, making sure that marketing department has no reason to access HR database, for instance.
The special case of /30, /31 and /32 subnet #
[I need to read more about point-to-point link/network topology before writing]