Subnetting
Basics:
Bit= 1 digit i/e: 1 or 0
Byte= 8 bits
Decimal Conversion Chart:
bit
8
7
6
5
4
3
2
1
value
128
64
32
16
8
4
2
1
subnet
128
192
224
240
248
252
254
255
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
Binary Calculations
decimal
binary
2^0
1
NOTE:
I have added an additional space between the 8 octets in this paper only to make the reading easier. These would not appear in real life.0000 0001
2^1
2
0000 0010
2^2
4
0000 0100
2^3
8
0000 1000
2^4
16
0001 0000
2^5
32
0010 0000
2^6
64
0100 0000
2^7
128
1000 0000
Available addresses – each bit can be a 1 or a 0 so each bit = 2 addresses
1 bit
Each bit added doubles the number of available addresses just as each bit removed halves the number of available addresses.2 addresses
2 bits
4 addresses
3 bits
8 addresses
4 bits
16 addresses
5 bits
Addressing formula: 2n = ___. Fill in the blank for the need and find for n – where n is the number of bits needed.32 addresses
6 bits
64 addresses
7 bits
128 addresses
8 bits
256 addresses
Binary counting per octet:
0000 0000
0
0000 0001
1
0000 0010
2
0000 0011
The number of available addresses is 256. this includes 0000 0000 .3
0000 0100
4
0000 0101
5
~~
~~
1111 1111
255
Network ID: ‘Area Code’ – all computers on a segment will share a single Network ID. All Network IDs in a network must be unique to that network.
Host ID: ‘Phone Number’ – all computers on a network segment must have a unique Host ID to that segment.
Here are three ways of finding out what class your allocation is in. Use whichever you find easiest.
1. Class A addresses begin with 0xxx, or 1 to 126 decimal. (127 is loopback)
2. Class B addresses begin with 10xx, or 128 to 191 decimal.
3. Class C addresses begin with 110x, or 192 to 223 decimal.
4. Class D addresses begin with 1110, or 224 to 239 decimal. (a.k.a multicast - you'll probably never see these)
5. Class E addresses begin with 1111, or 240 to 254 decimal. (or these)
v If the first bit is 0 it is a Class A address
v If the first two bits are 10 it is a Class B address
v If the first three bits are 110 it is a Class C address
v If the first four bits are 1110 it is a Class D multicast address
v If the first four bits are 1111 it is a Class E experimental address
First Byte
Class
Default (classful) Network Mask
1-126
"A"
255.0.0.0
128-191
"B"
255.255.0.0
192-223
"C"
255.255.255.0
Each TCP/IP host (i/e NIC card) needs at MINIMUM a unique IP address and a subnet mask, and to communicate off of the immediate subnet it also needs a default gateway.
Repeaters, bridges and switches forward broadcasts. Routers do not.
Physical segment = a port out of a router or between two routers.
Public addresses = an address bought or leased from INternic or ARIN (and then from ISP or a corporation)
Private address = 10.0.0.0 to 10.255.255.255; 17.16.0.0 to 17.32.255.255; 192.168.0.0 to 192.168.255.255
Example: if a corporation was given 152.77.0.0 the admin would hand out the last two octets as needed.
Converting the subnet mask to binary:
1s = the network portion or ‘mask’ and the 0s = the host portion
Remember! your subnet mask must always have contiguous bits!
i/e: 1111 1111.1111 1111.1111 1111.0000 0000 = default class C subnet mask
Network Address Ranges by Class IP network addresses are issued as follows:
Class
Range
Default Mask
Number of Addresses
Class A
1-127
255.0.0.0
2^24=16,777,216
Class B
128-191
255.255.0.0
2^16=65,536
Class C
192-223
255.255.255.0
2^8=256
So an address of 152.77.0.0 would have a potential of 65,536 hosts! On one subnet…ouch.
Here is a reason why we subnet. Create multiple physical segments to break up network.
152.77.0.0 = Network ID = 65,536
255.255.0.0 = Default Subnet Mask
N.N.H.H = Default Subnet Mask (we need to ‘borrow’ bits for the host section to add to the network section)
N.N. SNID (borrowed bits) .H = Custom Subnet Mask
Subnet Masks - Binary Representations
Decimal
Binary
.192
11000000
2 bits
.224
11100000
3 bits
.240
11110000
4 bits
.248
11111000
5 bits
.252
11111100
6 bits
.254
11111110
7 bits
.255
11111111
8 bits
ANDING
TCP/IP software uses a logical "AND" operation to find out what subnet an address belongs to. When a 0 is ANDed with either a 0 or a 1, the result is a 0. When a 1 is ANDed with a 1, the result is 1:
0 AND 0 = 0
0 AND 1 = 0
1 AND 0 = 0
1 AND 1 = 1
Classful Subnetting Tables
Class B
# of bits
Subnet Mask
# Subnets
# Hosts
2
255.255.192.0
2
16382
3
255.255.224.0
6
8190
4
255.255.240.0
14
4094
5
255.255.248.0
30
2046
6
255.255.252.0
62
1022
7
255.255.254.0
126
510
8
255.255.255.0
254
254
9
255.255.255.128
510
126
10
255.255.255.192
1022
62
11
255.255.255.224
2046
30
12
255.255.255.240
4094
14
13
255.255.255.248
8190
6
14
255.255.255.252
16382
2
Class C
# Bits
Subnet Mask
# Subnets
# Hosts
0
255.255.254.0
0
510
1
255.255.255.0
1
254
2
255.255.255.192
2
62
3
255.255.255.224
6
30
4
255.255.255.240
14
14
5
255.255.255.248
30
6
6
255.255.255.252
62
2
7
255.255.255.255
255
1
CIDR (Classless Inter Domain Routing) Bits to Mask
Address Class
CIDR Value
Subnet Mask
Class A
/8
255.0.0.0
/9
255.128.0.0
/10
255.192.0.0
/11
255.224.0.0
/12
255.240.0.0
/13
255.248.0.0
/14
255.252.0.0
/15
255.254.0.0
/16
255.255.0.0
Class B
/17
255.255.128.0
/18
255.255.192.0
/19
255.255.224.0
/20
255.255.240.0
/21
255.255.248.0
/22
255.255.252.0
/23
255.255.254.0
/24
255.255.255.0
Class C
/25
255.255.255.128
/26
255.255.255.192
/27
255.255.255.224
/28
255.255.255.240
/29
255.255.255.248
/30
255.255.255.252
/31
255.255.255.254
/32
255.255.255.255
Additional example:
Subnetting Class C - most typical example: /28 "all zeroes, all ones" excluded. Mask is 11110000This table may be all you ever need to know, for many installations. This is a typical example and possibly the most common one. Because it is such a useful table, this is the only large one we will list in full.
Network part
Subnet.host
Host addresses
Broadcast Address
192.168.1.0
0000xxxx
192.168.1.1 to 192.168.1.14
192.168.1.15 - UNUSABLE - NETMASK ALL 0000's
192.168.1.16
0001xxxx
192.168.1.17 to 192.168.1.30
192.168.1.31
192.168.1.32
0010xxxx
192.168.1.33 to 192.168.1.46
192.168.1.47
192.168.1.48
0011xxxx
192.168.1.49 to 192.168.1.62
192.168.1.63
192.168.1.64
0100xxxx
192.168.1.65 to 192.168.1.78
192.168.1.79
192.168.1.80
0101xxxx
192.168.1.81 to 192.168.1.94
192.168.1.95
192.168.1.96
0110xxxx
192.168.1.97 to 192.168.1.110
192.168.1.111
192.168.1.112
0111xxxx
192.168.1.113 to 192.168.1.126
192.168.1.127
192.168.1.128
1000xxxx
192.168.1.129 to 192.168.1.142
192.168.1.143
192.168.1.144
1001xxxx
192.168.1.145 to 192.168.1.158
192.168.1.159
192.168.1.160
1010xxxx
192.168.1.161 to 192.168.1.174
192.168.1.175
192.168.1.176
1011xxxx
192.168.1.177 to 192.168.1.190
192.168.1.191
192.168.1.192
1100xxxx
192.168.1.193 to 192.168.1.206
192.168.1.207
192.168.1.208
1101xxxx
192.168.1.209 to 192.168.1.222
192.168.1.223
192.168.1.224
1110xxxx
192.168.1.225 to 192.168.1.238
192.168.1.239
192.168.1.240
1111xxxx
192.168.1.241 to 192.168.1.254
192.168.1.255 - UNUSABLE - NETMASK ALL 1111's
0's/1's restriction on host part: let's take one subnet from the table above:
Network part
Subnet.host
Host addresses
Broadcast Address
192.168.1.32
0010xxxx
192.168.1.33 to 192.168.1.46
192.168.1.47
Now, let's look at the individual hosts within that subnet:
Network part
Subnet . Host part
Host Address
192.168.1.32
0010.0000
UNUSABLE - HOST PART IS ALL 0's
192.168.1.33
0010.0001
192.168.1.34
0010.0010
192.168.1.35
0010.0011
192.168.1.36
0010.0100
192.168.1.37
0010.0101
192.168.1.38
0010.0110
192.168.1.39
0010.0111
192.168.1.40
0010.1000
192.168.1.41
0010.1001
192.168.1.42
0010.1010
192.168.1.43
0010.1011
192.168.1.44
0010.1100
192.168.1.45
0010.1101
192.168.1.46
0010.1110
192.168.1.47
0010.1111
UNUSABLE - HOST PART IS ALL 1's
Note what happens as the room for hosts gets smaller:This is the host table for a /30:
Network part
Subnet . Host part
Host Address
192.168.1.32
001000.00
UNUSABLE - HOST PART IS ALL 0's
192.168.1.33
001001.01
192.168.1.34
001010.10
192.168.1.35
001011.11
UNUSABLE - HOST PART IS ALL 1's
A /30 is particularly wasteful - 50% of the hosts are unusable. Similarly, a /26 is pretty bad, because 50% of the nets are unusable. a /28 is best because it lets you have (16 - 2) * (16 - 2) = 192 hosts.This would be the host table if a /31, if it existed:
Network part
Subnet . Host part
Host Address
192.168.1.32
0010000.0
UNUSABLE - HOST PART IS ALL 0's
192.168.1.33
0010000.1
UNUSABLE - HOST PART IS ALL 1's
What's wrong with this picture??? Well, you can't have a /31. Here's why...
We can have subnets of /26,/27,/28,/29,/30 - BUT NOT /25 or /31!This is a /30 (with sections removed for brevity):Mask is 11111100
Network part
Subnet.host
Host addresses
Broadcast Address
192.168.1.0
000000xx
192.168.1.1 to 192.168.1.2
192.168.1.3 - UNUSABLE - NETMASK ALL 000000's
192.168.1.4
000001xx
192.168.1.5 to 192.168.1.6
192.168.1.7
192.168.1.8
000010xx
192.168.1.9 to 192.168.1.10
192.168.1.11
192.168.1.12
000011xx
192.168.1.13 to 192.168.1.14
192.168.1.15
192.168.1.16
000100xx
192.168.1.17 to 192.168.1.18
192.168.1.19
192.168.1.20
000101xx
192.168.1.21 to 192.168.1.22
192.168.1.23
192.168.1.24 - 244
...
..............................
.............
192.168.1.248
111110xx
192.168.1.249 to 192.168.1.250
192.168.1.251
192.168.1.252
111111xx
192.168.1.253 to 192.168.1.254
192.168.1.255 - UNUSABLE - NETMASK ALL 111111's
So why not a /25????
Network part
Subnet.host
Host addresses
Broadcast Address
192.168.1.0
0xxxxxxx
192.168.1.1 to 192.168.1.126
192.168.1.127 - UNUSABLE - NETMASK ALL 0's
192.168.1.128
1xxxxxxx
192.168.1.129 to 192.168.1.254
192.168.1.255 - UNUSABLE - NETMASK ALL 1's
When the netmask is only one bit, it can't help but being all zeroes or all ones.
And why not a /31?
Network part
Subnet.host
Host addresses
Broadcast Addresses (0's and 1's)
192.168.1.0
0000000x
192.168.1.0? to 192.168.1.1?
192.168.1.0 - UNUSABLE - NETMASK 000000's192.168.1.1 - UNUSABLE - NETMASK 000000's
192.168.1.2
0000001x
192.168.1.2? to 192.168.1.3?
192.168.1.2 - UNUSABLE - Broadcast 0's192.168.1.3 - UNUSABLE - Broadcast 1's
192.168.1.4 - 250
...
..............................
..........................
192.168.1.252
1111110x
192.168.1.252 to 192.168.1.253
192.168.1.252 - UNUSABLE - Broadcast 0's192.168.1.253 - UNUSABLE - Broadcast 1's
192.168.1.254
1111111x
192.168.1.254 to 192.168.1.255
192.168.1.254 UNUSABLE - NETMASK 111111's192.168.1.255 UNUSABLE - NETMASK 111111's
Monday, October 12, 2009
Wednesday, October 7, 2009
Successfully pinging the loopback address verifies that TCP/IP is both installed and configured correctly on the local client. If your loopback test fails, then it means IP stack is not answering. If any TCP drivers get corrupted, or if your network adapter is not functioning properly, or if any of the other service is interrupting IP , then lack of response might can occur. Open event viewer, and look for problems reported by setup or by the TCP/IP service.
Ping the local client - type ping
Successfully pinging with the local client's IP address verifies that the client was successfully added to your network. If you cannot successfully ping the local IP address after successfully pinging the loopback address, check that the local client's IP address is a valid IP address, check the routing table, and check network adapter driver.
Successfully pinging with the default gateway of the local client verifies that you can properly communicate with the local subnet to your local host and your default gateway is also functioning properly. If you cannot successfully ping the default gateway after successfully pinging the local client, check the default gateway.
Ping the IP address of network device located on a remote network - type ping
Successfully pinging with the IP address of the remote host verifies that the local client can communicate with the remote host through a router. if the remote host is located across a high delay link such as satellite link, try using the -w (wait) parameter to specify a longer time out period than the default time out of four seconds.
If you cannot successfully ping the remote host IP address after successfully pinging the default gateway, this indicates that there is no respond from the remote host, or if there is any network hardware problem between the source host and the destination host. To rule out the possibility of a problem in the work hardware, ping to a different remote host on the same subnet where the first remote host is located.
Ping the host name of another host on a remote network - type ping
Successfully pinging with the name of the remote host verifies that ping can resolve the remote host name to an IP address. If you cannot successfully ping the remote host name after successfully pinging the IP address of the remote host, the problem is with host name resolution, but not with network connectivity. When pinging the host name of the target host, ping attempts to resolve the name to an address (first through a DNS server, and next through a WINS server, if one is configured), and then attempts a local broadcast. Check TCP/IP properties to see whether the client has DNS server and WINS server addresses configured, either typed manually or assigned automatically. If DNS and WINS server addresses are configured in TCP/IP properties, and if they appear when you type ipconfig/all, then try pinging with server addresses to ascertain whether they are accessible.
On a network that uses DNS for name resolution, if the name entered is not a Fully Qualified Domain Name (FQDN), the DNS name resolver appends the computer's domain name or name to generate the FQDN. Name resolution might fail if you do not use an FQDN for a remote name. These requests fail because the DNS name resolver appends the local domain suffix to a name that resides elsewhere in the domain hierarchy.
Details from:- http://www.tech-faq.com/ping-test.shtml
What is traceroute?
traceroute is a command which is used to trace the route of a packet through a TCP/IP network.
traceroute is a Unix command. Under Microsoft Windows, the traceroute command has been renamed `tracert`. Unix `traceroute` and Microsoft Windows `tracert` are designed to accomplish the same task, but differ in the way they display output, in the way they send test packets, and in the number of command line options they provide.
Sample `tracert` output
This is the result of tracing the network route to www.mit.edu:
C:\>tracert www.mit.edu
Tracing route to www.mit.edu [18.7.22.83] over a maximum of 30 hops:
1 2 ms 4 ms 2 ms 192.168.1.1
2 * * * Request timed out.
3 10 ms 50 ms 11 ms 68.86.105.109
4 28 ms 9 ms 9 ms 68.86.103.45
5 10 ms 10 ms 11 ms 68.86.103.182
6 53 ms 29 ms 10 ms 12.124.157.53
7 53 ms 45 ms 60 ms gbr1-p40.dvmco.att.net [12.123.36.146]
8 88 ms 47 ms 36 ms gbr1-p60.la2ca.att.net [12.122.1.29]
9 72 ms 34 ms 39 ms tbr2-p013301.sffca.att.net [12.122.12.133]
10 37 ms 33 ms 79 ms 12.122.80.57
11 35 ms 35 ms 35 ms so-8-1.car3.Level3.net [209.0.227.29]
12 36 ms 44 ms 36 ms ae-1-51.bbr1.Level3.net [4.68.123.1]
13 93 ms 87 ms 83 ms so-2-0-0.mp2.Level3.net [64.159.4.181]
14 91 ms 84 ms 115 ms ge-1-1-55.car2.Level3.net [4.68.100.131]
15 126 ms 84 ms 90 ms 4.79.2.2
16 95 ms 96 ms 95 ms W92-RTR-1.MIT.EDU [18.168.0.25]
17 96 ms 100 ms 95 ms WWW.MIT.EDU [18.7.22.83]
Trace complete.
From this output, we can see that our packets took 17 network layer hops to reach their destination.
We can see that our packets traversed both the AT&T and Level3 networks along the way.
We can also see the times the first, second, and third test packets took to cross each of the network hops.
In addition, we can see that the 2nd hop didn't respond to our request within 5 seconds. Because of this, we don't know the IP address of that network device.
What is ICMP?
ICMP is the Internet Control Message Protocol.
ICMP is a complementary protocol to IP (Internet Protocol). Like IP, ICMP resides on the Network Layer of the OSI Model.
ICMP is designed for sending control and test messages across IP networks.
Unlike the Transport Layer protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) which operate on top of IP, ICMP exists alongside IP.
The ability to understand ICMP is a requirement for any IP-compatible network device. However, many security devices such as firewalls block or disable all or part of ICMP functionality for security purposes.
ICMP Message Types
ICMP operates by sending and receiving a limited number of messages types. The ICMP message types are defined in IANA ICMP Type Numbers.
The most common ICMP message types are:Type Name
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
6 Alternate Host Address
8 Echo
9 Router Advertisement
10 Router Solicitation
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
15 Information Request
16 Information Reply
17 Address Mask Request
18 Address Mask Reply
30 Traceroute
ICMP Echo Request and Echo Reply
The two most important ICMP messages are Echo Request (8) and Echo Reply (0).
Echo Request and Echo Reply are utilized by the `ping` command to test network connectivity.
Here we use the `ping` command to send three 64-byte ICMP Echo Request messages to www.freebsd.org and receive three Echo Reply messages in response:
bash-2.05a$ ping -c 3 www.freebsd.org
64 bytes from 216.136.204.117: icmp_seq=0 ttl=55 time=63.708 ms
64 bytes from 216.136.204.117: icmp_seq=1 ttl=55 time=62.725 ms
64 bytes from 216.136.204.117: icmp_seq=2 ttl=55 time=62.618 ms
--- www.freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 62.618/63.017/63.708/0.491 ms
This output tells us that network connectivity to www.freebsd.org is working. It also tells us the time each packet took to return.
`ping` is an extremely useful tool for network troubleshooting.
What is NAT (Network Address Translation)?
NAT (Network Address Translation) is a technique for preserving scarce Internet IP addresses.
Why NAT?
The current Internet uses IP addresses in the form xxx.xxx.xxx.xxx. A sample IP address might be 202.187.4.212.
Because of the way these IP addresses are allocated, there started to be a shortage of available IP addresses.
The current revision of IP (Internet Protocol) in use on the Internet is IPv4. IPv6 is largely a response to this potential IP address shortage.
Unfortunately, IPv6 is going to take decades to implement. A much quicker fix was needed, and that fix was NAT.
Private Address Space for NAT
To conserve IP address space, networks which are not directly connected to the Internet are often given private address space.
Private address space are ranges of IP address which cannot be routed over the Internet.
Private address space is often called "RFC 1918" space, because private address space is defined in RFC 1918 - Address Allocation for Private Internets.
RFC 1918 defines three sets of private address space:Start End Network Size
10.0.0.0 10.255.255.255 /8
172.16.0.0 172.31.255.255 /12
192.168.0.0 192.168.255.255 /16
The use of private address space conserves IP addresses because any person or company can use the same provate address space over and over again.
I have a 10.0.0.x network in my house. IBM has a 10.0.0.x network. HP has a 10.0.0.x network. Apple has a 10.0.0.x network. We're all using the same range of IP addresses.
The limitation is that private address space is non-routable. This means that any computer on these private IP addresses cannot (directly) connect to the Internet.
Network Address Translation to the Rescue!
The solution to work-around this limitation is NAT (Network Address Translation).
A NAT device, usually a firewall or a router, is placed between the private network and the Internet.
When computers on the private network want to communicate on the Internet, the NAT device quickly and silently modifies the packets they send to have a normal IP address.
When systems on the Internet send reply packets, the NAT device routes those reply packets back to the correct system on the private network.
In this way, hundreds or thousands of computers on the private network can share just one IP address on the public Internet.
For example, you might have 250 computers on the 192.168.1.x network and one firewall providing NAT services on the IP address 216.17.138.210. Any time one of the hosts communicates across the Internet, the NAT firewall changes the IP address of the packets to 216.17.138.210. When reply packets come from the Internet, the NAT firewall sorts them out and sends them to the correct internal host.
Types of NAT
The type of NAT just described is called One-to-Many NAT. This is because one IP address is shared by many hosts.
It is also possible to implement One-to-One NAT. This is where a host with a private IP address is given a dedicated public IP address in the NAT device. One-to-One NAT is used to support some poorly designed protocols which do not work well over NAT.
How NAT Works
When a computer running NAT receives a packet from an internal client, it replaces the packet header and translates the client's port number and internal IP address to its own port number and external IP address. It then sends the packet to the destination host on the Internet, and keeps track of the mapping information in a table, so that it can route the reply to the appropriate client computer. When the computer running NAT receives a reply from the Internet host, it again replaces the packet header and sends the packet to the client. Both the client computer and the Internet host appear to be communicating directly with each other.
For example, a client computer with the IP address 192.168.10.2 wants to contact a Web server with the IP address 131.110.30.4. The client is configured to use 192.168.1.1 as the default gateway, which is the internal IP address of the computer running NAT. The external IP address of the computer running NAT is 131.110.5.1. In this example, the NAT process occurs as follows:
The client computer sends a packet to the computer running NAT. The packet header indicates that the packet originates from port 1074 on the computer with the IP address 192.168.10.2, and has a destination of port 80 on 131.110.30.4.
The computer running NAT changes the packet header to indicate that the packet originates from port 1563 on host 131.110.5.1, but does not change the destination. The computer running NAT then sends the packet to the Web server over the Internet.
The external Web server receives the packet and sends a reply. The packet header for the reply indicates that the packet originates from port 80 on 131.110.30.4, and has a destination of port 1563 on host 131.110.5.1.
The computer running NAT receives the packet and checks its mapping information to determine the destination client computer. The computer running NAT changes the packet header to indicate a destination of port 1074 on 192.168.10.5, and then sends the packet to the client. The source of the packet remains as port 80 on 131.110.30.4, which is the IP address of the Web server.
Subscribe to:
Comments (Atom)
