Part 3: More CIDRs and Route Summarization
Welcome back to the gentle guide to subnetting! This is the third and final part of this guide and will cover more advanced subnetting topics including “IP summarization”. Please make sure you fully understand the first two guides before continuing with this one as these are more advanced topics.
In the previous guide, we went over the subnet masks /8, /16, /24, and /32. These are some of the most common subnet masks as they represent the now deprecated class system and are easy to calculate. But a well designed network will rarely use those subnets as it’s very rare that those are the exact requirements. Unless your organization is going to never have more than 254 devices, a /24 is probably not the best choice. A /16 provides 65,536 hosts, so that wouldn’t make much sense for a department with only 300 employees. This means we need to start using more specific subnets masks! Let’s take a look at the /24 in binary again. Remember, a /24 has 3 octets for the network and 1 octet for hosts:
As you recall from the previous guide, to find the number of hosts available, you count the number of 0s in the mask and you raise 2 to that power. In this case, we have 8 0s, so we do 2^8 to get 256. We then subtract the network and broadcast address which gives us 254 usable addresses. So the equation is 2^8 – 2 = 254. Another piece of information you will want to know is how to determine the number of subnets we can have with a particular mask. We do this by looking at the number of 1s, or subnet bits, in the hosts section and raising 2 to the power of that number. In the above table, there are not any 1s in the hosts section, so let’s look at a new subnet mask that does have some!
Calculating number of subnets
Let’s say you have a business with 15 departments. You need a scheme that will allow you to create 15 subnets with 14 host addresses in each subnet. How can you tell how many subnets you can create? First, find the number of 1s in the hosts section. We will call these bits “subnet bits” then we raise 2 to that power. It is similar to the hosts equation, only you are using the number of 1s instead of the number of 0s and you are not subtracting 2 from this number. Let’s look at an example with a /28:
As you can see, there are 28 network bits set to “on”. So there are 28 1s and 4 0s. This allows for a total of 14 hosts, so let’s see how many subnets this gives us. The last octet is still considered the host octet, but 4 of those 0s have been changed to 1s. These 1s in the host section allow us to create subnetworks to further divide the hosts. In a /24, you can only create 1 subnet, or 2^0, but in a /28, you can get 16, or 2^4, subnets since you borrow some of the host bits to use as subnet bits.
I know this is a lot of information, but bear with me! Let’s do another example:
Let’s say you are the network manager of a very large organization. We will call it Stark Industries. You have a lot of employees and a lot of devices. You also have a lot of departments. Your boss, Mr. Stark, instructs you to design a new network since your current one is very poorly designed. He asks you to create separate subnets for 64 departments. You are also required to create enough IP space for around 1000 hosts per department. That should allow for all of the devices and gadgets that the employees are using to connect to the network without a problem. Let’s do this step by step:
1.you need to create 64 subnets. 64 is 2^6. So you need 6 subnet bits (bits set to 1 in the host section).
2.So, let’s take a look and see what our possibilities are:
I.You could use a /30, which looks like this:
II.This is great for the networks requirement, that’s 2^6 which gives us 64 subnets! But, wait a minute! What about the number of hosts per subnet? A /26 provides only 2 host bits! That’s only 4 hosts! That is not even close to our 1000 host requirement! So we need to rethink this. We have 6 subnet bits, but we also need at least 10 host bits to get our 1000 hosts: 2^10 – 2 = 1022. So let’s try again, this time, let’s change bits right right to left from 1 to 0 until we get enough host bits. So we change all of the 1s to 0s until we have 10 0s:
III.This looks better! Here, we have 22 bits masked for the network and 6 of those are in the host octet, so those are used for the subnets. So we have 2^6 = 64 subnet bits and (2^10 -2) = 1022 for the host bits! That meets our requirements!
Ok, let’s try another one! This time, you’re the IT manager for LexCorp. LexCorp has become a worldwide operation with thousands of workers all over the world. These workers all need to be able to connect to the VPN to perform their jobs securely. This means that they must use 30 very large VPN subnets. Each VPN supports a different region that you cover, so you will need at least 30 networks with 3,000 hosts for each network. So let’s see how we would create that.
1.First, you need to find out how many host bits you need. For 3,000 hosts that’s going to be 2^12 -2 = 4094. So, let’s create our chart with 12 bits set to 0 for the hosts:
2.Ok, we have figured out how many host bits we need, but that’s only 2^4 = 16 subnets! If we move another bit to the subnet portion, we can’t meet our 3,000 host goal. We need to find a way to to get 2^5 = 32 subnets. So let’s try by working with the 2nd octet instead of the 3rd:
3.Let’s do the math here:
a.Hosts: 2^19 – 2 = 524,286
b.Subnets: 2^5 = 32
4.We got it! As you can see, you can’t always have a very efficient network. Unfortunately in this case, you have to provide 262,142 addresses for subnets that only need to support 3,000 hosts! But it was the only way we can meet the subnet requirement of 32.
Ok, now we know how to arrange the bits in the mask to create networks of a particular size, what exactly do these networks look like? Let’s do a network starting with 192.168.1.0 that requires 4 subnets with 62 hosts in each and see what that looks like:
1.For our 62 hosts, we will need 6 host bits since (2^6 -2) = 62.
2.For our subnets, we need only 2 subnet bits since 2^2 = 4.
3.Let’s create this below in our table:
4.Great! So our network is 192.168.1.0/26 (255.255.255.192). So what subnets does this actually give us?
a.Subnet 1: 192.168.1.0 – 192.168.1.63
b.Subnet 2: 192.168.1.64 – 192.168.1.127
c.Subnet 3: 192.168.1.128 – 192.168.1.191
d.Subnet 4: 192.168.1.192 – 192.168.1.255
5.As you can see, each subnet is 64 hosts, so this network can be divided up 4 times to create 4 subnets!
Let’s do one more that’s a little more complicated. Let’s do 32 subnets with 2000 hosts per subnet:
1.We have a network 172.16.0.0 that needs 2000 hosts, so we will do (2^11 – 2) = 2046. So we need 11 bits for the host.
2.We need 32 subnets, so we need room for 5 subnet bits.
3.Ok, so we have our 11 host bits and our 5 subnet bits. Let’s take a look at some of the subnets we can create with this network.
Subnet 1: 172.16.0.0 – 172.16.7.255
Subnet 2: 172.16.8.0 – 172.16.15.255
Subnet 3: 172.16.16.0 – 172.16.23.255
Subnet 32: 172.16.248.0 – 172.16.255.255
Whoa! How did I find that? Well, we have 32 subnets of 2048 hosts that are possible. So we need to figure out how large our subnets are to find the range. There are several equations out there that might help, The easiest way to do this is to take the octet containing subnet bits, the third octet in this case, and subtract its decimal form from 256. The 3rd octet is 248, so we will subtract that from 256 and we will get 8 addresses available for hosts in that octet. The last octet is all 0s, so that will have 0 – 255 available. So, this means our first usable address is 172.16.0.1, followed by 172.16.0.2, all the way to 172.16.7.255. There are 8 blocks of 255 addresses using this subnet mask. 8 * 256 = 2048, which is the number of hosts we have specified!
Let’s try a few more examples with the network provided:
Alright, so the octet containing the subnet bits is the 2nd octet. There are 3 subnet bits and 5 host bits. So let’s find the number by which we will increment the 2nd octet:
(256 – 224) = increments of 32 with 221 = 2,097,152 addresses in each. Let’s list some of them:
10.0.0.0 – 10.31.255.255
Addresses in this subnet would increment like this:
10.0.0.0, 10.0.0.1, 10.0.0.2…10.0.1.0, 10.0.1.1, 10.0.1.2…10.1.0.0, 10.1.0.1…and so on. As you can see, this is A LOT of hosts available.
10.32.0.0 – 10.63.255.255
Addresses in this subnet would increment like this:
10.32.0.1, 10.32.0.2…10.33.0.1, 10.33.0.2…and so on.
10.64.0.0 – 10.95.255.255
10.224.0.0 – 10.255.255.255 is the last subnet available in this network.
This is another concept that you must practice, practice, and practice some more until it becomes easy. Invent your own scenarios. Perhaps create a network that allows 5 hosts and 10,000 subnets and see how you do!
Another common scenario you may encounter is finding the network boundaries for a particular address. This comes in handy when dealing with large address pools that are required to be on the same network.
For instance, I was once given an address of 22.214.171.124/27 and was not told what other addresses were usable. I knew I needed another 3 addresses that were part of that network, but which ones could I use? Let’s take a look at this subnet mask:
Alright, so the octet that contains the host bits is the last octet. It is a 224, so 256 – 224 = 32. Each subnet will have 32 addresses (30 for hosts after you disregard the network and broadcast addresses.)
So, let’s take a look at what networks those would be:
126.96.36.199 – 188.8.131.52 is the first subnet. As you recall, I cannot use 184.108.40.206 because it is the broadcast address. I cannot use 220.127.116.11 because it is the network address. This leaves me with 18.104.22.168 – 22.214.171.124 as usable addresses! The next subnet is 126.96.36.199 – 188.8.131.52, so if I use any addresses from that range, they will be on a different network and won’t work. That was easy! Let’s try one that’s a little bit harder.
What is the address range of the network containing 10.4.34.57/14?
Let’s chart it:
Alright, so we take 256 – 252 to get the block size of our 3rd octet, which is 4, and we create our networks:
10.0.0.0 – 10.3.255.255 Is our first subnet. As you can see, there is no 10.4.34.57 in that network as it only goes to 10.3.255.255.
10.4.0.0 – 10.7.255.255 is our second network. Great! That one contains 10.4.34.57! So, if you wish to address hosts that can communicate with 10.4.34.57/14, you can use any address between 10.4.0.0 – 10.7.255.255!
Let’s try one more:
Ok, so our blocks in the 3rd octet will be 256 – 128 = 128. So let’s see what we have:
184.108.40.206 – 220.127.116.11
18.104.22.168 – 22.214.171.124
Which one of these two networks contains 126.96.36.199? If you guessed the second network, you are right! We can use any address from 188.8.131.52 – 184.108.40.206 to address hosts on that network. 220.127.116.11 is the network address and 18.104.22.168 is the broadcast address.
Ok, now that we have gone through the harder parts of subnetting, it’s time to discuss another topic: “supernetting”. Supernetting, also called “Route Summarization”, allows us to take multiple subnets and consolidate them into one larger subnet. This enables us to create routing tables and policies with fewer networks listed which helps keep them cleaner and easier to manage. Let’s say you have 2 networks: 192.168.1.0/24 and 192.168.2.0/24. You wish to create a route that will forward traffic from your router to both of these networks, but you don’t want to create two separate routes. Let’s break these masks down to binary and see how we can do this:
The goal of route summarization is to create a network using the bits the two addresses share in common. In this case, the first 22 bits are shared by these two networks!
As you can see, the first bit that differs is the 22nd bit. So if we create a new mask to mask out the first 22 bits, we can create a network that contains both networks. This network is:
In this case, the 3rd octet is changed to a 0 and the mask is changed to accommodate both networks.
Let’s do one that’s a little more difficult:
We will use 3 networks this time:
In this example, the first bit that differs is the 14th bit. This makes the supernet 10.0.0.0/14, which encompasses all 3 networks!
This is a fairly simple, but very important concept. You will find questions like this on many exams and it will also allow you to have the cleanest network infrastructure in your company!
Alright! You did it! You made it through subnetting! We have been solving real world problems and, with practice, you can be a networking master! Keep practicing and let me know if you have any questions!