I wrote this article for the magazine Connect and it was published in the last issue Connect 07-08/10, I'm publishing it here with the kind permission of the editors.
This is the fourth part of a series about computer networks. There is already a content-identical (and more extensive) series on this website Computer networks, but I wrote this article with some time distance and from a slightly different perspective.
Unfortunately, there will be no further parts because the Connect magazine was cancelled. It's a pity because in my opinion it was the only Czech magazine at quite a technical level (compared to horrors like Chip and others). But the publishing house CPress Media was bought by Mladá Fronta and decided to cancel a number of magazines, including Connect.
Addresses and their calculations in computer networks based on TCP/IP
We have discussed a number of terms from the field of computer networks in previous parts. Now we will review some terms and add several new ones that are important for address calculations in IP networks. The essential terms are IP address and subnet mask. Throughout the article, we will be talking about the fourth version of the IP protocol, i.e. IPv4.
IP address and subnet
An IP address is the logical address of a device in a computer network (on layer 3 according to the OSI model) that uses the IP protocol. In IPv4, this address is 32 bits (4 bytes) long and is written using dot-decimal notation. This means using four decimal values (each one byte long), called octets, separated by dots. An example of an IP address is 193.222.5.15. The IP protocol has been around for a while and its development is still ongoing, we will be talking about modifications that are common in today's networks. All descriptions can be found in RFC documents.
An IP address can take values from 0.0.0.0 to 255.255.255.255 (theoretically, not all addresses can be used in practice), which is the address range of IP networks and the internet. Although the address is typically written in decimal system, everything is optimized for computer processing, which uses the binary system. So for address calculations, basics of binary arithmetic are needed.
In previous parts, we explained the basic methods of communication, so we know that this range needs to be divided into smaller parts. We call these parts subnets (sometimes networks). Network devices within a subnet share a common prefix of the IP address.
Network mask
An IP address consists of several parts. Basically, it's two parts, the network-identifying prefix and the node address within the subnet. In the original classful networks, the prefix was firmly given by the class to which the address belonged. In today's classless networks, we can determine the prefix from the subnet mask. Or we can divide the address into three parts: network address, subnet address, and node address. Where the network address is given by the IP address class and the subnet address is the difference between the mask and the class.
classful <network-prefix><-------host-number--------> classless <network-number><subnet-number><host-number> classless <-------network-prefix--------><host-number>
To determine which part of the IP address is for the subnet and which for the node, a subnet mask is used. In binary form, it contains ones followed by zeros and uses the ones to "mask out" the network prefix part in the IP address. In other words, where there are ones in the mask, it's the subnet part in the IP address, and where there are zeros, it's the node part. The network part of the IP address determines the subnet and is used for routing. The node part identifies the station within the given subnet.
In IPv4, the mask is written in the same way as the IP address using dot-decimal form, with the condition that only addresses that have ones from the left followed by zeros in binary notation are valid (after the first zero, there can only be zeros). An example of a network mask is 255.255.255.0. The mask 255.255.255.254 is not valid because there would be 0 nodes within such a subnet. The mask 255.255.255.255 is not a subnet mask, but determines a single node.
When we talk about network masks, we must also mention a sometimes used special notation, which is referred to as inverse mask or wildcard mask. This is a reversed mask, simply put, where there are ones in the traditional mask, there are zeros and vice versa. For calculation in decimal form, we can use value = 255 - octet value for each octet. For example, for the mask 255.255.255.240, the inverse mask is 0.0.0.15.
Public and private addresses
The initial principle of IP networks was that the IP address had to be unique within the entire network and individual nodes (stations, servers, and other devices with assigned IP addresses) could communicate with each other. With the development of the internet, it turned out that the number of addresses that can be created in IPv4 is definitely not sufficient. So various methods started to be used to deal with the shortage of addresses. The most drastic is the new version of the IP protocol, IPv6, which contains many more addresses, but its implementation is not easy. Furthermore, the CIDR technique appeared and IP addresses were also divided into two types, public and non-public IP addresses.
Public IP addresses form the main part of the internet's address range and these addresses are routable within the entire internet. Simply put, a computer with a public address can be accessible from the entire internet. These addresses must be unique in the entire network (internet).
In contrast, private IP addresses should only be used within LAN networks and should not communicate over the internet through ISPs. A company then uses one (or more) public address and uses NAT (Network Address Translation) technique to translate private addresses to this public one when communicating outside the LAN. The same private addresses can thus be found in many places on the internet, but they cannot directly communicate with each other. The following table shows the individual private ranges.
| network | network address | broadcast address | node addresses |
|---|---|---|---|
| 10.0.0.0/8 | 10.0.0.0 | 10.255.255.255 | 10.0.0.1 - 10.255.255.254 |
| 192.168.0.0/16 | 192.168.0.0 | 192.168.255.255 | 192.168.0.1 - 192.168.255.254 |
| 172.16.0.0/12 | 172.16.0.0 | 172.31.255.255 | 172.16.0.1 - 172.31.255.254 |
Some addresses from both public and private have had a special meaning planned from the beginning. Among the more important ones are the range 127.0.0.0/8, which are localhost loopback addresses, or 169.254.0.0/16, which are addresses for autoconfiguration (APIPA).
Network classes
A method that we no longer encounter in today's practice, but whose designation is still used, is dividing networks into classes. In the past, the address space was divided into five classes (the main ones are class A, B, and C), in each class there was a certain number of subnets. The class was determined by the first four bits of the address and each class had a fixed subnet mask assigned. Moreover, the masks could only have ones or zeros in a given octet. Because the masks were fixed and could be recognized by the address, they weren't even stated (which was later a problem for routing). If we use network classes, we talk about classful network. The following table shows the basic parameters of individual classes.
| class | determining bits | address range | mask | CIDR mask | note |
|---|---|---|---|---|---|
| class A | 0xxx | 0 - 127.x.x.x | 255.0.0.0 | /8 | main |
| class B | 10xx | 128 - 191.x.x.x | 255.255.0.0 | /16 | main |
| class C | 110x | 192 - 223.x.x.x | 255.255.255.0 | /24 | main |
| class D | 1110 | 224 - 239.x.x.x | multicast | ||
| class E | 1111 | 240 - 255.x.x.x | reserved |
Later it turned out that this fixed division of networks is inefficient and greatly wastes addresses, which started to run out. So a network design called classless was created. It uses Variable Length Subnet Mask (VLSM), which allows a variable length of the network mask. Classless Inter-Domain Routing (CIDR) is based on VLSM, which allows an arbitrary long mask and uses a shortened notation using the number of one bits in the mask (mask length). The CIDR address notation looks like 10.5.0.2/28, which corresponds to the traditional mask 255.255.255.240, which we write in binary as 11111111.11111111.11111111.11110000.
CIDR also contains an aggregation mechanism that allows combining several contiguous network ranges into one supernet. Using aggregation saves space and resources in routing. By using aggregation, we can combine subnets 192.168.0.0/24 and 192.168.1.0/24 into 192.168.0.0/23.
Addresses in a subnet
Each subnet contains three types of addresses. The first address from the range must not be assigned to any node. This address is used to identify the subnet and is referred to as the network ID or network address or base address. This address contains only zeros in the node address part. Then follow the standard node addresses, which we can assign to network devices. The last address of the subnet again cannot be used for a node, it is the so-called broadcast address. This address is used for subnet directed broadcast, i.e. a message that we want to send to all stations in the subnet. This address has only ones in the node address part.
The following table shows all addresses for the network 192.168.5.12/30. We can write the mask /30 in binary as 11111111.11111111.11111111.11111100, so the IP address can only change in the last two bits.
| IP address | binary | type |
|---|---|---|
| 192.168.5.12 | 11000000.10101000.00000101.00001100 | network ID |
| 192.168.5.13 | 11000000.10101000.00000101.00001101 | node |
| 192.168.5.14 | 11000000.10101000.00000101.00001110 | node |
| 192.168.5.15 | 11000000.10101000.00000101.00001111 | broadcast |
Calculation of maximum number of nodes and subnets
The maximum number of nodes and subnets in a particular network is determined by the subnet mask. Determining which part of the IP address is the network part and which is the host part is simple. When we write the IP address and mask in binary under each other, where there are ones in the mask, it's the network part, and where there are zeros, it's the node address part within the subnet. It's simple for the most common masks, where in the octet there are either only ones, i.e. value 255, or zeros.
| IP address | 10.240.5.8 | 00001010.11110000.00000101.00001000 |
| mask | 255.255.255.0 | 11111111.11111111.11111111.00000000 |
When we have a mask in CIDR notation, we immediately know the number of ones and can calculate the number of zeros as 32 - CIDR value. The network part is given by the ones in the subnet mask, if we change any value in this part of the IP address, we get a different subnet. So the number of combinations in this part of the address equals the maximum number of subnets. The number of combinations is calculated as 2number of ones.
In the old days, subnets with all ones or zeros in the address were not allowed (as specified by the old RFC 950), so according to this standard, the number of subnets would be 2number of ones - 2. However, the newer RFC 1812 has been in effect for a long time, allowing us to use all addresses. The total number of subnets also depends on whether we consider network classes, then we count the number of subnets in the given network class, i.e., 2number of ones in the mask - number of ones in the class.
The maximum number of addresses for nodes is calculated similarly using the formula 2number of zeros - 2. We subtract two because we cannot use the network ID and broadcast address as node addresses.
Now we will give a simple concrete example, which will hopefully make the previous general description clearly understandable. We have a network address written in CIDR notation 148.25.3.5/22. So the number of ones in the mask is 22 and the number of zeros is 32 - 22 = 10. If we consider classes, this address falls into class B (according to the first two bits of the IP address, the first octet is binary 10010100) and its mask is /16. The number of subnets within class B with a mask of /22 is 222-16 = 26 = 64. If we consider all subnets, it is 222 = 4,194,304. The number of hosts that can be in each subnet with this network mask is 210 - 2 = 1024 - 2 = 1022.
Are two addresses from the same subnet?
Sometimes we need to determine if two addresses (which we know including the mask) are in the same subnet (this affects communication, etc.). If we have a simple mask, we can tell at first glance, but for some more complex ones, we need to use basic math. We just compare the network parts of the addresses and if they are the same, the addresses belong to the same subnet. The easiest way is to convert all addresses to binary form and everything is immediately apparent. An important assumption is that the subnet masks are the same.
We will show an example with addresses 192.168.5.13/22 and 192.168.7.128/22, we immediately see that the masks are the same.
| decimal | binary |
|---|---|
| 192.168.5.13 | 11000000.10101000.00000101.00001101 |
| 192.168.7.128 | 11000000.10101000.00000111.10000000 |
| 255.255.252.0 | 11111111.11111111.11111100.00000000 |
From the notation, we see the parts of the IP addresses determined by the ones in the mask and simply compare that they are both the same, so both addresses belong to the same network.
Finding the Network ID
Finding the first address of the subnet may seem simple, but sometimes it is not immediately apparent. Then we need to use logic or math. The Network ID can be calculated from the binary notation of the address and mask by performing a bitwise AND, network-ID = IP-address AND subnet-mask.
Example for address 10.217.123.7/20
| IP binary | 00001010.11011001.01111011.00000111 |
| mask binary | 11111111.11111111.11110000.00000000 |
| AND operation | 00001010.11011001.01110000.00000000 |
| decimal | 10.217.112.0 |
Instead of math, we can also use logical reasoning. A /20 mask means that the change occurs in the 3rd octet, so the first 2 octets remain unchanged and the last one is zero. In the 3rd octet, we have four ones and four zeros, so the subnet addresses go by 16 (24). This means 0 to 15, 16 to 31, etc., for the value 123, the nearest lower value is 112.
Finding the Broadcast Address
The broadcast address of the subnet is found similarly to the network ID. Mathematically, we can use a bitwise OR between the IP address and the negated mask, i.e., broadcast-address = IP-address OR NOT(subnet-mask). Example for the same address as before 10.217.123.7/20.
| IP binary | 00001010.11011001.01111011.00000111 |
| mask binary | 11111111.11111111.11110000.00000000 |
| mask negation | 00000000.00000000.00001111.11111111 |
| OR operation | 00001010.11011001.01111111.11111111 |
| decimal | 10.217.127.255 |
Another way to calculate is if we know the network ID, then just enter all ones in the node part in binary form.
Other Calculations
The questions about what we want to calculate can vary, but everything is based on the previous considerations. For example, we want to find the subnet mask to contain a given number of addresses. We convert the number of addresses to a binary value, from which we get the length of the node part and the complement is the subnet mask. For example, a subnet for 4000 clients, binary 1111.10100000, that is a length of 12, the mask is 32 - 12 = 20. A /20 subnet can contain up to 4094 node addresses.
Another example might be when we want to divide a network into a certain number of equal subnets. We take the value of the number of subnets, subtract 1 (because it takes values from 0 to n-1), convert it to a binary value, it must contain all ones, otherwise it is not possible to achieve this number of subnets. If we are counting within a class, we add the class mask and we have the target mask of one subnet, which can create the given number of subnets.
For example, divide the network 192.168.100.0/24 within class C into 8 equal subnets. 8 - 1 = 7 binary 111, within class C we have a mask of 24 + 3 = 27, so the possible subnets are 192.168.100.0/27, 192.168.100.32/27, 192.168.100.64/27, 192.168.100.96/27, 192.168.100.128/27, 192.168.100.160/27, 192.168.100.192/27, 192.168.100.224/27.
Calculators
IP subnet calculators are used to calculate various values around addressing. We can find a whole range of such applications, and a large part of them are online on the Internet. An example is subnet-calculator.samuraj-cz.com.
Super článek!! moc díky za osvětlení této problematiky;-)
IP kalkulacka, ktera nepotrebuje (krome stazeni) pristup na internet: http://www.slunecnice.cz/sw/ipv4-calculator/
super článek:-)
Nádhera, krásně vysvětleno !!!;-)
pěkný článek
Zdravim, vo vete "Počet subnetů v rámci třídy B s maskou /22 je 22^2-16 = 26 = 64." by asi bolo dobre v tom vypocte upravit trochu tie horne indexy/mocniny. Inac pekny clanok, dakujem zan :).
respond to [6]Ondro: Díky, když jsem to převáděl do HTML, tak jsem to přehlédl. Je vidět, že to někdo opravdu čte :-).
Výborné články!!!;-)
"Použitím agregace můžeme spojit subnety 192.168.0.0/24 a 192.168.1.0/24 do 192.168.0.0/23."
Bylo by možné uvést princip této agregace? Všechno jsem v článku pochopil, ale tohle spojování mi hlava nebere.
respond to [9]Karel: "sumarizace" sítě má 2 možnosti buď větší síť např /16 rozjibi na 2 menší kdy každá z menších bude /17 (kdy /17 mohu zase rozdělit na dvě menší která každá bude /18) nebo opačně mám například 2 sítě s /24 a spojím je pod jednu větší síť /23. V konkrétně tomto případě pak pod /23 nebo 255.255.254.0 schovám síť která začíná na 192.168.0.0 a končí 192.168.1.255. stejně pod /22 schován sít začínající ..0.0 a končící 3.255. Na internetu lze další příklady hledat pod pojmy jako subnetting nebo suppernetting
"Maska 255.255.255.254 není platná, protože uvnitř takového subnetu by se nacházelo 0 uzlů"
tohle uz taky neni uplne pravda, protoze maska 255.255.255.254 neboli /31 se pouziva na point to point spoje. Tam staci s prehledem 2 adresy, takze vse ostatni by bylo plytvanim ;-)
\"Subnet /20 může obsahovat až 4096 adres uzlů.\"
Ak tomu správne rozumiem, tak len 4096 - 2 uzlov.
respond to [12]...: Máte pravdu, 4096 je počet všech adres, 4094 je použitelný počet uzlů.
I dnes super článek.... díky;-)
Začínající administrátor moc děkuje za vysvětlení této problematiky <3
zdravim
Ve starších dobách se nesměli
správně se píše "se nesměly"