230 likes | 273 Views
Subnetting. CSIS 3723. Why Subnet?. We need to create some logic to the environment We want to keep like devices together We want to make money leasing the use of the space Security. Public Versus Private.
E N D
Subnetting CSIS 3723
Why Subnet? • We need to create some logic to the environment • We want to keep like devices together • We want to make money leasing the use of the space • Security
Public Versus Private • When designing the Internet it was decided that not all devices would need or want to be addressable from the Internet but the will still need to communicate using the network • Because of this private address space was created • These addresses are not accessible from the Internet without the network administrator doing something to give them a Internet address (NAT) • These addresses can be accessible in your intranet (corporate space)
Public Versus Private • RFC 1918 defines these • 10.0.0.0 - 10.255.255.255 (10.0.0.0/8) • 172.16.0.0 – 172.31.255.255 (172.16.0.0/12) • 192.168.0.0 – 192.168.255.255 (192.168.0.0/16) • These are the IP address spaces that can be used internally in an enterprise
Public Versus Private • RFC states a “link local” block • 169.254.0.0 – 169.254.255.255 (169.254.0.0/16) • To be used when a device can not get an IP address through DHCP • Also reserves lowest Class B • 128.0.0.0 -128.0.255.255 (128.0.0.0/16) • Not able to be used under old class system but can be assigned to someone • Also defines loop back space (RFC 1700) • 127.0.0.0 – 127.255.255.255 (127.0.0.0/8) • Used for a machine to communicate internally • Also defines multicast address space (RFC 5771) • 224.0.0.0 – 239.255.255.255 (224.0.0.0/4) • So you should never use these IP address spaces!
And You Should NEVER Just Pick an IP Space 150.134.10.0/24 Internet 150.134.10.10 150.134.10.0/24 192.168.1.0/24 150.134.10.30 192.168.1.12
How does subnetting work? • What are the IP addresses for the subnet 192.168.0.0/24? • 192.168.0.0 through 192.168.0.255 • Anything after the 24th most significant bit can change and be in the same subnet 11000000 10101000 00000000 00000000 11000000 10101000 00000000 11111111
How We Use CIDR • We use the CIDR as a binary number • Every most significant bit is a one the rest are zero • So a /24 would be: 11111111 11111111 11111111 00000000 Subnet Mask 255 255 255 00000000
What would subnet mask be for /20? 128 64 32 16 8 4 2 1 11111111 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255 11111111 11111111 11110000 00000000 255 255 240 00000000
Lets Look at What Happens Network 192 168 0 0 /24 Destination Address 192 168 0 138 IP Address 11000000 10101000 00000000 10001010 Subnet Mask 11111111 11111111 11111111 00000000 Logical AND 11000000 10101000 00000000 00000000 11000000 10101000 00000000 00000000 Network Bitwise AND is used. Logical AND is done on each bit between the IP address and the subnet mask. If the result matches the network it is in the same subnet Logical AND 0 0 0 1 1 0 1 1 0 0 0 1
Lets Look at What Happens Network 192 168 0 0 /24 Destination Address 150 134 10 28 IP Address 10010110 10000110 00001010 00011100 Subnet Mask 11111111 11111111 11111111 00000000 Logical AND 10010110 10000110 00001010 00000000 11000000 10101000 00000000 00000000 Network No match different subnet
More on Subnet • If we look at just one octet we see a pattern
More on Subnet 192 168 10 0 /24 If I start with: This is the last octet: If we change it to: We would get two networks: 192 168 10 0 /25 192 168 10 128 /25
Let look Why Lets look at what happens when the number change in the last octet Mask Last Octet of IP address 10000000 00000001 First Subnet 00010010 As long as this bit does not become a one in the IP address it is in the first subnet 01011010 10010100 Second Subnet 10010100 10010100
It Does Not Have To Be In The Same Octet What if an ISP owns a block of IP addresses like: ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 If I had 8 customers that want to buy subnets how could I change the subnet mask to get 8 subnets? 11001000 00010111 00010000 00000000 200.23.16.0/20 11001000 00010111 00010000 00000000 Each place I move I get a multiple of two
It Does Not Have To Be In The Same Octet 11001000 00010111 00010000 00000000 To get 8 in binary I would need 3 binary numbers 4 2 1 111 4 + 2 + 1 = 7 ??? We start count from zero
It Does Not Have To Be In The Same Octet ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23 ... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23
It Does Not Have To Be In The Same Octet What if I needed 11 subnets??? ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/24 Organization 1 11001000 00010111 00010001 00000000 200.23.17.0/24 Organization 2 11001000 00010111 00010010 00000000 200.23.18.0/24 ... ….. …. …. Organization 16 11001000 00010111 00011111 00000000 200.23.31.0/24 We need to create 16 subnets to get 11
It Does Not Have To Be In The Same Octet What if I needed subnets that can have 56 hosts??? ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Where can we move from the right to get a number larger the 56 ??? 128 64 32 16 8 4 2 1 11111111 32 + 16 + 8 + 4 + 2 + 1 = 63 (plus one for zero) is 64
It Does Not Have To Be In The Same Octet What if I needed subnets that can have 56 hosts??? ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 0001000000000000 200.23.16.0/26 Organization 1 11001000 00010111 0001000001000000 200.23.16.64/26 Organization 2 11001000 00010111 0001000010000000 200.23.16.128/26 ... ….. …. …. Organization 64 11001000 00010111 0001111111000000 200.23.31.192/26 We need to create 64 subnets each having 64 IP addresses
Do We Get 64 Usable IP addresses • On the subnet 200.23.16.0/26 • We only get 61 usable IP address • One is used for the network • 200.23.16.0 not used • One must be used for the router interface on the subnet • 200.23.16.1 is usual used as the router IP address but does not have to (could be 200.23.16.62 or any other host IP address) • One must be used for the broadcast address • Is always the last IP address in the subnet (200.23.16.63)