rIntroduction to Network Administration

Overview of Networking Concepts

Computer Network
A computer network consists of two or more computing devices that are connected in order to share the components of your
network (its resources) and the information stored.

DHCP
Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard that reduces the complexity and administrative overhead
of managing network client IP address configurations by automating the assignment of IP addresses.

DNS
Domain Name System (DNS), in computer communications, is a method of translating Internet addresses so that computers
connected in the Internet can find each other. A DNS server translates a numerical address assigned to a computer (such as
207.46.228.91) into a sequence of words, and vice versa.
Network
Techniques, physical connections, and computer programs used to link two or more computers. Network users are able to
share files, printers, and other resources; send electronic messages; and run programs on other computers.

NOS
A network operating system (NOS) is an operating system that includes software to communicate with other computers by
means of a network. This allows such resources as files, application programs, and printers to be shared between computers.

Protocol
A set of established standards for data transfer that enables computers to communicate with each other

RAS
Remote Access Service (RAS) is a technology that permits remote users to log on to and use a corporate network.

VoIP
Voice over IP (VoIP) is a technology that enables voice communications (telephony) over the Internet.

WINS
Windows Internet Name Service (WINS) is the name resolution system used for Microsoft Windows NT® Server 4.0 and
earlier Microsoft operating systems.

Network Plan
Networking computers first and tracking the connections later can quickly become confusing and unmanageable as you try to
find which computer communicates with and shares resources with which other computers. Before you even connect your
first computers together, you should have a plan.

Introduction and IP Page 1

A network plan is a formally created product that shows all the network’s components and the planned connections between
them. Such a plan is also used to manage the various types of information. Your plan should show what types of
information are stored where, and who is allowed to use each type.
Your network plan should help you manage the information gathered, stored, and shared between
your users.

A networking plan could tell you that as specific types of sensitive data (like medical, personal, or payroll information) are
gathered or grouped, they should be stored higher in the hierarchical structure (ranked from most sensitive to least sensitive),
and this can save you time in the end. That plan should specify that the access requirements are stricter for sensitive data and
reduce the number of people able to use specific types of information.

The distribution side of the networking plan should spell out that the more an individual has access to the data in storage, the
less they should be able to share groups of information entrusted to them. For example, you may not mind sharing your first
name, but you would probably object to an instructor openly distributing all information in your school records to anyone
requesting it.
The network plan should also capture the hierarchy of information-that is how information may be organized in the order of
importanceyuyuuj

Network Components
A typical network consists of hardware: including cabling, routers, switches, hubs, physical servers, and other components,
and the software or firmware that controls the manner in which the hard components are utilized: the server, the client, the
operating systems and other applications.
A network consists of the infrastructure components through which computer systems and shared peripherals communicate
with each other. It is the most basic level of an IT infrastructure. Without network facilities, there is no infrastructure, just a
collection of individual computers.
Each of these components requires routine monitoring or maintenance to achieve negotiated operating levels. Components
are occasionally subject to fault or error, and they may be eventually replaced or upgraded to meet business demand. To
understand the processes required to operate the network, it is appropriate to briefly review the network components
themselves.

Hardware Components
The hardware layer of a network may be extensive, typically including the following components:
•
Cabling
•
Network adapters/network interface cards (NICs)
•
Hubs
•
Switches
•
Routers
•
Content switching
•
Wireless access points
•
Firewalls
These components may be supplied through a variety of vendors. In fact, depending on the degree of standardization to
which an IT organization subscribes, individual component categories—routers, for example—may be obtained from
multiple vendors. The product documentation accompanying these components generally describes their installation and
configuration in detail.

Introduction and IP Page 2

Software Components
As described above, many network hardware components contain firmware that may require initial configuration according
to the manufacturer’s recommendations. For example, network devices typically are configured either through a firmware-
based HTML interface, which is accessed by an Internet browser that is pointed to the device’s specific IP address, or through
a telnet session.
For networks operating on Microsoft Windows Server, there are several software components in the network as well. These
services include DNS, WINS, and DHCP. Each of these components provides basic functionality within the network and is
critical to the availability of higher-order services. In many networks, Remote Access Service (RAS) is also a highly used
network component. Maintaining these components is a necessary part of network administration.

OSI Reference Model

In the networking model described by Open Systems Interconnection (OSI), the typical IT infrastructure is constructed in
layers, from basal components that are used by all services at the bottom of the stack, to specialized applications at the top.
The layers making up the OSI stack are (from the top, down):
1. Application
2. Presentation
3. Session
4. Transport
5. Network
6. Link (Data Link)
7. Physical
Network administration is typically involved with the first three layers of the stack, which mostly consist of hardware. There
is some overlap between network and system administration at the transport level, which includes the linking and networking
protocols that enable the transfer of data from one point to another.
The management of such services as DNS, WINS, and DHCP provides the basic name resolution services required by fully
featured IT services. Depending upon the organization, these core services may also be included as network service functions.
Since DNS, WINS, and DHCP run on servers, network servers are sometimes included among the hardware components
managed by the Network Administrators.
Network servers, such as DNS and WINS, require basic maintenance operations such as health monitoring (Service
Monitoring and Control). In organizations running Microsoft Active Directory® directory service, there may be overlap in
the processes applied to manage Active Directory itself and DHCP, which is tightly integrated with it.
Upgrading network components is an intrinsic part of proactive network operations. These changes are controlled through the
Change Management, Configuration Management, and Release Management. Similarly, although resolving user outages or
other issues is part of Incident Management, troubleshooting network-related issues is typically a specialty task that occurs
within the Network Administration.

Network Processes
IT specialists recognize that their typical network-related workload is divided into three major categories.
 Changing the network
 Maintaining the network
 Supporting the network

Introduction and IP Page 3

Changing the network infrastructure:
This involves the deploying of new network segments or the reconfiguration of hardware or network services in some way. u
Established networks may require change for a variety of reasons.
The expansion of a business into new facilities, the addition of staff, or the acquisition of subsidiaries may all trigger a need
to expand network facilities. Business demands may necessitate the upgrading of network facilities as well—for example,
increased corporate use of video or other digital media in the workplace may require upgrading to higher speed and
bandwidth networks. Sometimes new standards or vendor changes will require replacement or reconfiguration of network
hardware.
The following are some of the significant parts of the change management process:
• Communicating the change to the customer.
• Defining a roll-back plan.
• Completing a technical review of the proposed change.
• Convening the change advisory board (CAB) to approve the change.
• Capturing the pre-change configuration of the system.
Oi90ottiili,u • Validating the post-change configuration against the expected results.
• Testing the change to confirm that it meets desired functionality.

Maintaining a Network:
Network administrators must also maintain the infrastructure by monitoring its health and performing routine maintenance.
Operating the network infrastructure is largely a matter of monitoring its performance, evaluating that against expected
norms, and generating work items to troubleshoot if performance drops off.
Most hardware components within a network should operate without hands-on maintenance or intervention within the
manufacturer’s specifications for mean time between failure and other performance criteria.
The server-based components of the network do require periodic attention, however. These components require regular
backups, where applicable, and evaluations of storage or capacity requirements.
Supporting a Network:
Network support operations involve the troubleshooting of outages or other performance issues, which sometimes leads to
necessary changes in the infrastructure.
Network support is closely aligned with activities in Incident Management and Problem Management. Through the incident
resolution process, IT networking specialists correct network errors, develop workarounds, and prevent or mitigate
impending network issues.
The following section describes the network-specific processes for troubleshooting:
Network Troubleshooting
No matter how well a system has been designed or operated, there will always be issues that occur that will affect the
network; from hardware failures to user errors. Since many applications and services depend on network availability, the
pressure on the network administrators when a network component fails is significant. For this reason, it is crucial that
network troubleshooting techniques and tools be familiar to all those who provide support.
Network troubleshooting is performed by a special team of experts called a resolver group.

Troubleshooting Methodology

Introduction and IP Page 4

Having a plan of action is one of the key requirements in troubleshooting a network incident. Many of the incidents handled
are likely to be user issues involving non-network errors, such as improper use of software or workstation setup. On the
occasion that an administrator confronts what appears to be a truly network-related issue, he or she should follow an
established troubleshooting procedure.
The following steps provide a recommended model for effective network troubleshooting:
1. Establish the symptoms.
2. Identify the affected area.
3. Establish what has changed.
4. Select the most probable cause.
5. Implement a solution.
6. Test the results.
7. Recognize the potential effects of the solution.
8. Document the solution.
The process followed may vary slightly or may be performed in a slightly different order, but the overall process should
contain all of the listed procedures. The following sections examine each of these steps.
Establishing the Symptoms
The first step in troubleshooting a network incident is to determine exactly what is going wrong and to note the effect of the
incident on the network. This evaluation provides the administrator with sufficient knowledge to assign a priority to the
incident. In a large network environment, there are often many more calls for support than the network support staff can
handle at one particular time. Therefore, it is essential to establish a system of priorities that dictates which calls get
addressed first. As in the emergency department of a hospital, the priorities should not necessarily be based on who is first in
line. More often, it is the severity of the incident that determines who gets attention first, although it is usually not wise to
ignore the political reality that senior management incidents frequently are addressed before those of the rank and file.
The following guidelines may assist in establishing incident resolution priorities:
• Shared resources take precedence over individual resources. An incident involving a server or other network component
that prevents many users from working must take precedence over one that affects only a single user.
• Network-wide incidents take precedence over workgroup or departmental incidents. Resources that provide services to the
entire network, such as e-mail servers, should be considered before departmental resources, such as file and print servers.
• Rate departmental issues according to the function of the department. Incidents involving resources belonging to a
department that is critical to the organization, such as order entry or customer service call centers, should take precedence
over departments that can better tolerate a period of downtime, such as research and development.
• System-wide incidents take precedence over isolated incidents. An incident that puts an entire computer out of commission,
preventing a user from getting any work done, should take precedence over an issue a user is experiencing with a single
device or application.
Part of the process of narrowing down the cause of a particular incident involves obtaining accurate information about what
has occurred. Users are often vague about what they were doing when they experienced the incident, or even what the
indications of the error or issue were. For example, in many cases, users call the help desk because they received an error
message, but they neglect to write down the wording of the message. Persistent but subtle training of users in the proper
procedures for documenting and reporting incidents is also part of the network support technician’s job.
Asking questions such as the following can help determine the cause of an incident:
• What exactly were you doing when the incident occurred?
• Have you had any other incidents?
• Was the computer behaving normally just before the incident occurred?
• Has any hardware or software been installed, removed, or reconfigured recently?
• Did you (or anyone else) do anything to try to resolve the incident? What did you do?

Introduction and IP Page 5

Identifying the Affected Area
The next step in assessing the nature of the incident is to attempt to duplicate it. Network incidents that you can easily
duplicate are far easier to fix, primarily because they can be tested to see if the repair was successful. However, there are
many types of network incidents that are intermittent or that might occur for only a short period of time. In these cases, the
incident may be left open until it occurs again. In some instances, having the user reproduce the incident can lead to the
solution. User error is a common cause of incidents that can seem to be hardware- or network-related to the inexperienced
user.
Once the incident has been duplicated, the actual source may be determined. If, for example, a user has trouble opening a file
in a word processing application, the difficulty might lie in the application, the user’s computer, the file server where the file
is stored, or any of the networking components in-between. The process of isolating the location of the incident consists of
eliminating the elements that are not the cause, in a logical and methodical manner. In an incident such as this, only a limited
number of possible causes are network-related.
If it is possible to duplicate the incident, isolation of the cause may be initiated by reproducing the conditions under which the
incident occurred, using a procedure such as the following:
1. Have the user reproduce the incident on the computer repeatedly to determine whether the user’s actions are triggering
the error.
2. Attempt to reproduce the incident by duplicating the user task. If the incident does not occur, the cause might be in how
the user is performing a particular task. Check the user’s procedures carefully to see if he or she is doing something
wrong. It is entirely possible that the resolver and the user perform the same task in different ways and that the user’s
method is exposing an incident that the resolver’s doesn’t.
3. If the incident recurs upon performing the task, log off from the user’s account, log on using an account with
administrative privileges, and repeat the task. If the incident does not recur, it is probably the result of the user not
having the rights or permissions needed to perform the task.
4. If the incident recurs, try to perform the same task on another, similarly equipped computer connected to the same
network. If the incident can’t be reproduced on another computer, the cause likely lies in the user’s computer or its
connection to the network. If the incident does recur on another computer, it is likely a network incident, either in the
server that the computer was communicating with or the hardware that connects the two.
If the incident lies somewhere in the network and not in the user’s computer, the resolver can then begin the process of
isolating the area of the network that is the source of the incident. For example, if the incident is reproduced on another
nearby computer, then begin performing the same task on computers located elsewhere on the network. Again, proceed
methodically and document the results. For example, try to reproduce the incident on another computer connected to the
same hub, and then on a computer connected to a different hub on the same LAN. If the incident occurs throughout the LAN,
try a computer on a different LAN. Eventually, the source of the incident should be traced to a particular component, such as
a server, router, hub, or cable. A configuration management database (CMDB) should have an accurate representation of all
the dependencies in the IT infrastructure and can be an invaluable tool in determining root cause.
Establishing What Has Changed
When a computer or other network component that previously worked properly now does not, it is logical to assume that
some change has occurred. When a user reports an incident, one of the most important pieces of information the network
troubleshooter can gather is how the computing environment changed immediately prior to the malfunction. Unfortunately,
getting this information from the user can often be difficult. The response to the question “Has anything changed on the

Introduction and IP Page 6

computer recently?” is nearly always “No,” and it’s only some time later that the user remembers to mention that a major
hardware or software upgrade was performed just prior to the incident’s occurrence. On a network with a properly established
CMDB, it should be easy to determine if any upgrades or modifications to the user’s computer have been made recently. The
CMDB is the first place to look for information like this.
Major changes, such as the installation of new hardware or software, are obvious possible causes of network incidents, but
the network troubleshooter must be aware that more subtle changes can cause incidents as well. For example, an increase in
network traffic levels, as disclosed by a protocol analyzer, can be a contributing cause of a reduction in network performance.
Occasional incidents noticed by several users of the same application, cable segment, or LAN can indicate the existence of a
fault in a network component. Tracking down the source of a networking incident can often be a form of detective work, and
learning to “interrogate” your “suspects” properly can be an important part of the troubleshooting process.
Selecting the Most Probable Cause
There’s an old medical school axiom that states, “When you hear hoofbeats, think horses, not zebras.” In the context of
network troubleshooting, this means that when searching for possible causes of an incident, begin with the obvious. For
example, if a workstation is unable to communicate with a file server, don’t start by checking the routers between the two
systems; check the simple things on the workstation first, such as whether the network cable is plugged into the computer.
The other important part of the process is to work methodically and document everything investigated in order to avoid
duplication of efforts.
Implementing a Solution
After the source of the incident has been isolated to a particular piece of equipment, proceed to determine if the error is
caused by hardware or software. If it is a hardware incident, an option is to replace the unit that is at fault or try using an
alternate. Communication incidents, for example, might require replacing network cables until the faulty one is found. If the
incident is in a server, replacement of components, such as hard drives, might be performed until the faulty component is
identified. If the incident is caused by software, try running an application or storing data on a different computer, or
reinstalling the software on the offending system.
In some cases, the process of isolating the source of an incident also resolves the incident. If, for example, the incident
investigation involves replacing network patch cables until the faulty one is located, then replacing the bad cable is also the
resolution of the incident. In other cases, however, the resolution might be more involved, such as having to reinstall a server
application or operating system. Because other users might need to access that server, resolution of the incident may require
deferral until a later time when the network is not in use and the server has been backed up. In some cases, outside help, such
as a contractor to pull new cables, may be required. This can require careful scheduling to avoid having the contractor’s work
conflict with user and operator activities. Sometimes an interim solution or workaround, such as providing a substitute
workstation or server, may be indicated until the incident can be resolved definitively.
Testing the Results
After resolving the incident, return to the very beginning of the process and repeat the task that originally caused the incident.
If the incident no longer occurs, test the other functions related to the changes made to ensure that in fixing one incident,
another hasn’t been created. It is at this point that the time spent documenting the troubleshooting process becomes
worthwhile. Exactly repeat the procedures used to duplicate the incident to ensure that the incident the user originally
experienced has been completely eliminated, and not just temporarily masked. If the incident was intermittent to begin with,
it may take some time to ascertain if the incident resolution has been effective. The user may need to be queried several times
to make sure that the incident is not recurring.

Introduction and IP Page 7

Recognizing the Potential Effects of the Solution
It is important, throughout the troubleshooting process, to stay cognizant of the network as an entity and not focus too closely
on the incidents experienced by one user (or application, or LAN). It is sometimes possible, while implementing a solution to
one incident, to create another that is more severe or that affects more users. For example, if users on one LAN are
experiencing high traffic levels that diminish their workstation performance, a possible remedy is to connect some of their
computers to a different LAN. However, although this solution might help the users originally experiencing the incident, you
might overload another LAN in the process, causing another incident that is more severe than the first one. A better solution
might be to create an entirely new LAN and move some of the affected users over to it.
Documenting the Solution
Although it is presented here as a separate step, the process of documenting incident resolution actions should begin as soon
as the user calls for help. A well-organized network support organization should have an incident management system in
place in which each incident is registered and contains a complete record of the issue and the steps taken to isolate and
resolve it. In many cases, a technical support organization operates using tiers, which are groups of technicians of different
skill levels. Calls come in to the first tier; and if the incident is sufficiently complex or the first-tier technician is unable to
resolve it, the call is escalated to the second tier, which is composed of senior technicians. As long as everyone involved in
the process documents his or her activities, there should be no incident where one technician hands off the ticket to another.
In addition, keeping careful notes prevents people from duplicating each other’s efforts. For a more detailed explanation of
this process, refer to the Incident Management SMF document.
Roles and Responsibilities
The principal roles and their associated responsibilities for network administration have been defined according to industry
best practices. Organizations might need to combine some roles depending on organizational size, organizational structure,
and the underlying service level agreements existing between the IT department and the business it serves.
It is important to note that these are roles, and not job descriptions. A small organization may have one person perform
several roles, while a large organization may have a team of people for each role. The specific responsibilities associated with
each role are summarized below.

Network Manager
The network manager is responsible for providing network communications services for IT applications and services. Since
networking is critical to so many types of applications, network managers are usually under significant pressure to maintain
and improve the data communications infrastructure. As a result, the network manager must participate in IT design changes,
monitor the existing infrastructure, and repair the infrastructure when it fails.
Often the network manager will be assisted by junior network technicians and network support technicians in the
performance of his or her duties.
The main responsibilities for a Network Manager include:
 Managing the data communications needs of the company.
 Manages the physical network infrastructure, including wired and wireless local area network (LAN).
 Manages infrastructure servers: Active Directory, WINS, DNS, DHCP, Proxy, RAS, and Internet Security and
Acceleration (ISA) Server.
 Manages the acquisition of new network hardware as required.
 Participates in network planning, design, development, deployment, and modification.

Introduction and IP Page 8

  Monitors and controls service levels of network suppliers.
 Liaises with the Service Monitoring and Control SMF to establish a list of monitored network activities.
 Ensures that data communication within the company is reliable and of sufficient capacity to meet business needs.
 Provides physical connections to the corporate LAN as required.
 Ensures that data communications packets are routed efficiently.
 Provides regular feedback on network performance, both in general and against specific service levels.
 Provides access to the corporate network via dial-up or virtual private network (VPN) as required.
 Monitors bandwidth use, analyzes traffic patterns and volumes, and determines impact/implications of issues.
 Ensures security standards are upheld.

Network Technician
The network technician works closely with the network manager. In fact, the network technician performs the routine
monitoring of the network on behalf of the network manager. The network technician is the person who actually performs site
installations as directed by the network manager.
The main responsibilities for a Network Technician include:
 Monitors and controls service levels of network suppliers.
 Ensures detection of alerts from the network infrastructure.
 Provides physical connections to the corporate LAN as required.
 Ensures that data communications packets are routed efficiently.
 Provides regular feedback on network performance, both in general and against specific service levels.
 Monitors bandwidth use, analyzes traffic patterns and volumes, and determines impact/implications of issues.
 Ensures security standards are upheld.

Network Support Technician

The network support technician works closely with the network manager, incident manager, and problem manager. The
network support technician is responsible for resolving incidents on the network, identifying problems and errors, and
establishing workarounds to restore network operation.
The main responsibilities for a Network Support Technician include:
 Handles service requests.
 Monitors incident details, including the configuration items affected.
 Investigates and diagnoses incidents and problems (including resolution where possible).
 Detects possible problems and notifies problem management.
 Documents the resolution and recovery of assigned incidents.
 Acts as a restoration team member, if required, during major incidents.
 Carries out actions in order to correct known errors.

Network Security Technician

The network security technician is responsible for implementing standards and policies that secure the data and voice
networks from internal and external threats. These standards and policies are incorporated into the network design and may

Introduction and IP Page 9

include data encryption, encapsulation, and certification. All of these design characteristics must typically be applied to
ensure data confidentiality, integrity, and availability.
The main responsibilities for a Network Security Technician include:
 Performs monitoring and analysis of intrusion detection and other security breaches.
 Maintains access list.
 Performs firewall maintenance.

Voice Communications Technician

Voice communications and data communications are becoming more closely related every day. In fact, most voice traffic is
currently converted to data at some point in its transfer to the receiver, and voice-over-IP (VoIP) telephones are becoming
increasingly common.
The voice communications technician is responsible for providing voice communications services for business personnel and
IT applications. This can include providing telephones to the desktop or modems for dial-up computer access.
The voice communications technician is also responsible for installing and maintaining the interactive voice response (IVR)
and predictive dialing systems that a company may have in place for its call centers and service desks.
The main responsibilities for a Voice Communications Technician include:
 Ensures that the communications infrastructure is in place and in good working order.
 Installs and maintains telephones, voice mail, and other communications equipment.
 Installs and maintains private branch exchange (PBX) systems.
 Installs modem banks for in-bound dial-up network and virtual private networks.
 Installs and maintains in-bound interactive voice response (IVR) systems.
 Installs and maintains outbound predictive dialing systems.

Outsourcing Manager
The outsourcing manager works with the network manager and the security manager to identify and mitigate potential
security risks associated with suppliers and vendors.
The main responsibilities for a Outsourcing Manager include:
 Evaluates partner offerings for applicability to need.
 Negotiates and manages costs associated with partnerships.
 Determines which partners will be the primary source of service and which will be the secondary or backup partners.
 Manages IT procurement and purchasing functions.
 Monitors the performance of provider services.
 Works with the partner to optimize performance.
 Assesses and minimizes any security risks that a supplier poses.
 Audits a supplier for security compliance.
 Creates contingency plans in the event that one or more partners fail to meet their contractual obligations.

Security Compliance Auditor

Introduction and IP Page 10

The security compliance auditor works with the network manager and the security manager to audit network security efforts
and evaluate risks identified as a result of the audit.
The main responsibilities for a Security Compliance Auditor include:
 Audits the efforts of the various security technicians associated with the network to ensure compliance with the
standards set by the security manager.
 Evaluates risks to the enterprise identified as a result of the security audit.
IP Addressing and subnets:

Each TCP/IP host is identified by a logical IP address. The IP address identifies a system’s location on the network in the
same way a street address identifies a house on a city block. Just as a street address must identify a unique residence, an IP
address must be globally unique and have a uniform format.
Each IP address includes a network ID and a host ID.
 The network ID (also known as a network address) identifies the systems that are located on the same physical network
bounded by IP routers. All systems on the same physical network must have the same network ID. The network ID must
be unique to the internetwork.
 The host ID (also known as a host address) identifies a workstation, server, router, or other TCP/IP host within a
network. The address for each host must be unique to the network ID.
Note: The use of the term network ID refers to any IP network ID, whether it is class-based, a subnet, or a supernet.
An IPv4 address is 32 bits long. The 32 bits of the IP address are divided into four 8-bit fields called octets. Each octet is
converted to a decimal number in the range 0-255 and separated by a period (a dot). This format is called dotted decimal
notation. The following table provides an example of an IP address in binary and dotted decimal formats.
Table 1: Example of an IP address in binary and dotted decimal format
Binary Format Dotted Decimal Notation
11000000 10101000 00000011 192.168.3.24
00011000
The notation w.x.y.z is used when referring to a generalized IP address and shown in figure below.
Address Classes

The Internet community originally defined five address classes to accommodate networks of varying sizes. Microsoft TCP/IP
supports class A, B, and C addresses assigned to hosts. The class of address defines which bits are used for the network ID
and which bits are used for the host ID. It also defines the possible number of networks and the number of hosts per network.
Class A
Class A addresses are assigned to networks with a very large number of hosts. The high-order bit in a class A address is
always set to zero. The next seven bits (completing the first octet) complete the network ID. The remaining 24 bits (the last
three octets) represent the host ID. This allows for 126 networks and 16,777,214 hosts per network. The figure below

Introduction and IP Page 11

illustrates the structure of class A addresses.

Class B
Class B addresses are assigned to medium-sized to large-sized networks. The two high-order bits in a class B address are
always set to binary 1 0. The next 14 bits (completing the first two octets) complete the network ID. The remaining 16 bits
(last two octets) represent the host ID. This allows for 16,384 networks and 65,534 hosts per network. Figure 5 illustrates the

structure of class B addresses.

Class C
Class C addresses are used for small networks. The three high-order bits in a class C address are always set to binary 1 1 0.
The next 21 bits (completing the first three octets) complete the network ID. The remaining 8 bits (last octet) represent the
host ID. This allows for 2,097,152 networks and 254 hosts per network. Figure 6 illustrates the structure of class C

addresses.
Class D
Class D addresses are reserved for IP multicast addresses. The four high-order bits in a class D address are always set to
binary 1 1 1 0. The remaining bits are for the address that interested hosts will recognize. Microsoft supports class D
addresses for applications to multicast data to multicast-capable hosts on an internetwork.

Class E
Class E addresses are experimental addresses reserved for future use. The high-order bits in a class E address are set to 1 1 1
1.
Table 2 is a summary of address classes A, B, and C that can be used for host IP addresses.
Table 2 IP address class summary

Introduction and IP Page 12

 Class Value for Network Host ID Available Hosts per
w1 ID Portion Portion Networks Network
A 1–126 W x.y.z 126 16,777,214
B 128–191 w.x y.z 16,384 65,534
C 192–223 w.x.y Z 2,097,152 254

The class A address 127.x.y.z is reserved for loopback testing and interprocess communication on the local computer.

Network ID Guidelines:
The network ID identifies the TCP/IP hosts that are located on the same physical network. All hosts on the same physical
network must be assigned the same network ID to communicate with each other.

Follow these guidelines when assigning a network ID:

 The network address must be unique to the IP internetwork. If you plan on having a direct routed connection to the
public Internet, the network ID must be unique to the Internet. If you do not plan on connecting to the public Internet, the
local network ID must be unique to your private internetwork.
 The network ID cannot begin with the number 127. The number 127 in a class A address is reserved for internal
loopback functions.
 All bits within the network ID cannot be set to 1. All 1’s in the network ID are reserved for use as an IP broadcast
address.
 All bits within the network ID cannot be set to 0. All 0’s in the network ID are used to denote a specific host on the local
network and will not be routed.
Table 3 lists the valid ranges of network IDs based on the IP address classes. To denote IP network IDs, the host bits are all
set to 0. Note that even though expressed in dotted decimal notation, the network ID is not an IP address.
Table 3 Class ranges of network IDs
Address Class First Network ID Last Network ID
Class A 1.0.0.0 126.0.0.0
Class B 128.0.0.0 191.255.0.0
Class C 192.0.0.0 223.255.255.0

Host ID Guidelines
The host ID identifies a TCP/IP host within a network. The combination of IP network ID and IP host ID is an IP address.
Follow these guidelines when assigning a host ID:
 The host ID must be unique to the network ID.
 All bits within the host ID cannot be set to 1, because this host ID is reserved as a broadcast address to send a packet to
all hosts on a network.
 All bits in the host ID cannot be set to 0, because this host ID is reserved to denote the IP network ID.
Table 4 lists the valid ranges of host IDs based on the IP address classes.
Table 4 Class ranges of host IDs
Address Class First Host ID Last Host ID
Class A w.0.0.1 w.255.255.254
Class B w.x.0.1 w.x.255.254
Class C w.x.y.1 w.x.y.254

Introduction and IP Page 13

Subnets and Subnet Masks:
The Internet Address Classes were designed to accommodate three different scales of IP internetworks, where the 32 bits of
the IP address are apportioned between network IDs and host IDs depending on how many networks and hosts per network
are needed. However, consider the class A network ID, which has the possibility of over 16 million hosts on the same
network. All the hosts on the same physical network bounded by IP routers share the same broadcast traffic; they are in the
same broadcast domain. It is not practical to have 16 million nodes in the same broadcast domain. The result is that most of
the 16 million host addresses are not assignable and are wasted. Even a class B network with 65 thousand hosts is impractical.
In an effort to create smaller broadcast domains and to better utilize the bits in the host ID, an IP network can be subdivided
into smaller networks, each bounded by an IP router and assigned a new subnetted network ID, which is a subset of the
original class-based network ID.
This creates subnets, subdivisions of an IP network each with their own unique subnetted network ID. Subnetted network IDs
are created by using bits from the host ID portion of the original class-based network ID.
Consider the example in the following Figure. The class B network of 139.12.0.0 can have up to 65,534 nodes. This is far too
many nodes, and in fact, the current network is becoming saturated with broadcast traffic. The subnetting of network
139.12.0.0 should be done in such a way so that it does not impact, nor require, the reconfiguration of the rest of the IP
internetwork.

Figure: Network 139.12.0.0 before subnetting

Network 139.12.0.0 is subnetted by utilizing the first 8 host bits (the third octet) for the new subnetted network ID. When
139.12.0.0 is subnetted, as shown in figure below, separate networks with their own subnetted network IDs (139.12.1.0,
139.12.2.0, 139.12.3.0) are created. The router is aware of the separate subnetted network IDs and will route IP packets to the
appropriate subnet.
Note that the rest of the IP internetwork still regards all the nodes on the three subnets as being on network 139.12.0.0. The
other routers in the IP internetwork are unaware of the subnetting being done on network 139.12.0.0, and therefore require no

reconfiguration.

Figure : Network 139.12.0.0 after subnetting

Introduction and IP Page 14

A key element of subnetting is still missing. How does the router who is subdividing network 139.12.0.0 know how the
network is being subdivided and which subnets are available on which router interfaces? To give the IP nodes this new level
of awareness, it must be told exactly how to discern the new subnetted network ID regardless of Internet Address Classes. To
tell an IP node exactly how to extract a network ID, either class-based or subnetted, a subnet mask is used.

Subnet Masks
With the advent of subnetting, one can no longer rely on the definition of the IP address classes to determine the network ID
in the IP address. A new value is needed to define which part of the IP address is the network ID and which part is the host
ID, regardless of whether class-based or subnetted network IDs are being used.
RFC 950 defines the use of a subnet mask (also referred to as an address mask) as a 32-bit value which is used to distinguish
the network ID from the host ID in an arbitrary IP address. The bits of the subnet mask are defined as:
 All bits that correspond to the network ID are set to 1.
 All bits that correspond to the host ID are set to 0.
Each host on a TCP/IP network requires a subnet mask even on a single-segment network. Either a default subnet mask,
which is used when using class-based network IDs, or a custom subnet mask, which is used when subnetting or supernetting,
is configured on each TCP/IP node.
Dotted Decimal Representation of Subnet Masks:
Subnet masks are frequently expressed in dotted decimal notation. Once the bits are set for the network ID and host ID
portion, the resulting 32-bit number is converted to dotted decimal notation. Note that even though expressed in dotted
decimal notation, a subnet mask is not an IP address.
A default subnet mask is based on the IP address classes and is used on TCP/IP networks that are not divided into subnets.
Table 5 lists the default subnet masks using the dotted decimal notation for the subnet mask.
Table 5 Default subnet masks in dotted decimal notation
Address Bits for Subnet Mask Subnet
Class Mask
Class A 11111111 00000000 00000000 255.0.0.0
00000000
Class B 11111111 11111111 00000000 255.255.0.
00000000 0
Class C 11111111 11111111 11111111 255.255.25
00000000 5.0

Custom subnet masks are those that differ from the above default subnet masks when doing subnetting or supernetting. For
example, 138.96.58.0 is an 8-bit subnetted class B network ID. Eight bits of the class-based host ID are being used to express
subnetted network IDs. The subnet mask uses a total of 24 bits (255.255.255.0) to define the subnetted network ID. The
subnetted network ID and its corresponding subnet mask is then expressed in dotted decimal notation as:
138.96.58.0, 255.255.255.0
Network Prefix Length Representation of Subnet Masks:
Since the network ID bits must be always chosen in a contiguous fashion from the high order bits, a shorthand way of
expressing a subnet mask is to denote the number of bits that define the network ID as a network prefix using the network

Introduction and IP Page 15

prefix notation: /<# of bits>. Table 6 lists the default subnet masks using the network prefix notation for the subnet mask.
Table 6 Default subnet masks in network prefix notation
Address Bits for Subnet Mask Network
Class Prefix
Class A 11111111 00000000 00000000 /8
00000000
Class B 11111111 11111111 00000000 /16
00000000
Class C 11111111 11111111 11111111 /24
00000000

For example, the class B network ID 138.96.0.0 with the subnet mask of 255.255.0.0 would be expressed in network prefix
notation as 138.96.0.0/16.
As an example of a custom subnet mask, 138.96.58.0 is an 8-bit subnetted class B network ID. The subnet mask uses a total
of 24 bits to define the subnetted network ID. The subnetted network ID and its corresponding subnet mask is then expressed
in network prefix notation as:
138.96.58.0/24
Note Since all hosts on the same network must be using the same network ID, the ID must be defined by the same subnet
mask. For example, 138.23.0.0/16 is not the same network ID as 138.23.0.0/24. The network ID 138.23.0.0/16 implies a
range of valid host IP addresses from 138.23.0.1 to 138.23.255.254. The network ID 138.23.0.0/24 implies a range of valid
host IP addresses from 138.23.0.1 to 138.23.0.254. Clearly, these network IDs do not represent the same range of IP
addresses.

Determining the Network ID:

To extract the network ID from an arbitrary IP address using an arbitrary subnet mask, IP uses a mathematical operation
called a logical AND comparison. In an AND comparison, the result of two items being compared is true only when both
items being compared are true, otherwise, the result is false. Applying this principle to bits, the result is 1 when both bits
being compared are 1; otherwise, the result is 0.
IP takes the 32-bit IP address and logically ANDs it with the 32-bit subnet mask. This operation is known as a bit-wise logical
AND. The result of the bit-wise logical AND of the IP address and the subnet mask is the network ID.
For example, what is the network ID of the IP node 129.56.189.41 with a subnet mask of 255.255.240.0?
To obtain the result, turn both numbers into their binary equivalents and line them up. Then perform the AND operation on
each bit and write down the result.
10000001 00111000 10111101 00101001 IP Address
11111111 11111111 11110000 00000000 Subnet Mask
10000001 00111000 10110000 00000000 Network ID
The result of the bit-wise logical AND of the 32 bits of the IP address and the subnet mask is the network ID 129.56.176.0.
Subnetting:
While the conceptual notion of subnetting by utilizing host bits are straightforward, the actual mechanics of subnetting are a
bit more complicated. Subnetting is a three-step procedure:
1. Determine the number of host bits to be used for the subnetting.

Introduction and IP Page 16

 2. Enumerate the new subnetted network IDs.
3. Enumerate the IP addresses for each new subnetted network ID.

Step 1: Determining the Number of Host Bits

The number of host bits being used for subnetting determines the possible number of subnets and hosts per subnet. Before
you choose how many host bits, you should have a good idea of the number of subnets and hosts you will have in the future.
Using more bits for the subnet mask than required will save you the time of reassigning IP addresses in the future.
The more host bits that are used, the more subnets (subnetted network IDs) you can have—but with fewer hosts. If you use
too many host bits, it will allow for growth in the number of subnets, but will limit the growth in the number of hosts. If you
use too few hosts, it will allow for growth in the number of hosts, but will limit the growth in the number of subnets. For
example, Figure 9 illustrates the subnetting of up to the first 8 host bits of a class B network ID. If we choose one host bit for
subnetting, we obtain 2 subnetted network IDs with 16,382 hosts per subnetted network ID. If we choose 8 host bits for

subnetting, we obtain 256 subnetted network IDs with 254 hosts per subnetted network ID.
Figure: Subnetting a class B network ID
In practice, network administrators define a maximum number of nodes they want on a single network. Recall that all nodes
on a single network share all the same broadcast traffic; i.e. they reside in the same broadcast domain. Therefore, growth in
the amount of subnets is favored over growth in the amount of hosts per subnet.
Follow these guidelines to determine the number of host bits to use for subnetting.
1. Determine how many subnets you need now and will need in the future. Each physical network is a subnet. WAN
connections may also count as subnets depending on whether your routers support unnumbered connections.
2. Use additional bits for the subnet mask if:
– You will never require as many hosts per subnet as allowed by the remaining bits.
– The number of subnets will increase in the future, requiring additional host bits.
To determine the desired subnetting scheme, you will start with an existing network ID to be subnetted. The network ID to be
subnetted can be a class-based network ID, a subnetted network ID, or a supernet. The existing network ID will contain a
series of network ID bits which are fixed, and a series of host ID bits which are variable. Based on your requirements for the
number of subnets and the number of hosts per subnet, you will choose a specific number of host bits to be used for the
subnetting.
Tables 7 and 8, 9 shows the subnetting of a class A, B and C network ID respectively. Based on a required number of subnets,
and a maximum number of hosts per subnet, a subnetting scheme can be chosen.
Table 7 Subnetting a Class A Network ID
Required number Number Subnet Mask Number of hosts
of subnets of host per subnet

Introduction and IP Page 17

 bits
1-2 1 255.128.0.0 or /9 8,388,606
3-4 2 255.192.0.0 or /10 4,194,302
5-8 3 255.224.0.0 or /11 2,097,150
9-16 4 255.240.0.0 or /12 1,048,574
17-32 5 255.248.0.0 or /13 524,286
33-64 6 255.252.0.0 or /14 262,142
65-128 7 255.254.0.0 or /15 131,070
129-256 8 255.255.0.0 or /16 65,534
257-512 9 255.255.128.0 or /17 32,766
513-1,024 10 255.255.192.0 or /18 16,382
1,025-2,048 11 255.255.224.0 or /19 8,190
2,049-4,096 12 255.255.240.0 or /20 4,094
4,097-8,192 13 255.255.248.0 or /21 2,046
8,193-16,384 14 255.255.252.0 or /22 1,022
16,385-32,768 15 255.255.254.0 or /23 510
32,769-65,536 16 255.255.255.0 or /24 254
65,537-131,072 17 255.255.255.128 or / 126
25
131,073-262,144 18 255.255.255.192 or / 62
26
262,145-524,288 19 255.255.255.224 or / 30
27
524,289-1,048,576 20 255.255.255.240 or / 14
28
1,048,577- 21 255.255.255.248 or / 6
2,097,152 29
2,097,153- 22 255.255.255.252 or / 2
4,194,304 30
Table 8 shows the subnetting of a class B network ID.
Table 8 Subnetting a class B network ID
Required number Number Subnet Mask Number of hosts
of subnets of host per subnet
bits
1-2 1 255.255.128.0 or /17 32,766
3-4 2 255.255.192.0 or /18 16,382
5-8 3 255.255.224.0 or /19 8,190
9-16 4 255.255.240.0 or /20 4,094
17-32 5 255.255.248.0 or /21 2,046
33-64 6 255.255.252.0 or /22 1,022
65-128 7 255.255.254.0 or /23 510
129-256 8 255.255.255.0 or /24 254
257-512 9 255.255.255.128 or / 126
25
513-1,024 10 255.255.255.192 or / 62
26
1,025-2,048 11 255.255.255.224 or / 30
27
2,049-4,096 12 255.255.255.240 or / 14
28
4,097-8,192 13 255.255.255.248 or / 6

Introduction and IP Page 18

 29
8,193-16,384 14 255.255.255.252 or / 2
30
Table 9 shows the subnetting of a class C network ID.
Table 9 Subnetting a class C network ID
Required number Number Subnet Mask Number of hosts
of subnets of host per subnet
bits
1-2 1 255.255.255.128 or / 126
25
3-4 2 255.255.255.192 or / 62
26
5-8 3 255.255.255.224 or / 30
27
9-16 4 255.255.255.240 or / 14
28
17-32 5 255.255.255.248 or / 6
29
33-64 6 255.255.255.252 or / 2
30

Step 2: Enumerating Subnetted Network IDs

Based on the number of host bits you use for your subnetting, you must list the new subnetted network IDs. There are two
main approaches:
 Binary—List all possible combinations of the host bits chosen for subnetting and convert each combination to dotted
decimal notation.
 Decimal—Add a calculated increment value to each successive subnetted network ID and convert to dotted decimal
notation.
Either method produces the same result—the enumerated list of subnetted network IDs.
Note There are a variety of documented shortcut techniques for subnetting. However, they only work under a specific set of
constraints (for example, only up to 8 bits of a class-based network ID). The methods described below are designed to work
for any subnetting situation (class-based, more than 8 bits, supernetting, variable length subnetting).
Binary Subnetting Procedure
1. Based on n, the number of host bits chosen for subnetting, create a 3-column table with 2 n entries. The first column is the
subnet number (starting with 1), the second column is the binary representation of the subnetted network ID, and the third
column is the dotted decimal representation of the subnetted network ID.
For each binary representation, the bits of the network ID being subnetted are fixed to their appropriate values and the
remaining host bits are set to all 0’s. The host bits chosen for subnetting will vary.
2. In the first table entry, set the subnet bits to all 0’s and convert to dotted decimal notation. The original network ID is
subnetted with its new subnet mask.
3. In the next table entry, increase the value within the subnet bits.
4. Convert the binary result to dotted decimal notation.

Introduction and IP Page 19

5. Repeat steps 3 and 4 until the table is complete.
As an example, a 3-bit subnet of the private network ID 192.168.0.0 is needed. The subnet mask for the new subnetted
network IDs is 255.255.224.0 or /19. Based on n = 3, construct a table with 8 (= 2 3) entries. The entry for subnet 1 is the all
0’s subnet. Additional entries in the table are successive increments of the subnet bits as shown in Table 10. The host bits used
for subnetting are underlined.
Table 10 Binary subnetting technique for network ID 192.168.0.0
Subnet Binary Representation Subnetted Network ID
1 11000000.10101000.00000000.00000000 192.168.0.0/19
2 11000000.10101000.00100000.00000000 192.168.32.0/19
3 11000000.10101000.01000000.00000000 192.168.64.0/19
4 11000000.10101000.01100000.00000000 192.168.96.0/19
5 11000000.10101000.10000000.00000000 192.168.128.0/19
6 11000000.10101000.10100000.00000000 192.168.160.0/19
7 11000000.10101000.11000000.00000000 192.168.192.0/19
8 11000000.10101000.11100000.00000000 192.168.224.0/19

Decimal Subnetting Procedure

1. Based on n, the number of host bits chosen for subnetting, create a 3-column table with 2 n entries. The first column is the
subnet number (starting with 1), the second column is the decimal (Base 10 numbering system) representation of the 32-bit
subnetted network ID, and the third column is the dotted decimal representation of the subnetted network ID.
2. Convert the network ID (w.x.y.z) being subnetted from dotted decimal notation to N, a decimal representation of the 32-bit
network ID.
N = w*16777216 + x*65536 + y*256 + z
3. Compute the increment value I based on h, the number of host bits remaining.
I = 2h
4. In the first table entry, the decimal representation of the subnetted network ID is N and the subnetted network ID will be
w.x.y.z with its new subnet mask.
5. In the next table entry, add I to the previous table entry’s decimal representation.
6. Convert the decimal representation of the subnetted network ID to dotted decimal notation (W.X.Y.Z) through the following
formula (where s is the decimal representation of the subnetted network ID):
W = INT(s/16777216)
X = INT((s mod(16777216))/65536)
Y = INT((s mod(65536))/256)
Z = s mod(256)
INT( ) denotes integer division, mod( ) denotes the modulus, the remainder upon division.
7. Repeat steps 5 and 6 until the table is complete.
As an example, a 3-bit subnet of the private network ID 192.168.0.0 is needed. Based on n = 3, we construct a table with 8
entries. The entry for subnet 1 is the all 0’s subnet. N, the decimal representation of 192.168.0.0, is 3232235520, the result of
192*16777216 + 168*65536. Since there are 13 host bits remaining, the increment I is 2 13 = 8192. Additional entries in the
table are successive increments of 8192 as shown in Table 11.

Table 11 Decimal subnetting technique for network ID 192.168.0.0

Subne Decimal Subnetted

Introduction and IP Page 20

 t Representation Network ID
1 3232235520 192.168.0.0/19
2 3232243712 192.168.32.0/19
3 3232251904 192.168.64.0/19
4 3232260096 192.168.96.0/19
5 3232268288 192.168.128.0/19
6 3232276480 192.168.160.0/19
7 3232284672 192.168.192.0/19
8 3232292864 192.168.224.0/19

The All-Zeros and All-Ones Subnets

RFC 950 originally forbade the use of the subnetted network IDs where the bits being used for subnetting are set to all 0’s
(the all-zeros subnet) and all 1’s (the all-ones subnet). The all-zeros subnet caused problems for early routing protocols and
the all-ones subnet conflicts with a special broadcast address called the all-subnets directed broadcast address.
However, RFC 1812 permits the use of the all-zeros and all-ones subnets in a Classless Interdomain Routing (CIDR)-
compliant environment. CIDR-compliant environments use modern routing protocols which do not have a problem with the
all-zeros subnet and the use of the all-subnets directed broadcast has been deprecated.
Before you use the all-zeros and all-ones subnets, verify that they are supported by your hosts and routers. Windows NT
supports the use of the all-zeros and all-ones subnets.

Step 3: Enumerating IP Addresses for Each Subnetted Network ID

Based on the enumeration of the subnetted network IDs, you must now list the valid IP addresses for new subnetted network
IDs. To list each IP address individually would be too tedious. Instead, we will enumerate the IP addresses for each subnetted
network ID by defining the range of IP addresses (the first and the last) for each subnetted network ID. There are two main
approaches:
 Binary—Write down the first and last IP address for each subnetted network ID and convert to dotted decimal notation.
 Decimal—Add values incrementally, corresponding to the first and last IP addresses for each subnetted network ID and
convert to dotted decimal notation.
Either method produces the same result—the range of IP addresses for each subnetted network ID.
Binary Procedure:
1. Based on n, the number of host bits chosen for subnetting, create a 3-column table with 2 n entries. Alternately, add two
columns to the previous table used for enumerating the subnetted network IDs. The first column is the subnet number
(starting with 1), the second column is the binary representation of the first and last IP address for the subnetted network
ID, and the third column is the dotted decimal representation of the first and last IP address of the subnetted network ID.
2. For each binary representation, the first IP address is the address where all the host bits are set to 0 except for the last host
bit. The last IP address is the address where all the host bits are set to 1 except for the last host bit.
3. Convert the binary representation to dotted decimal notation.
4. Repeat steps 2 and 3 until the table is complete.
As an example, the range of IP addresses for the 3 bit subnetting of 192.168.0.0 is shown in Table 12. The bits used for
subnetting are underlined.

Table 12 Binary enumeration of IP addresses

Subnet Binary Representation Range of IP Addresses

Introduction and IP Page 21

 1 11000000.10101000.00000000.00000001 192.168.0.1 - 192.168.31.254
-11000000.10101000.00011111.11111110
2 11000000.10101000.00100000.00000001 192.168.32.1 - 192.168.63.254
-11000000.10101000.00111111.11111110
3 11000000.10101000.01000000.00000001 192.168.64.1 - 192.168.95.254
-
11000000.10101000.01011111.11111110
4 11000000.10101000.01100000.00000001 192.168.96.1 -
-11000000.10101000.01111111.11111110 192.168.127.254
5 11000000.10101000.10000000.00000001 192.168.128.1 -
- 192.168.159.254
11000000.10101000.10011111.11111110
6 11000000.10101000.10100000.00000001 192.168.160.1 -
- 192.168.191.254
11000000.10101000.10111111.11111110
7 11000000.10101000.11000000.00000001 192.168.192.1 -
-11000000.10101000.11011111.11111110 192.168.223.254
8 11000000.10101000.11100000.00000001 192.168.224.1 -
- 192.168.255.254
11000000.10101000.11111111.11111110

Decimal Procedure
1. Based on n, the number of host bits chosen for subnetting, create a 3-column table with 2 n entries. Alternately, add two
columns to the previous table used for enumerating the subnetted network IDs. The first column is the subnet number
(starting with 1), the second column is the decimal representation of the first and last IP address for the subnetted network
ID, and the third column is the dotted decimal representation of the first and last IP address of the subnetted network ID.
2. Compute the increment value J based on h, the number of host bits remaining.
J = 2h - 2
3. For each decimal representation, the first IP address is N + 1 where N is the decimal representation of the subnetted
network ID. The last IP address is N + J.
4. Convert the decimal representation of the first and last IP addresses to dotted decimal notation (W.X.Y.Z) through the
following formula (where s is the decimal representation of the first or last IP address):
W = INT(s/16777216)
X = INT((s mod(16777216))/65536)
Y = INT((s mod(65536))/256)
Z = s mod(256)
INT( ) denotes integer division, mod( ) denotes the modulus, the remainder upon division.
5. Repeat steps 3 and 4 until the table is complete.
As an example, the range of IP addresses for the 3 bit subnetting of 192.168.0.0 is shown in Table 13. The increment J is 213 -
2 = 8190.
Table 13 Decimal enumeration of IP addresses
Subne Decimal Range of IP Addresses

Introduction and IP Page 22

 t Representation
1 3232235521 – 192.168.0.1 -
3232243710 192.168.31.254
2 3232243713 – 192.168.32.1 -
3232251902 192.168.63.254
3 3232251905 – 192.168.64.1 -
3232260094 192.168.95.254
4 3232260097 – 192.168.96.1 -
3232268286 192.168.127.254
5 3232268289 – 192.168.128.1 -
3232276478 192.168.159.254
6 3232276481 – 192.168.160.1 -
3232284670 192.168.191.254
7 3232284673 – 192.168.192.1 -
3232292862 192.168.223.254
8 3232292865 – 192.168.224.1 -
3232301054 192.168.255.254

Variable Length Subnetting:

One of the original uses for subnetting was to subdivide a class-based network ID into a series of equal-sized subnets. For
example, a 4-bit subnetting of a class B network ID produced 16 equal-sized subnets (using the all-ones and all-zeros
subnets). However, subnetting is a general method of utilizing host bits to express subnets and does not require equal-sized
subnets.
Subnets of different size can exist within a class-based network ID. This is well-suited to real world environments, where
networks of an organization contain different amounts of hosts, and different-sized subnets are needed to minimize the
wasting of IP addresses. The creation and deployment of various-sized subnets of a network ID is known as variable length
subnetting and uses variable length subnet masks (VLSM).
Variable length subnetting is a technique of allocating subnetted network IDs that use subnet masks of different sizes.
However, all subnetted network IDs are unique and can be distinguished from each other by their corresponding subnet mask.
The mechanics of variable length subnetting are essentially that of performing subnetting on a previously subnetted network
ID. When subnetting, the network ID bits are fixed and a certain amount of host bits are chosen to express subnets. With
variable length subnetting, the network ID being subnetted has already been subnetted.

Variable Length Subnetting Example

For example, given the class-based network ID of 135.41.0.0/16, a required configuration is to reserve half of the addresses
for future use, create 15 subnets with up to 2,000 hosts, and 8 subnets with up to 250 hosts.

Reserve half of the addresses for future use

To reserve half of the addresses for future use, a 1-bit subnetting of the class-based network ID of 135.41.0.0 is done,
producing 2 subnets, 135.41.0.0/17 and 135.41.128.0/17. The subnet 135.41.0.0/17 is chosen as the portion of the addresses
which are reserved for future use.
Table 14 shows one subnet with up to 32,766 hosts.
Table 14: Reserving half the addresses for future use

Introduction and IP Page 23

 Subnet Network ID (dotted Network ID (network
Number decimal) prefix)
1 135.41.0.0, 135.41.0.0/17
255.255.128.0

Fifteen Subnets with up to 2,000 Hosts

To achieve a requirement of 15 subnets with approximately 2,000 hosts, a 4-bit subnetting of the subnetted network ID of
135.41.128.0/17 is done. This produces 16 subnets (135.41.128.0/21, 135.41.136.0/21 . . . 135.41.240.0/21,
135.41.248.0/21), allowing up to 2,046 hosts per subnet. The first 15 subnetted network IDs (135.41.128.0/21 to
135.41.240.0/21) are chosen as the network IDs, which fulfills the requirement.
Table 15 illustrates 15 subnets with up to 2,000 hosts.

Introduction and IP Page 24

 Table 15: 15 Subnets with up to 2,046 hosts
Subnet Network ID (dotted decimal) Network ID (network
Number prefix)
1 135.41.128.0, 255.255.248.0 135.41.128.0/21
2 135.41.136.0, 255.255.248.0 135.41.136.0/21
3 135.41.144.0, 255.255.248.0 135.41.144.0/21
4 135.41.152.0, 255.255.248.0 135.41.152.0/21
5 135.41.160.0, 255.255.248.0 135.41.160.0/21
6 135.41.168.0, 255.255.248.0 135.41.168.0/21
7 135.41.176.0, 255.255.248.0 135.41.176.0/21
8 135.41.184.0, 255.255.248.0 135.41.184.0/21
9 135.41.192.0, 255.255.248.0 135.41.192.0/21
10 135.41.200.0, 255.255.248.0 135.41.200.0/21
11 135.41.208.0, 255.255.248.0 135.41.208.0/21
12 135.41.216.0, 255.255.248.0 135.41.216.0/21
13 135.41.224.0, 255.255.248.0 135.41.224.0/21
14 135.41.232.0, 255.255.248.0 135.41.232.0/21
15 135.41.240.0, 255.255.248.0 135.41.240.0/21

8 Subnets with up to 250 Hosts

To achieve a requirement of 8 subnets with up to 250 hosts, a 3-bit subnetting of subnetted network ID of 135.41.248.0/21 is
done, producing 8 subnets (135.41.248.0/24, 135.41.249.0/24 . . . 135.41.254.0/24, 135.41.255.0/24) and allowing up to 254
hosts per subnet. All 8 subnetted network IDs (135.41.248.0/24 to 135.41.255.0/24) are chosen as the network IDs, which
fulfills the requirement.
Table 16 illustrates 8 subnets with approximately 250 hosts.
Table 16: 8 subnets with up to 254 hosts
Subnet Network ID (dotted decimal) Network ID (network
Number prefix)
1 135.41.248.0, 255.255.255.0 135.41.248.0/24
2 135.41.249.0, 255.255.255.0 135.41.249.0/24
3 135.41.250.0, 255.255.255.0 135.41.250.0/24
4 135.41.251.0, 255.255.255.0 135.41.251.0/24
5 135.41.252.0, 255.255.255.0 135.41.252.0/24
6 135.41.253.0, 255.255.255.0 135.41.253.0/24
7 135.41.254.0, 255.255.255.0 135.41.254.0/24
8 135.41.255.0, 255.255.255.0 135.41.255.0/24
The variable length subnetting of 135.41.0.0/16 is shown graphically in Figure 10.

Figure: Variable length subnetting of 135.41.0.0/16

Note:In dynamic routing environments, variable length subnetting can only been deployed where the subnet mask is

Introduction and IP Page 25

advertised along with the network ID. Routing Information Protocol (RIP) for IP version 1 does not support variable length
subnetting. RIP for IP version 2, Open Short Path First (OSPF), and BGPv4 all support variable length subnetting.

Supernetting and Classless Interdomain Routing:

With the growth of the Internet, it became clear to the Internet authorities that the class B network IDs would soon be
depleted. For most organizations, a class C network ID does not contain enough host IDs and a class B network ID has
enough bits to provide a flexible subnetting scheme within the organization.
The Internet authorities devised a new method of assigning network IDs to prevent the depletion of class B network IDs.
Rather than assigning a class B network ID, the Internet Network Information Center (InterNIC) assigns a range of class C
network IDs that contain enough network and host IDs for the organization’s needs. This is known as supernetting. For
example, rather than allocating a class B network ID to an organization that has up to 2,000 hosts, the InterNIC allocates a
range of 8 class C network IDs. Each class C network ID accommodates 254 hosts, for a total of 2,032 host IDs.
While this technique helps conserve class B network IDs, it creates a new problem. Using conventional routing techniques,
the routers on the Internet must have 8 class C network ID entries in their routing tables to route IP packets to the
organization. To prevent Internet routers from becoming overwhelmed with routes, a technique called Classless Interdomain
Routing (CIDR) is used to collapse multiple network ID entries into a single entry corresponding to all of the class C network
IDs allocated to that organization.
Conceptually, CIDR creates the routing table entry: {Starting Network ID, count}, where Starting Network ID is the first
class C network ID and the count is the number of class C network IDs allocated. In practice, a supernetted subnet mask is
used to convey the same information. To express the situation where 8 class C network IDs are allocated starting with
Network ID 220.78.168.0:
Starting Network 220.78.168 10011110 01001110 10101000
ID .0 00000000
Ending Network 220.78.175 10011110 01001110 10101111
ID .0 00000000
Note that the first 21 bits (underlined) of all the above Class C network IDs are the same. The last three bits of the third
octet vary from 000 to 111. The CIDR entry in the routing tables of the Internet routers becomes:
Network ID Subnet Subnet Mask (binary)
Mask
220.78.168 255.255.248 11111111 11111111 11111000
.0 .0 00000000

In network prefix notation, the CIDR entry is 220.78.168.0/21.

A block of addresses using CIDR is known as a CIDR block.
Note Since subnet masks are used to express the count, class-based network IDs must be allocated in groups corresponding
to powers of two.
In order to support CIDR, routers must be able to exchange routing information in the form of {Network ID, Subnet Mask}
pairs. RIP for IP version 2, OSPF, and BGPv4 are routing protocols that support CIDR. RIP for IP version 1 does not support
CIDR.
The Address Space Perspective:
The use of CIDR to allocate addresses promotes a new perspective on IP network IDs. In the above example, the CIDR block

Introduction and IP Page 26

{220.78.168.0, 255.255.248.0} can be thought of in two ways:
 A block of 8 class C network IDs.
 An address space in which 21 bits are fixed and 11 bits are assignable.

In the latter perspective, IP network IDs lose their class-based heritage and become separate IP address spaces, subsets of the
original IP address space defined by the 32-bit IP address. Each IP network ID (class-based, subnetted, CIDR block), is an
address space in which certain bits are fixed (the network ID bits) and certain bits are variable (the host bits). The host bits
are assignable as host IDs or, using subnetting techniques, can be used in whatever manner best suits the needs of the
organization.

Public and Private Addresses:

If your intranet is not connected to the Internet, any IP addressing can be deployed. If direct (routed) or indirect (proxy or
translator) connectivity to the Internet is desired, then there are two types of addresses employed on the Internet, public
addresses and private addresses.

Public Addresses:
Public addresses are assigned by InterNIC and consist of class-based network IDs or blocks of CIDR-based addresses (called
CIDR blocks) that are guaranteed to be globally unique to the Internet.
When the public addresses are assigned, routes are programmed into the routers of the Internet so that traffic to the assigned
public addresses can reach their locations. Traffic to destination public addresses are reachable on the Internet.
For example, when an organization is assigned a CIDR block in the form of a network ID and subnet mask, that {network ID,
subnet mask} pair also exists as a route in the routers of the Internet. IP packets destined to an address within the CIDR block
are routed to the proper destination.
Illegal Addresses:
Private intranets that ha
+9ve no intent on connecting to the Internet can choose any addresses they want, even public addresses that have been
assigned by the InterNIC. If an organization later decides to connect to the Internet, its current address scheme may include
addresses already assigned by the InterNIC to other organizations. These addresses would be duplicate or conflicting
addresses and are known as illegal addresses. Connectivity from illegal addresses to Internet locations is not possible.
For example, a private organization chooses to use 207.46.130.0/24 as its intranet address space. The public address space
207.46.130.0/24 has been assigned to the Microsoft corporation and routes exist on the Internet routers to route all packets
destined to IP addresses on 207.46.130.0/24 to Microsoft routers. As long as the private organization does not connect to the
Internet, there is no problem, since the two address spaces are on separate IP internetworks. If the private organization then
connected directly to the Internet and continued to use 207.46.130.0/24 as its address space, then any Internet response traffic
to locations on the 207.46.130.0/24 network would be routed to Microsoft routers, not to the routers of the private
organization.

Private Addresses:
Each IP node requires an IP address that is globally unique to the IP internetwork. In the case of the Internet, each IP node on
a network connected to the Internet requires an IP address that is globally unique to the Internet. As the Internet grew,

Introduction and IP Page 27

organizations connecting to the Internet required a public address for each node on their intranets. This requirement placed a
huge demand on the pool of available public addresses.
When analyzing the addressing needs of organizations, the designers of the Internet noted that for many organizations, most
of the hosts on the organization’s intranet did not require direct connectivity to Internet hosts. Those hosts that did require a
specific set of Internet services, such as the World Wide Web access and e-mail, typically access the Internet services through
application layer gateways such as proxy servers and e-mail servers. The result is that most organizations only required a
small amount of public addresses for those nodes (such as proxies, routers, firewalls, and translators) that were directly
connected to the Internet.
For the hosts within the organization that do not require direct access to the Internet, IP addresses that do not duplicate
already-assigned public addresses are required. To solve this addressing problem, the Internet designers reserved a portion of
the IP address space and named this space the private address space. An IP address in the private address space is never
assigned as a public address. IP addresses within the private address space are known as private addresses. Because the
public and private address spaces do not overlap, private addresses never duplicate public addresses.
The private address space specified in RFC 1597 is defined by the following three address blocks:
 10.0.0.0/8
The 10.0.0.0/8 private network is a class A network ID that allows the following range of valid IP addresses: 10.0.0.1 to
10.255.255.254. The 10.0.0.0/8 private network has 24 host bits which can be used for any subnetting scheme within the
private organization.
 172.16.0.0/12
The 172.16.0.0/12 private network can be interpreted either as a block of 16 class B network IDs or as a 20-bit assignable
address space (20 host bits) which can be used for any subnetting scheme within the private organization. The
172.16.0.0/12 private network allows the following range of valid IP addresses: 172.16.0.1 to 172.31.255.254.
 192.168.0.0/16
The 192.168.0.0/16 private network can be interpreted either as a block of 256 class C network IDs or as a 16-bit
assignable address space (16 host bits), which can be used for any subnetting scheme within the private organization. The
192.168.0.0/16 private network allows the following range of valid IP addresses: 192.168.0.1 to 192.168.255.254.
The result of many organizations using private addresses is that the private address space is re-used, helping to prevent the
depletion of public addresses.
Since the IP addresses in the private address space will never be assigned by the InterNIC as public addresses, there will
never exist routes in the Internet routers for private addresses. Traffic to destination bitsprivate addresses are not reachable on
the Internet. Therefore, Internet traffic from a host that has a private address must either send its requests to an application
layer gateway (such as a proxy server), which has a valid public address, or have its private address translated into a valid
public address by a network address translator (NAT) before it is sent on the Internet.

IPV4-32 bits
IPV6-128 bits

Introduction and IP Page 28