Subnet Masks (Networks)

The question: what the hell does 255.255.255.0 mean anyway?

The answer: it's the way that network devices know where they stand on a
            network (255.255.255.0 means a Class C network)

Admittedly, I had a difficult time understanding how subnetting works and
only after I fully understood subnet masks did I feel that I had taken a
major step towards deeper TCP/IP knowledge.  Bearing this in mind, you may
find the following a little difficult to comprehend, but, believe me,
once you 'get it', you can put it on the same list as riding your bike
without training wheels and giving good oral sex.

The big point: binary as opposed to decimal

Start here
We live in a world where understanding numbers and math is of the utmost
importance (if you are to do nearly anything productive with society).
So, as my calculus teacher painstakingly taught me so many moons ago, the
long way is the best way towards full understanding.

Consider this number: ninety two thousand four hundred eighty five
                      92485
The first digit, a nine (9), represents tens of thousands.

Try thinking of it this way: the first digit, a five (5), represents
single units.

The second digit, an eight (8), represents 80, or, 8 tens of units.
The third, a four (4), represents 400, or, 4 hundreds of units.
Fourth, a two (2), represents 2000, or, 2 thousands of units.
And finally, the nine (9), represents 90000, or, 9 ten-thousand units.

Notice anything?  Each time we move a digit to the left, the number of
ten-units increases by a factor of 10.  Even the first digit (the 5)
represents a measurement of ten-units: ten raised to the zero power.
This is the decimal system (base 10, for short).

       5 * 10^0 = 5 * 1     = 5
       8 * 10^1 = 8 * 10    = 80
       4 * 10^2 = 4 * 100   = 400
       2 * 10^3 = 2 * 1000  = 2000
       9 * 10^4 = 9 * 10000 = 90000
                              -----
                              92485  

Yea... a n d...?
Well, subnet masks use a totally different numeric system: binary (base 2).
92485 is *not* a valid binary number.  Valid binary numbers consist of
*only* ones and zeroes (10110100101000101 is binary for 92485 decimal -
they both mean the same number).

<rant>
Never mind why we don't all have IP addresses like 3232235777, it's just
too difficult to deal with.  It's much easier having 192.168.1.1 around.
Did you know that an IP address really doesn't have enough information all
by itself to do any useful packet communications?  It *needs* the subnet
mask to know what NETWORK it, as a HOST, is on.  An IP address, after all,
only identifies a HOST on a NETWORK.  You don't really think the Internet
is just one gigantic network do you?  How the hell does your machine know
how to get to google.com anyway?  I'm sure you're aware that google.com
eventually boils down to an IP address... so... how do you get to it?
What... your network card just goes "I'd like 216.239.33.100 please? oh yea,
I want it now!!! Now! Now! Now!"?  And then what... only that one IP
responds to your request?  Because it "just knows"?  No, 'fraid not, that's
not how it works.
</rant>

There may be 20 or more little, tiny, two-node networks that handle your
search request before google.com finally gets it.

This is the difficult thing to get: An IP address only identifies a host,
but the subnet mask identifies the network that host physically resides on.
Yes, each network has a number.  192.168.1.1 means machine number 1 on
network 192.168.1.0 using a subnet mask of 255.255.255.0.  But, 192.168.1.1
could mean machine 257 on network 192.168.0.0 using a subnet mask of
255.255.0.0 (machine 1 being 192.168.0.1).  Also, 192.168.1.1 could mean 
machine 1 (out of 2 this time) on network 192.168.1.0 using a subnet mask
of 255.255.255.252.

You're losing me...
Well, stay with me.  A router is the device responsible for deciding
which network a given packet gets routed down towards it's ultimate
destination.  The Internet is made up of millions of tiny, two-node
networks.  Some routers connect maybe 10, 20, 30 or more of those small
individual networks and therefore must have routing tables defined to
"just know" where to send your packets.  Consider (for example) a kick-ass
router like that residing in the windy city of Chicago.  The other end of
one small network may be in Mountain View, CA.  A second could be in
Atlanta.  A third in Washington D.C.  The routing tables tell the router
which pipe to forward your packet down.  But, those kinds of distance still
only need two endpoints.  They don't need to have a Class C network (254
possible hosts) to handle that traffic.  Welcome to the backbone, where the
big Tier 1 & 2 providers hangout.

Man, I'm still not gettin' it.  Forget you Spud...
Fine.  It clicked with me when I worked backwards from a full subnet mask
(255.255.255.255 - all 1's, 32 of 'em).. hmm, possible?  Nope.  Okay, how
'bout 255.255.255.254 - thirty-one 1's)

  1111 1111   1111 1111   1111 1111   1111 1110 = /31 = 2 possible hosts
  255         255         255         254

2 hosts?
Yep.  Any computer using an IP address with this as it's subnet mask (/31),
won't be able to do much.  In *ANY* network, the first and last IP addresses
of the whole range are reserved.  1st one network address, last one
broadcast address.

  1111 1111   1111 1111   1111 1111   1111 1100 = /30 = 4 possible hosts
  255         255         255         252  

4 hosts?
Yep.  Minus the two that we can't use, leaves two IP's to use.

  1100 0000   1010 1000   0000 0001   0000 0001 = 192.168.1.1
  1100 0000   1010 1000   0000 0001   0000 0010 = 192.168.1.2

Those two IP's know they're on each other's end of the wire (LAN segment)
if/when they both use the same subnet mask.

  1100 0000   1010 1000   0000 0001   0000 0011 = 192.168.1.3

If using a /30 subnet, this is the broadcast address.  Using a /29 however,
192.168.1.3 becomes just another player on a 6-node network.

  1111 1111   1111 1111   1111 1111   1111 1000 = /29 = 8 possible hosts
  255         255         255         248

8 hosts?
Yep.  The three zeroes represent how many IP's we can 'play' with.  Do the
math. 000 and 111 are right out (net# and broadcast addy).  That leaves 001,
010, 011, 100, 101, & 110.  To illustrate the example, this network,

  11000000101010000000000100000 001 = 192.168.1.1 = Corporate intranet LAN
  11000000101010000000000100000 010 = 192.168.1.2 =  on a high speed switch
  11000000101010000000000100000 011 = 192.168.1.3 = Five IIS servers (.1, .2,
  11000000101010000000000100000 100 = 192.168.1.4 =  .3, .4, & .5) connect to
  11000000101010000000000100000 101 = 192.168.1.5 =  really fast router at
  11000000101010000000000100000 110 = 192.168.1.6 =  192.168.1.6,

works when they all use a /29 subnet mask.  The corporation could start it's
next intranet application using the 192.168.1.8 network.  And the third using
the .16 network.  There are many advantages of doing this.  They use less IP's
and can therefore deliver more intranets on separate, fast pipes, than just
dropping them on your typical 255.255.255.0 Class C subnetted LAN.  They
could also control the routing to each subnet filtering sources as necessary.
There are more advantages too, some of which may dawning on you right now.
If that is the case, and you just happen to be 'getting' it... well, I say:
Good for you!  Way to go!

If you don't get it, but really, really want to - try again.
If you get it, and got it recently - awesome, route properly.
If you get it, but got it a long time ago - they run so many web servers...
                                          ...'cause they need the redundancy!

this seems like a good place to end

0.5 2/6/03
corrections, suggestions, etc. - spud ]at[ attrition ]dot[ org

thanks for your participation