Subnet Masks (Networks) The question: what the hell does 255.255.255.0 mean anyway? The answer: it's the way that network devices know where they stand on a network (255.255.255.0 means a Class C network) Admittedly, I had a difficult time understanding how subnetting works and only after I fully understood subnet masks did I feel that I had taken a major step towards deeper TCP/IP knowledge. Bearing this in mind, you may find the following a little difficult to comprehend, but, believe me, once you 'get it', you can put it on the same list as riding your bike without training wheels and giving good oral sex. The big point: binary as opposed to decimal Start here We live in a world where understanding numbers and math is of the utmost importance (if you are to do nearly anything productive with society). So, as my calculus teacher painstakingly taught me so many moons ago, the long way is the best way towards full understanding. Consider this number: ninety two thousand four hundred eighty five 92485 The first digit, a nine (9), represents tens of thousands. Try thinking of it this way: the first digit, a five (5), represents single units. The second digit, an eight (8), represents 80, or, 8 tens of units. The third, a four (4), represents 400, or, 4 hundreds of units. Fourth, a two (2), represents 2000, or, 2 thousands of units. And finally, the nine (9), represents 90000, or, 9 ten-thousand units. Notice anything? Each time we move a digit to the left, the number of ten-units increases by a factor of 10. Even the first digit (the 5) represents a measurement of ten-units: ten raised to the zero power. This is the decimal system (base 10, for short). 5 * 10^0 = 5 * 1 = 5 8 * 10^1 = 8 * 10 = 80 4 * 10^2 = 4 * 100 = 400 2 * 10^3 = 2 * 1000 = 2000 9 * 10^4 = 9 * 10000 = 90000 ----- 92485 Yea... a n d...? Well, subnet masks use a totally different numeric system: binary (base 2). 92485 is *not* a valid binary number. Valid binary numbers consist of *only* ones and zeroes (10110100101000101 is binary for 92485 decimal - they both mean the same number). <rant> Never mind why we don't all have IP addresses like 3232235777, it's just too difficult to deal with. It's much easier having 192.168.1.1 around. Did you know that an IP address really doesn't have enough information all by itself to do any useful packet communications? It *needs* the subnet mask to know what NETWORK it, as a HOST, is on. An IP address, after all, only identifies a HOST on a NETWORK. You don't really think the Internet is just one gigantic network do you? How the hell does your machine know how to get to google.com anyway? I'm sure you're aware that google.com eventually boils down to an IP address... so... how do you get to it? What... your network card just goes "I'd like 216.239.33.100 please? oh yea, I want it now!!! Now! Now! Now!"? And then what... only that one IP responds to your request? Because it "just knows"? No, 'fraid not, that's not how it works. </rant> There may be 20 or more little, tiny, two-node networks that handle your search request before google.com finally gets it. This is the difficult thing to get: An IP address only identifies a host, but the subnet mask identifies the network that host physically resides on. Yes, each network has a number. 192.168.1.1 means machine number 1 on network 192.168.1.0 using a subnet mask of 255.255.255.0. But, 192.168.1.1 could mean machine 257 on network 192.168.0.0 using a subnet mask of 255.255.0.0 (machine 1 being 192.168.0.1). Also, 192.168.1.1 could mean machine 1 (out of 2 this time) on network 192.168.1.0 using a subnet mask of 255.255.255.252. You're losing me... Well, stay with me. A router is the device responsible for deciding which network a given packet gets routed down towards it's ultimate destination. The Internet is made up of millions of tiny, two-node networks. Some routers connect maybe 10, 20, 30 or more of those small individual networks and therefore must have routing tables defined to "just know" where to send your packets. Consider (for example) a kick-ass router like that residing in the windy city of Chicago. The other end of one small network may be in Mountain View, CA. A second could be in Atlanta. A third in Washington D.C. The routing tables tell the router which pipe to forward your packet down. But, those kinds of distance still only need two endpoints. They don't need to have a Class C network (254 possible hosts) to handle that traffic. Welcome to the backbone, where the big Tier 1 & 2 providers hangout. Man, I'm still not gettin' it. Forget you Spud... Fine. It clicked with me when I worked backwards from a full subnet mask (255.255.255.255 - all 1's, 32 of 'em).. hmm, possible? Nope. Okay, how 'bout 255.255.255.254 - thirty-one 1's) 1111 1111 1111 1111 1111 1111 1111 1110 = /31 = 2 possible hosts 255 255 255 254 2 hosts? Yep. Any computer using an IP address with this as it's subnet mask (/31), won't be able to do much. In *ANY* network, the first and last IP addresses of the whole range are reserved. 1st one network address, last one broadcast address. 1111 1111 1111 1111 1111 1111 1111 1100 = /30 = 4 possible hosts 255 255 255 252 4 hosts? Yep. Minus the two that we can't use, leaves two IP's to use. 1100 0000 1010 1000 0000 0001 0000 0001 = 192.168.1.1 1100 0000 1010 1000 0000 0001 0000 0010 = 192.168.1.2 Those two IP's know they're on each other's end of the wire (LAN segment) if/when they both use the same subnet mask. 1100 0000 1010 1000 0000 0001 0000 0011 = 192.168.1.3 If using a /30 subnet, this is the broadcast address. Using a /29 however, 192.168.1.3 becomes just another player on a 6-node network. 1111 1111 1111 1111 1111 1111 1111 1000 = /29 = 8 possible hosts 255 255 255 248 8 hosts? Yep. The three zeroes represent how many IP's we can 'play' with. Do the math. 000 and 111 are right out (net# and broadcast addy). That leaves 001, 010, 011, 100, 101, & 110. To illustrate the example, this network, 11000000101010000000000100000 001 = 192.168.1.1 = Corporate intranet LAN 11000000101010000000000100000 010 = 192.168.1.2 = on a high speed switch 11000000101010000000000100000 011 = 192.168.1.3 = Five IIS servers (.1, .2, 11000000101010000000000100000 100 = 192.168.1.4 = .3, .4, & .5) connect to 11000000101010000000000100000 101 = 192.168.1.5 = really fast router at 11000000101010000000000100000 110 = 192.168.1.6 = 192.168.1.6, works when they all use a /29 subnet mask. The corporation could start it's next intranet application using the 192.168.1.8 network. And the third using the .16 network. There are many advantages of doing this. They use less IP's and can therefore deliver more intranets on separate, fast pipes, than just dropping them on your typical 255.255.255.0 Class C subnetted LAN. They could also control the routing to each subnet filtering sources as necessary. There are more advantages too, some of which may dawning on you right now. If that is the case, and you just happen to be 'getting' it... well, I say: Good for you! Way to go! If you don't get it, but really, really want to - try again. If you get it, and got it recently - awesome, route properly. If you get it, but got it a long time ago - they run so many web servers... ...'cause they need the redundancy! this seems like a good place to end 0.5 2/6/03 corrections, suggestions, etc. - spud ]at[ attrition ]dot[ org thanks for your participation