Subnetting (and Supernetting)

Subnetting is one of those things that most tutorials and books make far more complicated than it should be. When I began studying for the TCP/IP MCSE exam, I was at a loss. After a lot of browsing through the bookstores and web pages, I realized that it's actually quite simple.

I would like to give my thanks to my Linux mentor Ed Popkov, who caught a couple of mistakes and also MCSE + I Kyle Rodeck who very kindly reviewed, corrected and added to this howto. All mistakes, of course, are my own.

Although in the real world, most people use subnet calculators--they're available as freeware, so cost isn't an issue-- for ones own knowledge (and of course, the TCP/IP test) one does have to know how to manually figure out subnets. Despite the fact that many are saying (and this matched my own experience) that there are only one or two subnetting questions on the test these days, MS can be whimsical, and this could change again.
A couple of disclaimers here. Although the TCP/IP exam is going to be retired, MS expects you to be familiar with the material that it covers for some of the new Windows 2000 core exams. Proxy 2.0 and Exchange 5.5, 2 exams that are not being retired, also require a bit of knowledge of subnetting in order to deny access to a range of hosts. This is a howto, not a whyis. If you want detailed explanations, including ANDing etc, see one of the many excellent sites on the web. (To use a somewhat tortured analogy, there are various disciplines, such as some forms of Buddhism and some martial arts that first teach you the technique and figure that you'll learn the reasons for them as you go along.)
Secondly, this is subnetting for the Microsoft exam--Cisco and Novell probably do it differently, as does Linux. My Linux mentor, for example, was somewhat puzzled by certain ranges of address that had to be thrown out.

(Since this was originally written, I've passed the CCNA 2.0 exam. I've found that Cisco, at least for this exam, works pretty much the same way. There are ways to use subnets that MS wouldn't allow, but apparently, they're covered more deeply in more advanced exams. Interestingly enough, although the Sybex book for the NT TCP/IP and the CCNA were both written in part by Todd Lammle, the NT book's explanation of subnetting was not very clear, whereas the Cisco book's explanation is excellent. This is not simply because I've learned about subnetting in the interim--the explanations are done differently.)

There are three basic aspects to subnetting--determining how many subnets you need, how many hosts it will allow and what are the valid addresses on the subnet. There are several complicated formulas to work this out, most involving binary math. One can memorize several tables, or, if they are good at this sort of thing, do it in their head. If one does use the calculator provided with Windows, especially on the test, I would recommend that they learn the keyboard shortcuts, which will, with a bit of practice, be much simpler than clicking on the required keys or radio buttons. (However, in the Cisco exam, you aren't able to use the calculator, so you will have to memorize).

The operations you would have to perform are the following--converting binary to decimal, which is done by hitting the F6 key. Converting decimal to binary, which is done by hitting the F8 key. Figuring 2 to the power of something (henceforth represented by 2^number) which is done by hitting 2, the letter y and then the second number. Clearing the previous calculation, done by hitting the escape key and lastly, subtraction, which is done by hitting the - key.

The information below is also useful both in the real world and on the exams for IIS4 and Proxy 2.0. In both cases, a range of addresses can be permitted or denied access based on subnet masks.

I am going to do all the examples with a class C address, as that is the simplest. However, this will work with the other classes as well. So, let's say you have a network that begins with 192.168.0.1. Your network address then is 192.168.0.0--this is the address representing the entire network. You want to divide it into 6 subnets. Your default subnet mask is 255.255.255.0. You have to change that. (As an aside, you may see a subnet written as 192.168.0.1/24 instead of being written out as 255.255.255.0 The number behind the slash indicates the number of ones in the subnet if it is written in binary. For example, 255.255.255.0 is written in binary as 11111111.11111111.11111111.00000000 [usually without dots between the bits--I simply put them there for the reader's convenience]. Therefore, 192.168.0.1/24. This is called slash notation.)

This becomes more important in Cisco exams. You will find that preperation tests and textbooks use slash notation or terms like 6 bits of subnetting. This USUALLY means 6 bits in addition to the default subnet mask. For instance, "You have a class B address with 6 bits of subnetting" means that there are six additional bits. A default class B netmask is 255.255.0.0 or 11111111.11111111.00000000.00000000 in binary. 6 bits would be 11111111.11111111.11111100.00000000 or 255.255.255.252.0.

One has to be careful however--if they say a class B address with 26 bits of subnetting, then they mean 26 bits total. As a subnet mask consists of 32 bits, and a class B netmask consists of 16 bits, it isn't possible to add 26 additional bits. So be careful. Although I found such deceptive questions only on practice exams, and not on the actual test, the possibility is there.

There is a very simple formula here. 2^n-2=X. X has to be equal to or greater than the number of desired subnets. So, 2^2=4. 4-2=2. Nope, not enough. So, 2^3=8. 8-2=6. There we go. That's how many bits we need to take from the host address part of the subnet to make our subnet mask. Take the three bits.

To digress for a moment, I am assuming that you've tried some of the other subnet tutorials first and know what I mean by bits, octets etc. (To review it very quickly, a number like 255 is the decimal equivelant of the binary 11111111. Each of the numbers in a subnet mask represents 8 bits of a binary number, therefore use of the word octet.) So, in binary, the current last octet, 0, is written as 00000000. Now, we're taking those three bits and putting them at the left side of this octet--more properly referred to as putting them in high order. Our new final octet is 11100000. Then, either using the table you've memorized, or your windows calculator, you put this back into decimal form. It is 224. Ergo, our new subnet mask, one that will allow us to have 6 subnets is 255.255.255.224.

There is another method that some might find easier. If you remember that 10000000 in binary is 128 then each bit to the right of that first represents half of the preceding number. (You're probably saying huh? Read on.)
So, we've taken three bits. The first bit, if there were no others, would be 128. The second 1, counting from the left, is half of that, 64. (What I mean by this is that if you only had 1000000 in binary, using only 6 0's, the number in decimal is 64.) The third is 32, etc. So, you can simply add 128+64+32 to get your 224. Use whichever method works best for you.

Sometimes, you might want have a problem that goes the opposite way--with a given subnet mask, how many subnets can you have. It's solved in the same general way. Put the changed octet into binary, count the 1's then use the 2^n-2 formula. So, if you have a subnet of 255.255.255.224, and you want to know how many subnets can be made with it, write the 224 in binary. 11100000. Three 1's---2^3-2---you can have 6 subnets

Be careful here. You may be presented with a problem that gives you class B address with what looks like a class C subnet, for example 140.20.0.1 and a subnet of 255.255.255.224. What's happened here is that you now have a ridiculous number of subnets, with 30 hosts each. Judge the class by the IP address, not by the subnet. However, from what I've seen and heard, such test questions are more likely to be seen on Cisco rather than MS exams.

Ok, the next part is to figure out how many hosts can be on each subnet. As you've probably already learned, we lose some address per subnet, because we can't have all 0's or all 1's. Additionally, certain addies are used for the subnet ID. I repeat, this is only a howto--there are many good, though often complicated, explanations of why out there. So, moving right along...
Going to binary, we count the remaining 0's in the last octet, the one that we changed to make our new subnet. We changed the 0 to 224. Written in binary, this is 11100000. We have five 0's. So, 2^5=32. 32-2 = 30. We can have 30 hosts on each subnet. If this were a class B address, the original subnet would have been 255.255.0.0 and we would have changed the third octet to 224, giving us a subnet of 255.255.224.0. In binary, that would be 11111111.11111111.11100000.00000000 so we would have the 8 additional zeros of the last octet. Then the equation would have been 2^13-2. This is the easy way to figure out how many hosts are allowed on each subnet.

Sometimes, at least in the textbooks I've been using, again the problem is stated in reverse--if you need 59 hosts per subnet, what subnet mask should you use. In problems like this, it's helpful to have memorized your tables, however even if you haven't, it isn't that difficult. Remember that the number of possible hosts is determined by the number of 0's in the subnet mask. So, if it's a higher number of hosts, like 59, especially if we're using a class C address, start with a lot of 0's. If you haven't memorized the 2^x tables, simply estimate. Obviously, one or two 0's isn't going to do it, so start high, with 2^6 (which gives us 62 hosts--2^6=64-2=62) which is the correct number. This gives us the necessary number of host bits (remember, 1's are for the network and 0's for the host) that we can use if we need 59 hosts per subnet. Take 11000000 and put it back into decimal and you see that to allow 59 hosts for each subnet, the subnet mask should be 255.255.255.192.

One thing that I find helpful to remember is that the more ones in the octet, the more subnets you can have--the more 0's, the more hosts you can have. So, in the texbook questions that offer multiple choice, when I'm looking at the possible answers, if I want a lot of subnets, I choose the higher numbered possibilities, such as 255.255.255.240 to start with, if I want a lot of hosts, I start with with the lower possible choices, such as 255.255.255.192. The 255.255.255.192 will allow 60 hosts per net, but as there are only two 1's in the octet, will only allow us 2 subnets. (2^2=4. 4-2=2) (As you have probably figured out by now, I haven't memorized my tables) :).

Kyle uses a different method to do this. Rather than include it here, as I found it a bit complicated, and my major complaint against subnet tutorials is that they are too complicated, (since binary math is often the cause of complication, perhaps I should write that it's "two complicated"--sorry, couldn't resist) I have given it its own seperate page here.

Lastly, we want to determine the range of valid host IP addresses on each net. People do this in different ways--one is again counting the 0's (only of the changed octet--in a class A or B you leave the other 1 or 2 final octets alone) and doing 2^the number of 0's. In the example mentioned earlier, where we wanted 6 subnets so we used the subnet mask of 255.255.255.224, we have those five 0's as 224 in binary is 11100000, (To reiterate--in a class A or B address, we still only are using the five 0's of the changed octet--in other words, if your class A subnet is now 255.224.0.0 we're only working with the .224) and we get 32. The other way to come up with the number is to use the changed subnet octet, in this case, 224, and subtract it from 256. Again, the answer is 32. Either way works, do whichever is easiest for you--take the number of 0's from the changed octet and go 2^ that number or just subtract the new decimal number from 256. So, if your subnet was 255.255.255.248, you could, writing it in binary go 11111000 and do 2^3=8 or subtract 248 from 256 again winding up with 8.

This number that we have just found is going to be used to determine our subnet IDs. The subnet ID is the network address of the subnetwork.

Our old network address was 192.168.0.0 with a subnet mask of 255.255.255.0 It's now going to be 192.168.0.32 with a subnet mask of 255.255.255.224 The subnet IDs will be incremented by 32's. If our subnet mask had been 255.255.255.248, then the first subnet ID would have used that 8 that we got from subtracting 248 from 256. Our first subnet would have been 192.168.0.8, the second one would have been 192.168.0.16 etc. In this case, it's 192.168.0.32, 192.168.0.64, 192.168.0.96, 192.168.0.128, 192.168.0.160, 192.168.0.196. The next time we add 32 we get 192.168.0.228--we can't use that address because it's higher than the 224 that we're using for our subnet mask.

It's worth repeating that the higher the changed octet number, the more subnets you get but the fewer hosts per subnet. If we had used the subnet mask of 255.255.255.248, we would have an octet reading 11111000. Using our formulas, to find how many subnets we could make, we'd go 2^5-2 which gives us 30. 30 possible subnets. To find hosts---2^3-2---only 6 hosts on each subnet.

So, going back to our 255.255.255.224 subnet---the network address, or subnet ID is 192.168.0.32. So, the first host addie is 192.168.0.33. We have lost the first and last ranges of addresses--we can't use 192.168.0.1-31, nor will we be able to use anything higher than 192.168.0.222 on the last subnet. (One quick note here--Kyle, who has studied this in depth thinks that the final usable address should be 192.168.0.223. However, a couple of textbooks I worked with, as well as a subnet calculator that I used to doublecheck my figures, said that .222 is the last possible host addie. The reader can research this on his own.)

Especially with class C addies, it can get a bit confusing. Basically, to figure out your valid host ID's, remember you can have 30 hosts on each subnet. The first one would be 192.168.0.33. The network address of this subnet--which used to be 192.168.0.0 before we started subnetting--is now 192.168.0.32. The second subnet's network address is 192.168.0.64.You would think that we could, on the first subnet, use the host address of 192.168.0.63--HOWEVER---63, in binary, comes out to be all ones, so we can't use it as the addie can't be all 0's or all 1's in binary. The easiest way to do it is to simply remember the number 30 (32-2) and add it to each subnet ID. Therefore, 32+30=62--the first range of host IDs goes from 192.168.0.33 to 192.168.0.62. Then, we can't use .63, .64 is the next subnet ID so we can't use that one either. (this is one of the many ways you lose host IDs by subnetting). So, the next subnet begins with 192.168.0.65. Remember--30 hosts per subnet. 65+30 =95. However, keep in mind, 65 is our first host ID on this subnet. Therefore, it counts as number one and we can only have 30 hosts. So, add 30 to the NETWORK address of 192.168.0.64. The last address on this second subnet is 192.168.0.94. The easiest way (for me at least) to keep this straight is to go back to the problem of how many hosts can be on a subnet. In this case, as we have a subnet of .224 which in binary is 11100000, we count the zeros, find 5 of them go 2^5-5=30 and know we can have 30 hosts on this subnet. Then add thirty to the subnet ID.

Let's go to the subnet of 255.255.255.248 to make sure we have this down. Remember, 248 in binary is 11111000. So, we can have 2^5-2 subnets, i.e. 30. And we can have 2^3-2 hosts per subnet, or 6. 256-248 (or 2^3)= 8 so our subnet ID's are going to be in increments of 8. Our first subnet will be 192.168.0.8. The second one will be 192.168.0.16, etc.

Our first host (remember, we have to throw out the first range of addies, the 192.168.0.1-7) is 192.168.0.9. It seems that we should be able to, on this subnet, have the addresses 192.168.0.9 through 192.168.0.15. However, put 15 into binary, and yup--it's all ones. Remember--as stated in the last paragraph, we can only have 6 hosts per subnet. So, 192.168.0.9. That's one. 192.168.0.10, 11,12, 13, 14. There, we now have six hosts. The next subnet begins with 16. So, the first host address is 192.168.0.17. Again, add 6 to 16 and we see that the highest host ID that is allowed on this subnet is 192.168.0.22--NOT 23. When I originally wrote this, I added a note that I wasn't sure why we couldn't use 23 as it didn't come out to all ones in binary. Since then, Dr.Thomas Shinder, MD, MSCE, who along with his wife Debra has written several excellent books, including one on TCP/IP was kind enough to explain it. That explanation can be viewed here. As my purpose is to keep this as simple as possible, for the moment, simply keep in mind that you can only have six hosts per each subnet,and you begin counting host addresses from 17, not 16.

Paul Edwards, MCSE, CCNA,has also written a good subnetting tutorial. His tutorial can be seen here.

Supernetting

Supernetting, as might be guessed, is more or less the opposite of subnetting. Rather than making additional subnets, one takes a group of subnets and combines them into one. Again, I am not going to go into the theory here, simply the practice. While I saw no supernetting questions on my NT4.0 TCP/IP exam or CCNA 2.0 exam, I have heard that they do show up on the Windows 2000 tests. It's actually a little easier than subnetting, because, as will be explained below, rather than a formula of 2^n-2, one simply uses 2^n.

The subnets must be contiguous. For instance, three subnets of 192.168.1.0, 192.168.2.0 and 192.168.3.0. Note that the third octets are consecutive, 1, 2 and 3. So, rather than take (in binary) 0's from the host portion of the address and making them ones, we're taking 1's and making them zeros.

The formula in this case, rather than 2^n -2 is simply 2^n. We need to combine three subnets. If we needed to MAKE three subnets, we'd try 2^2-2. 4-2=2, not enough, we'd have to go to 2^3=8. 8-2=6, and therefore, we would have changed 3 0's in the last octet to 1's, changing our subnet mask from 255.255.255.0 to 255.255.255.224.

However, we're COMBINING 3 subnets into one this time. So,we have three subnets, 192.168.1.0, 192.168.2.0 and 192.168.3.0, all of which have a subnet mask of 255.255.255.0. 2^1=2. Nope, not enough. 2^2=4. 4 is larger than 3, so that gives us enough. We have to change 2 1's in the third octect to 0's. So, in binary, we have 11111111.11111111.11111111.00000000. We are changing 2 of those ones in the third octet to 0's. So, we have 11111111.11111111.11111100.00000000. Our new subnet mask is 255.255.252.0.

Suppose we have 8 subnets that we want to combine. First, what power of 2 equals or is greater than 8? 2^3=8. Ok, we need to knock off 3 1's from the third octet. So, a subnet mask of 255.255.248.0 will enable us to combine the 8 subnets into one.

The points to remember here. Instead of changing 0's to ones, beginning at the left side of an octet, we are changing ones to 0's, beginning at the right side of the octet. The subnets that are being combined must be contiguous, such as 192.168.1.0, 192.168.2.0, etc. At least for test purposes, we can't combine 192.168.1.0, 192.168.6.0 and 192.168.11.0. Figure out how many subnets you are combining. Figure out which power of 2 is equal or greater to that number, eg if it's 8 subnets that you're combining, what is n in 2^n=8. If it was just two subnets being combined, then it would be 2^1=2. If three subnets, then 2^2=4, if 5 subnets then 2^3=8, etc. Whatever n turns out to be, that's how many 1's you are taking away--from the RIGHT side of the octet, and changing them to 0's.

You probably have either memorized, or have your own method by now for remembering that 10000000 is 128, 11000000 is 192, 11100000 is 224, etc. So, if we change the last 2 1's of 255.255.255.0 to 0's that will be 252. If we change three 1's to 0 it will be 248, etc.

You can of course, simply memorize tables again, but it probably isn't necessary. At least in the practice tests I've seen, there were never more than 16 subnets to be combined, meaning that if you simply remember 240, 248, 252 and 254, you'll be fine. (For 16 subnets to be combined we would go 2^n=16. n=4. Take the last 4 1's of the third octet and make them 0's. This gives us 11110000 in binary, or 240 in decimal.

Hopefully, the above will simplify subnetting and supernetting enough for the reader to not only be able to use this knowledge on the exam but also in the real world, assuming that they can't find a freeware subnet calculator. Comments and criticisms are welcome--just drop me a line.