Daryl's TCP/IP Primer

Addressing and Subnetting on the Near Side of the 'Net

[<--Prev] [Next-->]
[Printable Version] [Daryl's ColdFusion Primer] [About Daryl]

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.

5. IP Addresses, Subnet Masks, and Subnetting

There are two sets of rules for subnetting TCP/IP networks. The original set of rules can be found in RFC 950, and the new set of rules can be found in RFC 1812.

Although RFC 1812 came out in June of 1995(!), most certification tests still test you on the RFC 950 rules, for (in my opinion) one of the following reasons: Please keep the fact that the following information in Part A is no longer relevant to the real world; however, it may be necessary to understand it if: I still get many questions to the effect of, "I don't understand. This source says I can break this Class C into six subnets, but this other source says you can break the same network into eight subnets. What gives?" The short answer is, it depends on which RFC is valid in your environment. If you are still running an unpatched Netware 3.11 server, you will find yourself constrained by RFC 950 rules. However, a patch has been available for that 1991 platform since sometime around 1995; if you are still running version 1.00 of the Netware TCPIP.NLM, then IP Routing issues are the least of your concerns. :-)

Part A: The World According to RFC 950 (the old way of doing things)

An IP Address is broken up into three parts: the network portion, the subnet portion (optional), and the host portion. The size of the network portion is determined by the first byte of the address:

First ByteClassNetwork Mask (explained later)

Note: people often refer to any subnet with a mask of as being a class "C" network; however, the only "true" class "C" networks have a first byte in the range of 192-223. This becomes important when you start subnetting.

The Subnet portion of an IP address is actually optional, and, in fact, is rarely used on class "C" networks. Generally, you can subnet any network you have control over, in any valid way you want. The tricky part is understanding what is valid.
Lets start with some ground rules:

Valid Configuration:

Invalid Configurations:

...This is invalid since the [exact] same subnet exists on both sides of the router.

...This is invalid since the same subnet exists on both sides of the router. Watch that subnet mask! (See below.)

These images created using SmartDraw. Click Here for a free trial copy.

...This is invalid because a the same host address could be "valid" on either subnet, e.g. Even though the right side subnet is valid by itself, it is actually a small piece of the left side network.
Exception! Address overlap of this sort is usually not allowed between two physical subnets: unless the router was specifically configured to "pretend" it was every address on for its left-side interface in the diagram, it would be impossible for hosts on one side of the router to communicate with hosts on the other side. In this diagram, the subnet is known as a "stub subnet"; the process of pretending you are hosts you're not, in order to facilitate routing packets to a stub subnet, is known as "proxy arp." No two hosts on the Internet can have the same IP address. If you create a stub subnet, no host on the "main" side can have an address that might be valid on the "stub" side.
[Please also note that the diagram in question is talking about two physical subnets attached to one router, not routing tables on upstream routers, which would aggregate both networks into one route of]

The Glossy Explanation

When using a subnet mask of, the first two bytes indicate the network you're on, and the last two bytes indicate the host you are on that network. Very rarely will you find a network segment with 65,534 hosts on it, though. You'll only find network masking like that used closer to the Internet backbone, in the context of, "All them hosts [and subnets thereof] are thataway." Now, that brings up one of the nice features of subnet masking: you can lump a bunch of networks together by using unusual subnet masking; however, that sort of activity generally doesn't happen on the near side of the 'net.

When using a subnet mask of, the first three bytes indicate the network you're on, and the last byte is the host you are on that network. Hosts .1 through .254 are available.

By using a subnet mask of, you can split that network into two halves, the first half containing the host addresses .1 through .126, the second half containing the host addresses .129 through .254. Note that on a true class "C" network, you can't use the top subnet, since the bit in the subnet portion (one bit on a class "C") would be one (refer to ground rule "D".)

By using a subnet mask of, you can split the network into four portions, each with 64 hosts (62 usable.) Subnetwork one includes the addresses .1 through .62, subnetwork two includes the addresses .65 through .126, subnetwork three includes .129 through .190, and subnetwork four includes the hosts .193 through .254. On a true class "C" network, subnetwork four is not valid.

You can not arbitrarily cut a piece out of one network and place it on another segment; the best you can do with a given subnet (or network) is chop it in halves, or quarters, or eighths, or sixteenths... (note the "powers of two" progression; this is an effect of stealing bit positions from the host address section, and giving those bits positions to the subnet portions. It gets complicated...)

Part B: The World According to RFC 1812 (the "new" way of doing things)

or, By The Way - Forget Everything You Just Learned, It Became Obsolete in 1995

Under RFC 1812, things have changed..!

Perhaps the most significant change on the near side of the 'net under RFC 1812 is Classless Inter-Domain Routing (CIDR, pronounced "Cider"). Under CIDR, the concept of separate "network" and "subnet" portions is now considered outdated, and is being replaced by a "classless" addressing scheme where addresses can be "subnetted" more freely, without consideration of the "class" of address. With the removal of the subnet portion, and the liberalization of (what is now called) the network prefix, there is no longer a consideration of whether or not the bits within the subnet portion are all ones; in other words, you no longer lose a subnet when you break up what used to be known as a class "C" network. You can also aggregate formerly class "C" networks together using network prefixes fewer than 24 bits long. For example, you could combine the formerly class "C" networks and into a single subnet with 510 usable addresses, by using a network mask of What you're really saying here is that the last bit of the third byte now belongs to the "host number" portion of the address, and the "network prefix" is 23 bits (two bytes and seven bits) long. Therefore, the two networks being combined must be contiguous, and the third byte must be even on the lower numbered network. You could not combine, for example, and; not could you combine and You could follow similar rules to combine four contiguous class "C" style networks, but the third byte of the lowest numbered network would have to be a multiple of four. This sort of thing is routinely done (on an increasingly larger scale) as you get closer to the Internet backbones.

Most of the other effects of RFC 1812 and CIDR routing affect areas of the 'net closer to the backbone, and mostly work to reduce the size (or at least the rate of growth) of routing tables in backbone routers.

Part C: Huh? (or, Perhaps you could apply an analogy to all this?)

A good analogy for IP addressing and packet forwarding (routing) is the snail mail analogy. Consider an IP packet to be an envelope containing data, and having an address on the front. Every TCP/IP-enabled network interface can be compared to a mailbox. Every mailbox (interface) has an IP address. The four bytes of an IP address can be compared to the state, city, street, and house number fields on the front of a snail mail envelope. A router in this analogy is a post office, that sorts and forwards mail based on the address on the envelope (packet header.) If the address is on the same street (based on the subnet mask,) the envelope (packet) is sent directly to the destination mailbox (interface) via local courier (Ethernet?). If the address is determined to be on another street, or in another city or state, the envelope (packet) is delivered via local courier (Ethernet?) to the street's post office (router), where the postal workers (routing software) sort and forward mail based on established post office sorting procedures (routing tables.) The breakdown in this analogy, of course, is that no routing software has ever been known to shoot people. (Just Kidding :-)

Next: Subnetting, Bit by Bit

Copyright ©1996-2014 Daryl Banttari. See Disclaimer.