Hi Guys,
This post is to explain sub netting. As a security professional we should have a grasp over such concepts . I believe readers of this post would have an initial knowledge about IP addresses and their classes.
This post is to explain sub netting. As a security professional we should have a grasp over such concepts . I believe readers of this post would have an initial knowledge about IP addresses and their classes.
Sub netting : Dividing a network into smaller networks
Importance
- Maintenance and management becomes easier
- Security – for example if four departments in an organization , development , testing , HR , operations , we don’t want all departments to access data of other departments
Disadvantages:
- In subnet , to reach a host it takes extra steps
How it works:
Let say we bought class C network, 8 bits host, and 24
network bits,
200.1.2.0
– It has 2^8 -2 hosts,
that is 254 hosts
200.1.2. _
_ _ _ _ _ _ _ the first bit of host Id
is suppose taken as subnet id, rest 7 bits represent host id
By choosing first bit
we divide into two sub networks :
0 _ _ _ _ _ _ _
|
1 _ _ _ _ _ _ _
|
It goes from 0 to 127
|
it goes from 128 to 255
|
So the sub network id here is:
|
So the sub
network id here is:
|
200.1.2.0
|
200.1.2.128
|
And directed broadcast address is:
|
And directed broadcast address is:
|
200.1.2.127
|
200.1.2.255
|
For network as a whole also network id is 200.1.2.0 and directed broadcast address is 200.1.2.255
Q1. So now when we send a packet to 200.1.2.0 what do we mean , whether the whole network or the first sub
network, so to resolve this ambiguity we have to see how it is arranged?
Solution : So whenever we say .0 we need whole network or the first sub
network depends on we are inside or outside the organization
If inside network - packet is coming from inside then sub network
is considered
If outside network – whole network considered
Q 2. How many ip addresses are usable now ?
Two subnets – each has 128 addresses
So now we have 252
usable ip addresses as each sub network would waste two IP addresses for sub net
id and broadcast id.
--------------------------------------------------------------------------------------------------------------------------
Now if we want to divide
a network into four sub networks then how do we do it?
For 4 parts we would need 2 bits
200.1.2.0
_
_ _ _ _ _ _ _ - 8 host id bits, selected first two bits
Sub networks
|
Range
|
S1 = 00
|
0 to 63
|
S2 = 01
|
64 to 127
|
S3 = 10
|
128 to 191
|
S4 = 11
|
192 to 255
|
So suppose packet is sent to 200.1.2.20, router has to
identify to which network this IP address belongs
Subnet Mask
The number of 1’s
represent network id part and sub network id part and number of 0’s represent
host id part
So for above scenario
Subnet Mask -> 11111111.11111111.1111111.11000000
-> 255.255.255.192
Advantage:Suppose we have to send a packet to IP address:
200.1.2.130
|
11001000.00000001.00000010.10000010
|
|
255.255.255.192
|
11111111.11111111.11111111.11000000
|
|
Bit wise ‘and’ result
|
11010000.00000001.00000010.10000000
|
200.1.2.128
|
Conclusion: So
the IP address 200.1.2.130 belongs
to network 200.1.2.128
Let’s take 200.1.2.10 as another example
200.1.2.10
|
11001000.00000001.00000010.00001010
|
|
255.255.255.192
|
11111111.11111111.11111111.11000000
|
|
Bit wise and result
|
11010000.00000001.00000010.0000000
|
200.1.2.0
|
So main advantage is
a subnet mask helps in identifying to which network the IP address belongs.
This decision has to be taken by router which contains
routing table.
NID
|
SM
|
Interface
|
200.1.2.0
|
255.255.255.192
|
a
|
200.1.2.64
|
255.255.255.192
|
b
|
200.1.2.128
|
255.255.255.192
|
c
|
200.1.2.192
|
255.255.255.192
|
d
|
0.0.0.0
|
0.0.0.0
|
e
|