LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/retired/IP-Subnetworking.sgml

631 lines
22 KiB
Plaintext
Raw Blame History

<!doctype linuxdoc system>
<article>
<!-- Title information -->
<title>IP Sub-Networking Mini-Howto
<author>Robert Hart, <tt/hartr@interweft.com.au/
<date>v1.1, 30 August 2001
<!-- correct typos reported by users, 30 August 2001 -->
<!-- Greg Ferguson / linux-howto@metalab.unc.edu -->
<abstract>
This document describes why and how to subnetwork an IP network - that
is using a single A, B or C Class network number to function correctly on
several interconnected networks. </abstract>
<!-- Copyright 1997, Robert Hart -->
<sect>Copyright
<p>
This document is distributed under the terms of the GNU Public License (GPL).
<p>
This document is directly supported by InterWeft IT Consultants
(Melbourne, Australia).
<p>
The latest version of this document is available at the InterWeft WWW
site at <url url="http://www.interweft.com.au/" name="InterWeft IT
Consultants"> and from <url url="http://sunsite.unc.edu/LDP" name="The
Linux Documentation Project">.
<sect>Introduction
<p>
With available IP network numbers rapidly becoming an endangered
species, efficient use of this increasingly scarce resource is
important.
<p>
This document describes how to split a single IP network number up so
that it can be used on several different networks.
<p>
This document concentrates on C Class IP network numbers - but the
principles apply to A and B class networks as well.
<sect1>Other sources of information
<p>
There are a number of other sources of information that are of
relevance for both detailed and background information on IP numbers.
Those recommended by the author are:-
<itemize>
<item><url url="http://sunsite.unc.edu/LDP/LDP/nag/nag.html" name="The
Linux Network Administrators Guide">.
<item><url url="http://linuxwww.db.erau.edu/SAG/" name="The Linux System
Administration Guide">.
<item><url url="http://www.ora.com/catalog/tcp/noframes.html"
name="TCP/IP Network Administration by Craig Hunt, published by O'Reilly
and Associates">.
</itemize>
<sect>The Anatomy of IP numbers
<p>
Before diving into the delight of sub-networking, we need to establish
some IP number basics.
<sect1>IP numbers belong to Interfaces - <bf/NOT/ hosts!
<p>
First of all, let's clear up a basic cause of misunderstanding - IP
numbers are <bf/not/ assigned to hosts. IP numbers are assigned to
network interfaces on hosts.
<p>
Eh - what's that?
<p>
Whilst many (if not most) computers on an IP network will possess a
single network interface (and have a single IP number as a consequence),
this is not the only way things happen. Computers and other devices can
have several (if not many) network interfaces - and each interface has
its own IP number.
<p>
So a device with 6 active interfaces (such as a router) will have 6 IP
numbers - one for each interface to each network to which it is connected. The
reason for this becomes clear when we look at an IP network!
<p>
Despite this, most people refer to <em/host addresses/ when referring to an
IP number. Just remember, this is simply shorthand for <em/the IP number
of this particular interface on this host/. Many (if not the majority)
of devices on the Internet have only a single interface and thus a
single IP number.
<sect1>IP Numbers as &dquot;Dotted Quads&dquot;
<p>
In the current (IPv4) implementation of IP numbers, IP numbers consist
of 4 (8 bit) bytes - giving a total of 32 bits of available information.
This results in numbers that are rather large (even when written in
decimal notation). So for readability (and organisational reasons) IP
numbers are usually written in the 'dotted quad' format. The IP number
<tscreen><verb>
192.168.1.24
</verb></tscreen>
is an example of this - 4 (decimal) numbers separated by (.) dots.
<p>
As each one of the four numbers is the decimal representation of an 8
bit byte, each of the 4 numbers can range from 0 to 255 (that is take on
256 unique values - remember, zero is a value too).
<p>
In addition, part of the IP number of a host identifies the network on
which the host resides, the remaining 'bits' of the IP number identify
the host (oops - network interface) itself. Exactly how many bits are
used by the network ID and how many are available to identify hosts
(interfaces) on that network is determined by the network 'class'.
<sect1>Classes of IP Networks
<p>
There are three classes of IP numbers
<itemize>
<item>Class A IP network numbers use the leftmost 8 bits (the leftmost
of the dotted quads) to identify the network, leaving 24 bits (the
remaining three dotted quads) to identify host interfaces on that
network.<newline>
Class A addresses <bf/always/ have the leftmost bit of the leftmost
byte a zero - that is a decimal value of 0 to 127 for the first dotted
quad. So there are a maximum of 128 class A network numbers
available, with each one containing up to 33,554,430 possible
interfaces.
<newline><newline>
However, the networks 0.0.0.0 (known as the default route) and 127.0.0.0
(the loop back network) have special meanings and are not available for
use to identify networks. So there are only 126 <em/available/ A class
network numbers.
<item>Class B IP network numbers use the leftmost 16 bits (the leftmost two
dotted quads) to identify the network, leaving 16 bits (the last two
dotted quads) to identify host interfaces. Class B addresses always have
the leftmost 2 bits of the leftmost byte set to 1 0. This leaves 14 bits
left to specify the network address giving 32767 available B class
networks. B Class networks thus have a range of 128 to 191 for the first
of the dotted quads, with each network containing up to 32,766 possible
interfaces.
<item>Class C IP network numbers use the leftmost 24 bits (the leftmost
three bytes) to identify the network, leaving 8 bits (the rightmost
byte) to identify host interfaces. Class C addresses always start with
the leftmost 3 bits set to 1 1 0 or a range of 192 to 255 for the
leftmost dotted quad. There are thus 4,194,303 available C class network
numbers, each containing 254 interfaces. (C Class networks with the
first byte greater than 223 are however reserved and unavailable for use).
</itemize>
In summary:
<tscreen><verb>
Network class Usable range of first byte values (decimal)
A 1 to 126
B 128 to 191
C 192 to 254
</verb></tscreen>
<p>
There are also special addresses that are reserved for 'unconnected'
networks - that is networks that use IP but are not connected to the
Internet, These addresses are:-
<itemize>
<item>One A Class Network<newline>
10.0.0.0
<item>16 B Class Networks<newline>
172.16.0.0 - 172.31.0.0
<item>256 C Class Networks
192.168.0.0 - 192.168.255.0
</itemize>
<p>
You will note that this document uses these sequences throughout to avoid
confusion with 'real' networks and hosts.
<sect1>Network numbers, interface addresses and broadcast addresses
<p>
IP numbers can have three possible meanings:-
<itemize>
<item>the address of an IP network (a group of IP devices sharing common
access to a transmission medium - such as all being on the same Ethernet
segment). A network number will always have the interface (host) bits of
the address space set to 0 (unless the network is sub-networked - as we
shall see);
<item>the broadcast address of an IP network (the address used to 'talk',
simultaneously, to all devices in an IP network). Broadcast
addresses for a network always have the interface (host) bits of the the
address space set to 1 (unless the network is sub-networked - again, as
we shall see).
<item>the address of an interface (such as an Ethernet card or PPP interface
on a host, router, print server etc). These addresses can have any value
in the host bits <bf/except/ all zero or all 1 - because with the host bits all
0, the address is a network address and with the host bits all 1 the
address is the broadcast address.
</itemize>
<p>
In summary and to clarify things
<tscreen><verb>
For an A class network...
(one byte of network address space followed by three bytes of host
address space)
10.0.0.0 is an A Class network number because all the host
bits of the address space are 0
10.0.1.0 is a host address on this network
10.255.255.255 is the broadcast address of this network
because all the host bits of the address space are 1
For a B class network...
(two bytes of network address space followed by two bytes of host
address space)
172.17.0.0 is a B Class network number
172.17.0.1 is a host address on this network
172.17.255.255 is the network broadcast address
For a C Class network...
(three bytes of network address space followed by one byte of host
address space)
192.168.3.0 is a C Class network number
192.168.3.42 is a host address on this network
192.168.3.255 is the network broadcast address
</verb></tscreen>
<p>
Almost all IP network numbers remaining available for allocation at
present are C Class addresses.
<sect1>The network mask
<p>
The network mask is more properly called the subnetwork mask. However,
it is generally referred to as the network mask.
<p>
It is the network mask and its implications on how IP addresses are
interpreted <em/locally/ on an IP network segment that concerns us most
here, as this determines what (if any) sub-networking occurs.
<p>
The standard (sub-) network mask is all the network bits in an address
set to '1' and all the host bits set to '0'. This means that the
standard network masks for the three classes of networks are:-
<itemize>
<item>A Class network mask: 255.0.0.0
<item>B Class network mask: 255.255.0.0
<item>C Class network mask: 255.255.255.0
</itemize>
<p>
There are two important things to remember about the network mask:-
<itemize>
<item>The network mask affects only the <bf/local/ interpretation of
<bf/local/ IP numbers (where local means on this particular network segment);
<item>The network mask is <bf/not/ an IP number - it is used to modify
how local IP numbers are interpreted locally.
</itemize>
<sect>What are subnets?
<p>
A subnet is a way of taking a single IP network address and <bf/locally/
splitting it up so that this single network IP address can actually be
used on several interconnected local networks. Remember, a single IP
network number can only be used on a single network.
<p>
The important word here is <bf/locally/: as far as the world outside the
machines and physical networks covered by the sub-netted IP network are
concerned, nothing whatsoever has changed - it is still just a single IP
network. This is important - sub-networking is a <bf/local/ configuration
and is invisible to the rest of the world.
<sect>Why subnetwork?
<p>
The reasons behind sub-networking date back to the early specification of
IP - where just a few sites were running on Class A network numbers,
which allow for millions of connected hosts.
<p>
It is obviously a huge traffic and administration problem if all IP
computers at a large site need to be connected to the same network:
trying to manage such a huge beast would be a nightmare and the network
would (almost certainly) collapse under the load of its own traffic
(saturate).
<p>
Enter sub-networking: the A class IP network address can be split up to
allow its distribution across several (if not many) separate networks.
The management of each separate network can easily be delegated as well.
<p>
This allows small, manageable networks to be established - quite
possibly using different networking technologies. Remember, you cannot mix
Ethernet, Token Ring, FDDI, ATM etc on the same physical network - they
can be interconnected, however!
<p>
Other reasons for sub-networking are:-
<itemize>
<item>Physical site layout can create restrictions (cable run lengths)
in terms of the how the physical infrastructure can be connected,
requiring multiple networks. Sub-networking allows this to be done in an
IP environment using a single IP network number.
<newline><newline>
This is in fact now very commonly done by ISPs who wish to give their
permanently connected clients with local networks static IP numbers.
<item>Network traffic is sufficiently high to be causing significant
slow downs. By splitting the network up using subnetworks, traffic that
is local to a network segment can be kept local - reducing overall
traffic and speeding up network connectivity without requiring more
actual network bandwidth;
<item>Security requirements may well dictate that different classes of
users do not share the same network - as traffic on a network can always
be intercepted by a knowledgeable user. Sub-networking provides a way to
keep the marketing department from snooping on the R &amp; D network traffic
(or students from snooping on the administration network)!
<item>You have equipment which uses incompatible networking technologies
and need to interconnect them (as mentioned above).
</itemize>
<sect>How to subnetwork a IP network number
<p>
Having decided that you need to subnetwork your IP network number, how
do you go about it? The following is an overview of the steps which will
then be explained in detail:-
<itemize>
<item>Set up the physical connectivity (network wiring and network
interconnections - such as routers;
<item>Decide how big/small each subnetwork needs to be in terms of the
number of devices that will connect to it - ie how many usable IP
numbers are required for each individual segment.
<item>Calculate the appropriate network mask and network addresses;
<item>Give each interface on each network its own IP address and the
appropriate network mask;
<item>Set up the routes on the routers and the appropriate gateways,
routes and/or default routes on the networked devices;
<item>Test the system, fix problems and then relax!
</itemize>
<p>
For the purpose of this example, we will assume we are sub-networking a single C
class network number: 192.168.1.0
<p>
This provides for a maximum of 254 connected interfaces (hosts), plus
the obligatory network number (192.168.1.0) and broadcast address
(192.168.1.255).
<sect1>Setting up the physical connectivity
<p>
You will need to install the correct cabling infrastructure for all the
devices you wish to interconnect designed to meet your physical layout.
<p>
You will also need a mechanism to interconnect the various segments
together (routers, media converters etc.).
<p>
A detailed discussion of this is obviously impossible here. Should you
need help, there are network design/installation consultants around who
provide this sort of service. Free advice is also available on a number of
Usenet news groups (such as comp.os.linux.networking).
<sect1>Subnetwork sizing
<p>
There is a play off between the number of subnetworks you create and 'wasted'
IP numbers.
<p>
Every individual IP network has two addresses unusable as interface
(host) addresses - the network IP number itself and the broadcast
address. When you subnetwork, each subnetwork requires its own, unique
IP network number and broadcast address - and these have to be valid
addresses from within the range provided by the IP network that you are
sub-networking.
<p>
So, by sub-networking an IP network into two separate subnetworks, there
are now <bf/two/ network addresses and <bf/two/ broadcast addresses -
increasing the 'unusable' interface (host) addresses; creating 4
subnetworks creates <bf/eight/ unusable interface (host) addresses and
so on.
<p>
In fact the smallest usable subnetwork consists of 4 IP numbers:-
<itemize>
<item>Two usable IP interface numbers - one for the router interface on
that network and one for the single host on that network.
<item>One network number.
<item>One broadcast address.
</itemize>
<p>
Quite why one would want to create such a small network is another
question! With only a single host on the network, any network
communication must go out to another network. However, the example does
serve to show the law of diminishing returns that applies to
sub-networking.
<p>
In principle, you can only divide your IP network number into 2^n (where
n is one less that the number of host bits in your IP network number)
equally sized subnetworks (you can subnetwork a subnetwork and combine
subnetworks however).
<p>
So be realistic about designing your network design - you want the
<bf/minimum/ number of separate local networks that is consistent with
management, physical, equipment and security constraints!
<sect1>Calculating the subnetwork mask and network numbers
<p>
The network mask is what performs all the <bf/local/ magic of dividing
an IP network into subnetworks.
<p>
The network mask for an un-sub-networked IP network number is simply a
dotted quad which has all the 'network bits' of the network number
set to '1' and all the host bits set to '0'.
<p>
So, for the three classes of IP networks, the standard network masks
are:-
<itemize>
<item>Class A (8 network bits) : 255.0.0.0
<item>Class B (16 network bits): 255.255.0.0
<item>Class C (24 network bits): 255.255.255.0
</itemize>
<p>
The way sub-networking operates is to <em/borrow/ one or more of the
available host bits and make then make interfaces <bf/locally/ interpret
these borrowed bits as part of the network bits. So to divide a network
number into two subnetworks, we would borrow one host bit by setting the
appropriate bit in the network mask of the first (normal) host bit to '1'.
<p>
For a C Class address, this would result in a netmask of
<newline>
11111111.11111111.11111111.10000000
<newline>
or 255.255.255.128
<p>
For our C Class network number of 192.168.1.0, these are some of the
sub-networking options you have:-
<code>
No of No of
subnets Hosts/net netmask
2 126 255.255.255.128 (11111111.11111111.11111111.10000000)
4 62 255.255.255.192 (11111111.11111111.11111111.11000000)
8 30 255.255.255.224 (11111111.11111111.11111111.11100000)
16 14 255.255.255.240 (11111111.11111111.11111111.11110000)
32 6 255.255.255.248 (11111111.11111111.11111111.11111000)
64 2 255.255.255.252 (11111111.11111111.11111111.11111100)
</code>
<p>
In principle, there is absolutely no reason to follow the above way of
subnetworking where network mask bits are added from the most
significant host bit to the least significant host bit. However, if you
do not do it this way, the resulting IP numbers will be in a <em/very/
odd sequence! This makes it extremely difficult for us humans to decide
to which subnetwork an IP number belongs as we are not too good at thinking
in binary (computers on the other hand are and will use whatever scheme
you tell them with equal equanimity).
<p>
Having decided on the appropriate netmask, you then need to work out
what the various Network and broadcast addresses are - and the IP number
range for each of these networks. Again, considering only a C Class IP
Network number and listing only the <em/final/ (host part) we have:-
<code>
Netmask Subnets Network B'cast MinIP MaxIP Hosts Total Hosts
--------------------------------------------------------------------------
128 2 0 127 1 126 126
128 255 129 254 126 252
192 4 0 63 1 62 62
64 127 65 126 62
128 191 129 190 62
192 255 193 254 62 248
224 8 0 31 1 30 30
32 63 33 62 30
64 95 65 94 30
96 127 97 126 30
128 159 129 158 30
160 191 161 190 30
192 223 193 222 30
224 255 225 254 30 240
</code>
<p>
As can be seen, there is a very definite sequence to these numbers,
which make them fairly easy to check. The 'downside' of sub-networking is
also visible in terms of the reducing total number of available host
addresses as the number of subnetworks increases.
<p> With this information, you are now in a position to assign host and
network IP numbers and netmasks.
<sect>Routing
<p>
If you are using a Linux PC with two network interfaces to route between
two (or more) subnets, you need to have IP Forwarding enabled in your
kernel. Do a
<code>
cat /proc/ksyms | grep ip_forward
</code>
<p>
You should get back something like...
<code>
00141364 ip_forward_Rf71ac834
</code>
<p>
If you do not, then you do not have IP-Forwarding enabled in your kernel
and you need to recompile and install a new kernel.
<p>
For the sake of this example, let us assume that you have decided to
subnetwork you C class IP network number 192.168.1.0 into 4 subnets
(each of 62 usable interface/host IP numbers). However, two of these
subnets are being combined into a larger single network, giving three
physical networks.
<p>
These are :-
<code>
Network Broadcast Netmask Hosts
192.168.1.0 192.168.1.63 255.255.255.192 62
192.168.1.64 192.168.1.127 255.255.255.192 62
192.168.1.128 192.168.1.255 255.255.255.128 124 (see note)
</code>
<p>
Note: the reason the last network has only 124 usable network addresses
(not 126 as would be expected from the network mask) is that it is
really a 'super net' of two subnetworks. Hosts on the other two networks
will interpret 192.168.1.192 as the <em/network/ address of the 'non-existent'
subnetwork. Similarly, they will interpret 192.168.1.191
as the broadcast address of the 'non-existent' subnetwork.
<p>
So, if you use 192.168.1.191 or 192 as host addresses on the third
network, then machines on the two smaller networks will not be able to
communicate with them.
<p>
This illustrates an important point with subnetworks - the usable
addresses are determined by the <bf/SMALLEST/ subnetwork in that address
space.
<sect1>The routing tables
<p>
Let us assume that a computer running Linux is acting as a router for
this network. It will have three network interfaces to the local LANs
and possibly a fourth interface to the Internet (which would be its
default route.
<p>
Let us assume that the Linux computer uses the lowest available IP
address in each subnetwork on its interface to that network. It would
configure its network interfaces as
<code>
Interface IP Address Netmask
eth0 192.168.1.1 255.255.255.192
eth1 192.168.1.65 255.255.255.192
eth2 192.168.1.129 255.255.255.128
</code>
<p>
The routing it would establish would be
<code>
Destination Gateway Genmask Iface
192.168.1.0 0.0.0.0 255.255.255.192 eth0
192.168.1.64 0.0.0.0 255.255.255.192 eth1
192.168.1.128 0.0.0.0 255.255.255.128 eth2
</code>
<p>
On each of the subnetworks, the hosts would be configured with their own
IP number and net mask (appropriate for the particular network). Each host
would declare the Linux PC as its gateway/router, specifying the Linux
PCs IP address for its interface on to that particular network.
<p>
Robert Hart
Melbourne, Australia March 1997.
</article>
View Git Blame Copy Permalink