As I mentioned earlier, the concept of classful subnetting isn't used that often anymore. The main use of classful subnetting is in the default configuration of network appliances (such as routers) and also the default settings of most DHCP servers. In the case of home routers, the DHCP server is typically built in, and the default scheme is most often a Class C network (typically 192.168.1.0, with a couple of variations in between). But with most devices, home or enterprise, you'll probably get a Class C IP scheme if you don't change it to something else. There's nothing necessarily wrong with these default settings in a small network, but almost no one configuring a network nowadays uses the classful style. The reason for this is that classful networks are too limiting; in complex network roll-outs, it can be a pain to try to force your network plan to fit within one of these predetermined schemes.
The answer to the lack of flexibility in classful schemes comes in the form of Classless Inter-Domain Routing (CIDR). With CIDR, we basically throw the limitations of Class A, B, and C subnet masks out the window. Instead, we use a binary system to determine how to divide our networks. So, rather than stick with just three different subnet masks, we can borrow bits and change the subnet mask to divide networks in more flexible ways.
To understand this concept, it's important to first understand the idea of bits. Each octet within a subnet mask contains eight bits. Each bit is either a 1 or a 0 (binary). Also, each of the eight bits has a value of worth. To illustrate this, take the number 255. This is the highest value any octet can be. Written in binary, 255 is 11111111. Therefore, a Class C subnet mask of 255.255.255.0 written in binary would be 11111111.11111111.11111111.00000000.
To make this even easier to understand, see the following table where I outline one of the four outlets (255) and show it in binary. In this table, the top row gives you the point value of each bit. You can see that the rightmost bit is worth only 1, while the leftmost is worth 128. Any bit that is a 1 on the bottom gets totaled up. In this case, every bit is a 1 (since 255 is the maximum), so we add up every number on the top row and come out with 255.
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
1 |
1 |
1 |
1 |
1 |
1 |
1 |
1 |
For another example, see the following table:
|
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
1 |
1 |
1 |
1 |
0 |
0 |
0 |
0 |
To convert this number into a decimal, start at the right and work your way to the left. The first bit is a 0. Does it qualify for the point value of 1? Nope. Skip it. Next, it doesn't qualify for 2, 4, or 8 either. So skip those. But it does qualify for the last four, 16, 32, 64, and 128. Add those together. The answer? 224. You just converted the binary number of 1111000 into decimal.
Could we have used 1101000 for a value within a subnet mask? No way. The reason is because the bits that are a 1 in a subnet mask must be sequential. The following are all valid binary numbers in a subnet mask:
00000000 10000000 11000000 11100000 11110000 11111000 11111100 11111110 11111111
In fact, that's it. Since any 1's must be sequential (starting from the left to the right), those are the only numbers that are valid for any octet within a subnet mask. Therefore, the only valid decimal values for any octet of a subnet mask are 0, 128, 192, 224, 240, 248, 252, 254, and 255.
To subnet a network, we simply alter the number of sequential 1's. For example, the binary representation of 255.255.255.0 is 11111111.11111111.11111111.00000000. We could add an additional 1 to this mask, giving us 11111111.11111111.11111111.10000000, which gives us a subnet mask of 255.255.255.128. Using this subnet mask, we are able to divide our network into two parts. Let's break this down.
As I've mentioned several times, the purpose of a subnet mask is to mask out which portion of the IP address is for the network and which portion is for the individual nodes. As we already know, a subnet mask of 255.255.255.0 means that the first three octets cannot be used, but we can use it as the last one is a 0. If we apply this subnet mask to the 10.10.10.0 network, we can tell that every host will have an IP address of 10.10.10.x. The last octet is 0 and it tells us that IP addresses 10.10.10.1 to 10.10.10.254 are up for grabs. Again, we can't use the first IP of a subnet (10.10.10.0 in this case) or the last (10.10.10.255), as those correspond to the network identifier and broadcast address, respectively.
But what do we do with a subnet mask that does not end in 0? With a subnet mask of 255.255.255.128, the last octet is used but not exhausted, since it's not the maximum value of 255. We have some left over. This is because when an octet is not 255 in a subnet mask, it doesn't completely mask out that octet. Instead, it creates a dividing line. If we apply that subnet mask to our 10.10.10.0 network, the IP address of 10.10.10.128 cannot be used. What we've done is split that last octet in half. Remember, values 0 to 255 are valid in an octet; thus, 256 available numbers halved is 128. With that in mind, we created a scheme where we have two networks. One network contains IP addresses 10.10.10.1 to 10.10.10.126. The other allows us IP addresses 10.10.10.129 to 10.10.10.254. The reason for this is because 10.10.10.128 is the dividing line of our subnet and cannot be used. I also mentioned that the first and last IP addresses within a block can't be used either, because 10.10.10.0 and 10.10.10.128 are the identifiers for each network. The last IP addresses in each block are 10.10.10.127 and 10.10.10.255, respectively, and are off-limits because those are now the broadcast addresses for these two networks. If we write out these networks in the CIDR format, we get the following:
10.10.10.0/25 10.10.10.128/25
Remember, we count the number of sequential ones in the subnet mask to reach the slash number at the end. We could have written it as the following, but I'm sure you'll agree that CIDR is easier to type:
10.10.10.0/255.255.255.128 10.10.10.128/255.255.255.128
In binary, that subnet mask is 11111111.11111111.11111111.1 0000000. Since there are 25 1's, the CIDR notation for this subnet mask is 25. Hopefully, the concept is making sense now.
As for our classless style, there's nothing stopping you from using a subnet mask such as 255.255.255.0. Not everyone needs a large number of hosts. But instead of calling that a Class C subnet mask, in the CIDR style we would instead refer to it as a /24 network. In the table, I list the subnet masks used in discussion of classful networks, as well as their CIDR equivalent.
|
Class |
Subnet mask |
CIDR notation |
|---|---|---|
|
A |
255.0.0.0 |
/8 |
|
B |
255.255.0.0 |
/16 |
|
C |
255.255.255.0 |
/24 |
Now that we understand how subnetting works, how do we put this in action in our network? Fortunately, that part is easy. The magic for rolling out a subnet is all in your DHCP server. If you recall, in Chapter 6, Configuring Network Services, we used the following configuration in our DHCP server's /etc/dhcp/dhcpd.conf file:
default-lease-time 86400; max-lease-time 86400; option subnet-mask 255.255.252.0; option broadcast-address 10.10.99.255; option domain-name "local.lan"; authoritative; subnet 10.10.96.0 netmask 255.255.252.0 { range 10.10.99.100 10.10.99.254; option routers 10.10.96.1; option domain-name-servers 10.10.96.1; }
In the first bold line, I'm providing a subnet mask of 255.255.252.0 to each node that receives an IP address from this server. In the block of code toward the end, I've decided to issue IP addresses from 10.10.99.100 through 10.10.99.254. Therefore, each node will receive a 10.10.99.x IP address and a 255.255.252.0 subnet mask.
The only thing left when rolling out a subnet scheme is to ensure that every server or appliance that has a static IP address is also changed. Unless you've used a static lease (also known as a reservation), you'll have to find those hosts and change them manually. For this reason, I always prefer static leases over static IPs. With static leases, all you would have to do is edit your DHCP configuration and change the IPs distributed to your hosts. Refer to Chapter 6, Configuring Network Services, for how we set up our reservations.