How to Subnet
Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer
Original publication: 3/2002, Updated 5/2010
Background - Why I Published This Blog
There are many tutorials on the internet providing subnetting guidelines. I tried to provide a simple, 15 minute tutorial that I use teaching a class on how to subnet. At the requests of some of my students, I created a blog with the steps involved. This is a simple tutorial providing a quick and easy way to understand how to subnet.
What is subnetting?
Subnetting is the process of dividing up a network ID into more or less IP addresses based on what's needed for a network solution.
In the early 1990's, it was realized that the number of public IPs in the 32 bit address space was finite, and dwindling as companies snatched them up. Some companies have huge blocks (Class A or /8 ranges) that provide over 16 million IP addresses. That was wastefull, especially if a company doesn't have a need for that many. Private IP addressing wasn't as prevalent as it is today. Public IPs were used, but because the number of public IPs were finite, we had to find a way to break down a range in order to offer less than a whole range for what a customer may need. Why give them 254 IP addresses when they need say, 20 IP addresses? That was sure wasteful as well.
In Feb, 1996, RFC1918 was introduced to address the wastefulness, and provide a means to break down a network using a private IP range, instead of wasting public IPs in a private network.
RFC1918 - Address Allocation for Private Internets
RFC 1918 is in wide use today. It's so widely used, that even with the advent of IPv6 to provide a logirithmically more number of IPs for the public ranges, it has not been widely adopted. This is because the private ranges provide more than enough for an internal private range. However, there are numerous advantages of using IPv6, besides many more IPs than IPv4 can handle, there is also routing information in the IP. However, as mentioned, it has not been widely adopted, upto the date of this publication.
When I worked for a VAR (Value Added Reseller) in the mid 1990's, I learned how to subnet with the method below from a tech that worked at UUNet. UUNet at that time, was our primary go-to company to resell an Internet solution for our customers. Since we were VARs, we offered a complete soup to nuts solution for our customers selling the Pick MDBMS solution. Pick Systems is no longer around, and there are other companies selling and supporting the basic Pick solution. The point is, at that time, only public IP addresses were offered for internal use. Therefore we needed to make sure we didn't give out more than what was neccessary in order to not waste the dwindling number of IPs on the internet. Once we've come up with an MDBMS solution for the customer, we then addressed their internet requirements. Once a solution is in place, we needed to figure out how many hosts (computers, servers, the internal router address, etc) will be connected to the internet or their internal network. Once we have the total, then we figured out that subnet mask was required to support the number of hosts on the internal network.
Quick Example: Customer needs only 20 IP addresses
Let's start off with a quick example before getting into how to break it down. For example, if you have a customer that needs 20 IP addresses, you only really want to give them 20 IP addresses and no more.
To achieve this, requires a basic understanding of the process. If you provide an IP range a 255.255.255.0 subnet mask, you are telling the computer that its IP address is one of 254 IP addresses on the network. Why is that? Because the ".0" on the end of the mask is the number of hosts the mask supports, or basically says there are 254 usable IPs in that mask. The "255" portion of a mask are the number of networks. If you break down a mask of 255.255.255.0 into its corresponding bits, it would look like this:
There are eight zeros to the right of the 1's. If you take 2^8 (2x2x2x2x2x2x2x2), it equals to 256. That's how many IP's it will handle. The more zeros, the more IPs it will handle, the less zeros, the less IPs. Using the inverse, the more "1's" in the mask, the more networks, and the less "1's" in the mask, the less networks.
You can look at it as using a slide rule. If you put the focus on the slide in between the zero and the one, you can move it left to right. If you move the ruler to the right, it gives you more networks, but less IPs, and move it to the left, it gives you more IPs but less networks.
So the case in point, if the customer only needs 20 IPs, we don't need a mask with eight "0's" in it. We need less.
How many less? Good question. Convert the number 20 into binary. You will get 10100. You are not really concerned with what the actual result is, but the number of digits in the binary answer. In this answer, there are 5 digits. Therefore, that is how many "0's" you need in the right portion of the mask. That will support the 20 IP addresses the customer needs. You say it will suppport more? Yes, that's correct. Actually, five "0's" will support 32 IP addresses. If we tried to give it four "0's" it will only support 16 IP addresses (14 usable).
Scenario: A customer needs 50 IP Addresses
put 50 into the calc and find out it's binary equivalent.
50 is equal to 110010
All we really need of this answer is the # of bits
which in this case, it's 6 bits
So now we can put together a mask
Remember that the network bits are on the left and the host bits are to the right.
So we'll take the 6 bits, since they represent the hosts, and put them to the right.
For the remainder of the byte (or the octet), we'll buffer it with 1's to the left.
Which comes out to be in this case:
We'll now convert 11000000 to decimal (calculator or manual, whatever you
11000000 = 192
So now we have a working mask:
Which is equal to:
Now we need to determine the IP ranges.
We'll go back to the mask:
Now we need to find the Delta.
To do that we'll look at the binary column of the first significant bit (1)
to the left of the zeros. Which in our mask, it winds up being in the 64 column.
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
The second bit above is the first significant bit (a "1") to the left of the zeroes. It's in the 64 column.
So we now have our Delta, which is equal to 64.
Then we'll map out a series using the Delta, starting with 0.
We'll now determine a IP range that is not being used, and we'll apply that
IP range to this map.
From iventory, we look for a range that has not yet been assigned to a customer. We found this one below to assign for this customer:
Applying the IP range to the series, we find that we now have 4 IP subnets. Notice that the 64 and subsequent multiples, are actually the starting point of the next range. So
the end IP address based on the Delta, is the Delta minus 1. So the first range is 0 to 63, the second range is 64 to 127, etc. Here they are layed out below. You can do this
with ANY range, it doesn't matter what range you use.
184.108.40.206 to 220.127.116.11
18.104.22.168 to 22.214.171.124
126.96.36.199 to 188.8.131.52
184.108.40.206 to 220.127.116.11
So now we choose one of the ranges to give to our customers.
We'll choose the first range:
18.104.22.168 to 22.214.171.124
And we'll tell our customers that their actual usable IP range will be from:
126.96.36.199 to 188.8.131.52,
which winds up being 62 IP addresses. Always keep in mind, the router needs an IP, after all, how would they get off the network if they didn't have a router?
Will this take care of the customer's requirements?
Yes, with plenty of leftover.
Now, just to test whether a machine on one range communicate with another, we'll use
the "Anding" process.
We'll choose a source host of 184.108.40.206 to communicate to 220.127.116.11 on these two networks..
We'll "AND" the source IP and the source mask of 255.255.255.192 then we'll
compare the result to the "ANDING" of the destination IP and source mask
10001110.10011011.00110101.00001100 Source 18.104.22.168=
11111111.11111111.11111111.11000000 Source MASK
10001110.10011011.00110101.00000000 = Result of Anding the above two.
10001110.10011011.00110101.01011010 Destination 22.214.171.124
11111111.11111111.11111111.11000000 Source Mask
10001110.10011011.00110101.01000000 = Results of Anding the above two.
Are the results equal???
No, they are not, so therefore, we can state in order for the source machine IP to communicate with the destination IP in this case, we need a router between them.
Determine the # of Networks Required in a Scenario
The above was done based on the number of IPs the customer needed. Now let's turn it around in a different scenario and determine the # of networks required in a scenario.
If a customer has 800 machines per location and they have about 30
locations, and they will be adding about 20 more locations in the next year
or so, what IP range can I give them and what mask will handle this?
Also state how many IP address that this mask will handle.
In this case, the # of networks (locations) are important and will be the
bases of this problem.
Now add 20 + 30 = 50 networks.
We'll take the 50 and comvert to binary:
Convert this to all 1's = 111111
this is the # of network bits, so we'll need to put this on the left in the
This will not work because the two "0's" cannot handle 800 hosts.
So we'll move the mask in by one octet into the third octet so it becomes a class B mask.
Which equals to:
Now we will select an IP range out of inventory: 126.96.36.199, and break it down into it's cooresponding subnets:
188.8.131.52 to 184.108.40.206
220.127.116.11 to 18.104.22.168
22.214.171.124 to 126.96.36.199
188.8.131.52 to 184.108.40.206
220.127.116.11 to 18.104.22.168
22.214.171.124 to 126.96.36.199
188.8.131.52 to 184.108.40.206
ETC, up to 64 ranges
In this list, the total number of IPs per range = 10 bits, which is 1024 IPs (1022 usable).
And the total number of networks = 6 bits, which is 64 subnets.
Another example with a different number of IPs required:
Classful is easy to understand because it directly relates to the IP
address. Classless is soley based on the bits. Matter of fact, the bits
directly relate to a classful IP anyway. It's easy to learn once you
understand what the bits are all about. Like this:
Example of Class C Mask:
Change that to bits:
So you can see there are 24 bits in the mask, (which takes up the left 3
octets) which is the network side. The host side is always 0's.
In that case, the 8 0's says this mask can handle 254 hosts or IPs. That's
alot if someone doesn;'t need that many and is wasteful.
So say a customer only needs 20 IP addresses for their network
We'll take the 20 and translate that to binary, which equals 10100. Not
concerned with the results, but rather how manybits are in the results,
which in this case is 5 bits.
So we'll change the mask to handle 5 bits (which is called subnetting:), so
then it looks like this:
Which equals to (use your calculator to plug in 11100000 and change it to
So now there are 27 bits in the network side, and only 5 in the hosts side.
So the 3 octets of the network are still 24, but the last octet is chopped,
which we call subnetted. So the subnet portion is 3 bits. Make sense so far?
The 5 bits on the hosts side in binary (if all were 1's), translates to a
maximum of 32 in decimal, so it means this mask can only handle 32 hosts,
but you can't use the first or the last, so it really handles 30, but then
the router takes up one, so it really will handle 29 machines.
Now look at the subnetted bits, the 3 bits. That tells you how many little
networks of 30 hosts there are. 2 bits translates to 8 in decimal, so now
you just created 8 mini networks of 30 IPs each.
What are the IP address start and stop points you ask? Good question.
Look at the first significant bit in the last octet: It's the "1" left of
the zeroes, and is in the 32 spot in binary.
The bits are as such:
128 64 32 16 8 4 2 1
So that first "1" is in the 32 spot. That is what we call our "Delta" in
So we'll chart it out:
So let's plug in an IP range, say 192.168.5.0
The first range will be:
192.168.5.0 to 192.168.5.31
192.168.5.32 to 192.168.5.63
192.168.5.64 to 192.168.5.95
192.168.5.96 to 192.168.5.127
192.168.5.128 to 192.168.5.159
192.168.5.160 to 192.168.5.191
192.168.5.191 to 192.168.5.223
192.168.5.224 to 192.168.5.255
So there are 8 usuable ranges.
Keep in mind, with this mask, if a machine, 192.168.5.20/27 or
255.255.255.224 tries to communicate with a machine, 192.168.5.42/27 or
255.255.255.224, you'll need a router because they are on different
networks. That is because the mask defines the network it's on and how many IPs it can
This was a simple example. This can be used too for the third octet. If you
want to have say 900 hosts, it will be equal to 1110000100, which is 10
bits, and the mask would look like this:
Which is equal to:
See what I mean? The rest is up to you!
Just apply this to what that article is talking about.
Google Search: "IP subnetting history"
Request for Comments: RFC 1918 - Address Allocation for Private Internets, Network Working Group, 1996
Describes address allocation for private internets. The allocation permits full network layer connectivity among all hosts inside an enterprise as well as among all public hosts of different enterprises
IP Subnetting, A Graphical Approach - Part 1
IP Subnetting, A Graphical Approach - Part 2
Subnetting Part 1