How many city blocks correspond to one mile

How does IPv4 subnetting work?

There are IP subnets so that routers can choose suitable destinations for packets. You can use IP subnets to break larger networks for logical reasons (firewall, etc.) or for physical reasons (smaller broadcast domains, etc.).

Put simply, IP routers use your IP subnets to make routing decisions. Understand how these decisions work, and you can understand how to plan IP subnets.

Count to 1

If you are already fluent in binary notation (base 2), you can skip this section.

For those of you who are left, be ashamed that you are not fluent in binary notation!

Yes - that can be a little tough. It's really very easy to learn to count to binary and learn shortcuts to convert binary to decimal and back. You should really know how to do it.

Counting in binary is so easy because all you have to do is count 1!

Imagine a car's "odometer", except that unlike a traditional odometer, each digit can only count to 1 out of 0. If the car is fresh from the factory, the odometer will read "00000000".

When you have completed your first mile, the odometer reads "00000001". So far, so good.

When you have completed your second mile, the first digit of the odometer is set back to "0" (since the maximum value is "1") and the second digit of the odometer is set to "1". Odometer reading "00000010". This looks like the number 10 in decimal notation, but it is actually 2 (the number of kilometers you have driven in your car so far) in binary notation.

When you have traveled the third mile, the odometer will read "00000011" as the first digit of the odometer is spinning again. The number "11" in binary notation corresponds to the decimal number 3.

When you have completed your fourth mile, both digits (which were "1" at the end of the third mile) reset to zero and the 3rd digit rolls to "1". give us "00000100". This is the binary representation of the decimal number 4.

You can remember all of this if you want, but all you really need to understand is how the tiny odometer "rolls" as the number it counts increases. It's exactly the same as a traditional decimal odometer, except that each digit can only be "0" or "1" on our fictional "binary odometer".

To convert a decimal number to binary, you can roll the odometer forward, tap tick by tick, and count aloud until you have rolled the number of decimal numbers corresponding to the decimal number you want to convert to binary. Whatever appears on the speedometer after the couting and rolling is the binary representation of the decimal number that you counted to.

Since you know how the odometer rolls forward, you understand how it rolls back too. To convert a binary number displayed on the odometer back to a decimal number, you can reset the odometer one tick and count aloud until the odometer reads "00000000". When everything is counted and rolled, the last number you read would be the decimal representation of the binary number that the odometer started with.

Converting values ​​between binary and decimal numbers this way would be very tedious. You could do it, but it wouldn't be very efficient. It's easier to learn a little algorithm to make it faster.

On a short note, every digit in a binary number is called a "bit". This is "b" from "binary" and "es" from "digit". A bit is a binary digit.

Converting a binary number like "1101011" to decimal is a simple process with a handy little algorithm.

Start by counting the number of bits in the binary number. In this case there are 7. Make 7 divisions on a piece of paper (in your head, in a text file, etc.) and start filling them in from right to left. Enter the number "1" in the right slot, as we always start with "1". In the next slot on the left, enter the value of the slot on the right (ie "2" in the next, "4" in the next) and continue until all slots are full. (You will memorize these numbers, which are the power of 2 as you keep doing this. I'm fine up to 131,072 in my head, but I usually need a calculator or paper after that).

So you should have the following on your paper in your little slots.

Transcribe the bits from the binary number under the slots as follows:

Now add some symbols and calculate the answer to the problem:

When you do all the calculations, here is what you should learn:

It did. "1101011" in decimal is 107. It's just simple steps and simple calculations.

Converting from decimal to binary is just as easy and represents the same basic algorithm executed in reverse order.

Suppose we want to convert the number 218 to a binary number. Write the number "1" on the right side of a piece of paper. Double this value to the left (i.e. "2") and move to the left to double the last value. If the number you are writing is greater than the number to be converted, stop writing. Otherwise, double the previous number and keep writing. (Converting a large number like 34,157,216,092 to a binary number using this algorithm can be a little tedious, but it is entirely possible.)

So you should have the following on your paper:

You didn't write any more numbers at 128 because doubling 128 to give 256 would be greater than the number being converted (218).

From the leftmost number at the top, write "128" (128) and ask yourself, "Is 218 greater than or equal to 128?" If the answer is "yes", you should put a "1" under "128". Write the result of 218 minus 128 (90) over "64".

When you look at 64, you ask yourself, "Is 90 greater than or equal to 64?" So you write a "1" under "64", then subtract 64 from 90 and write it over "32" (26).

However, when you get to "32" you find that 32 is not greater than or equal to 26. In this case, write a "0" under "32" and copy the number (26) from over 32 "to over" 16 "and then continue the same question with the remaining numbers.

When you're done, you should have:

The numbers above are just notes used for calculation and don't mean much to us. However, below you will see a binary number "11011010". Sure, 218, converted to binary, is "11011010".

Following these very simple procedures, you can convert binary to decimal and back again without a calculator. The math is all very simple and the rules can be saved with practice.

Split addresses

Think of IP routing like pizza delivery.

When asked to deliver a pizza to 123 Main Street, you as a person know that you want to go to building number 123 on Main Street. It's easy to know that you need to go to the 100 block on Main Street as the house number is between 100 and 199 and most of the city blocks are numbered in the hundreds. They "only" know how to split the address.

Routers deliver packages, not pizza. Your job is the same as a pizza driver: to get the cargo (packages) as close as possible to the destination. A router is connected to two or more IP subnets (to be useful at all). A router must examine the destination IP addresses of packets and split these destination addresses into their "street name" and "house number" components, just like the pizza delivery driver in order to make delivery decisions.

Each computer (or "host") on an IP network is configured with a unique IP address and subnet mask. This IP address can be broken down into a "house number" component (such as "123" in the example above), the "host ID", and a "street name" component (such as "Main Street") called the "host ID "will be referred to as" Network ID ". It is easy for our human eyes to see where the house number and street name are in "123 Main Street", but this division into " with the subnet mask" is more difficult to see.

IP routers "only" know how to split IP addresses into these components in order to make routing decisions. Since understanding how IP packets are forwarded depends on understanding this process, we also need to know how IP addresses are divided. Fortunately, extracting the host ID and network ID from an IP address and subnet mask is pretty easy.

First, write the IP address in binary form (use a calculator if you haven't learned this in your head. Just make a note of how to do it - it's really very easy and impresses the opposite sex at parties) :

Also write out the subnet mask in binary form:

Written side by side, you can see that the point in the subnet mask where the point "1" aligns with a point in the IP address. This is where the network ID and host ID share. In this case:

Routers use the subnet mask to "hide" the bits covered by ones in the IP address (by replacing the un "masked" bits with 0) to extract the network ID:

Similarly, a router can extract the host ID by using the subnet mask to "mask" the bits covered by 0 in the IP address (replacing the un "masked" bits with 0 again)

It is not as easy for our human eyes to see the "break" between the network ID and the host ID as it is between the "house number" and the "street name" in physical addresses during pizza preparation, but the ultimate one Effect is the same.

Since you can now split IP addresses and subnet masks into host IDs and network IDs, you can forward the IP address like a router.

More terminology

You will see subnet masks written all over the internet and as (IP / number) in the rest of the answer. This notation is known as "Classless Inter-Domain Routing" (CIDR) notation. "" is initially composed of 24 bits of ones, and it is faster to write this as "/ 24" than as "". To convert a CIDR number (like "/ 16") to a dotted decimal subnet mask, write out that number of 1s, divide them into groups of 8 bits, and convert them to decimal numbers. (For example, A "/ 16" is "".)

In the past, subnet masks were not specified, but rather derived by looking at certain bits of the IP address. For example, an IP address beginning with 0-127 had an implied subnet mask of (called "Class A" IP address).

These implied subnet masks are no longer used today. I no longer recommend that you learn about them unless you are unfortunate enough to deal with very old equipment or old protocols (like RIPv1) that don't support classless IP addressing. I will not mention these "classes" of addresses because they are not applicable today and can be confusing.

Some devices use a notation called "wildcard masks". A "wildcard mask" is nothing more than a subnet mask with all zeros in which there would be ones and ones in which there would be zeros. The "wildcard mask" of a / 26 is:

In general, "placeholder masks" are displayed with which host IDs are compared in access control lists or firewall rules. We will not go into that further here.

How a router works

As I said earlier, IP routers do a similar job as a pizza delivery driver in that they need to get their cargo (packets) to their destination. When a packet is sent to the address, an IP router must determine which of its network interfaces will best bring the packet closer to its destination.

Let's say you are an IP router and you have interfaces connected to you:

  • Ethernet0 -, subnet mask / 24
  • Ethernet1 -, subnet mask / 24

When you receive a packet with a destination address of "" it is pretty easy to tell (with your human eyes) that the packet should be sent over the Ethernet1 interface because the Ethernet1 interface address is the same as the destination address of the Package. All computers connected to the Ethernet1 interface have IP addresses beginning with "192.168.10." Start because the Network ID of the IP address assigned to your Ethernet1 interface is "".

For a router, this route selection process is done by creating a routing table and querying the table each time a packet is delivered. A routing table contains network ID and destination interface names. You already know how to get a network ID from an IP address and a subnet mask. So you are on your way to creating a routing table. Here is our routing table for this router:

  • Network ID: (11000000.10101000.00010100.00000000) - 24-bit subnet mask - Ethernet0 interface
  • Network ID: (11000000.10101000.00001010.00000000) - 24-bit subnet mask - Interface Ethernet1

For our incoming packet, which is set for "", we just need to convert the address of this packet to a binary file (as a human - the router receives it as binary code first) and try to match it with every address in our routing Table (up to the number of bits in the subnet mask) until we find an entry.

  • Incoming package destination: 11000000.10101000.00001010.00000010

Compare that with the entries in our routing table:

The entry for Ethernet0 matches the first 19-bit values, but stops the synchronization. That said, it's not the correct target interface. You can see that the Ethernet1 interface corresponds to 24 bits of the destination address. Ah ha! The package is intended for the Ethernet1 interface.

In a real router, the routing table is sorted so that first the longest subnet masks are checked for matches (i.e. the most specific routes), and numerically so that the packet is found, once a match is found it can be routed and there are no more Match attempts required (i.e. would be listed first and would never have been checked). Here we simplify it a bit. Faster IP routers are created with fancy data structures and algorithms, but the same results are achieved with simple algorithms.

Static routes

So far we've talked about our hypothetical router having networks that are directly connected to it. This is not how the world works, of course. In the pizza-driving analogy, sometimes the driver is not allowed to go further into the building than at reception and has to hand the pizza over to someone else to hand it over to the final recipient (lift your disbelief and wear it with I stretch my analogy, please.

Let's start by calling our router from the previous examples "Router A". You are already familiar with RouterA's routing table as:

  • Network ID: (11000000.10101000.00010100.00000000) - Subnet mask / 24 - Interface RouterA-Ethernet0
  • Network ID: (11000000.10101000.00001010.00000000) - Subnet mask / 24 - RouterA-Ethernet1 interface

Suppose there is another router, Router B, with IP addresses and assigned to the Ethernet0 and Ethernet1 interfaces. It has the following routing table:

  • Network ID: (11000000.10101000.00001010.00000000) - Subnet mask / 24 - RouterB-Ethernet0 interface
  • Network ID: (11000000.10101000.00011110.00000000) - Subnet mask / 24 - RouterB-Ethernet1

In pretty ASCII technology, the network looks like this:

You can see that router B knows how to "reach" a network that router A knows nothing about.

For example, suppose a PC with IP address connected to the network connected to router A's ethernet0 port sends a packet for delivery to router A. Our hypothetical packet is for the IP address determined. This is a device connected to the network that is connected to Router B's Ethernet1 port.

With the routing table shown above, none of the entries in the routing table of router A match the destination, so router A sends the packet back to the sending PC with the message "Destination network not reachable".

To make router A aware of the presence of the network, add the following entry to the routing table on router A:

  • Network ID: (11000000.10101000.00011110.00000000) - Subnet mask / 24 - Access via

This way Router A has a routing table entry that corresponds to the destination of our sample package. This routing table entry effectively says, "When you get a packet for, send it to as it can handle it." This is the analogous action "handing over the pizza at reception" that I mentioned earlier - passing the package on to someone who knows how to get there.

Adding an entry to a routing table "manually" is called a "static route".

If router B wants to deliver packets to the subnet mask network, it also needs an entry in its routing table:

  • Network ID: (11000000.10101000.00010100.00000000) - Subnet mask / 24 - Access via: (IP address of router A in network

This would create a path for delivery between the network and the network over the network between these routers.

You always want to make sure that routers on both sides of such an "interstitial network" have a routing table entry for the network "at the other end". If, in our example, router B did not have a routing table entry for the "far end" network connected to router A, our hypothetical packet from the PC would be The destination device gets to the router at, but every response that tried to send back is returned by router B as "destination network unreachable". One-way communication is generally undesirable. Always keep in mind that traffic flows both ways when thinking about communications on computer networks.

With static routes, you can travel many kilometers. Dynamic routing protocols like EIGRP, RIP, etc. are really nothing more than a way for routers to exchange routing information with one another that could actually be configured with static routes. However, a major advantage of using dynamic routing protocols over static routes is that dynamic routing protocols control the routing table dynamic based on network conditions (bandwidth usage, failure of an interface, etc.). Therefore, the use of a dynamic routing protocol can result in a configuration that "redirects" failures or bottlenecks in the network infrastructure. (Dynamic routing protocols are, however WAY outside the scope of this answer.)

You can't get there from here

In our example, what happens to router A when a packet specified for "" arrives?

Looking at the router routing table, neither the destination interface nor the static route match the first 24 bits of (i.e. 10101100.00010000.0001111.01011100, BTW).

As already known, router A would send the packet back to the sender via the message "destination network not available".

Say that there is another router (Router C) at the address "". Router C has a connection to the Internet!

It would be nice if router A could forward packets that don't match any local interface to router C so that router C can forward them to the internet. Enter the route "Default Gateway".

At the end of our routing table, add an entry like this:

  • Network ID: (00000000.0000000000000000.00000000) - Subnet mask / 0 - Destination router:

When we try to match "" with every entry in the routing table, we hit this new entry. It's a little confusing at first. We want zero bits of the destination address with ... wait ... what? Adjust zero bits? So we're not looking for a match at all. This routing table entry basically says, "If you come here instead of giving up delivery, send the packet to the router at and let it handle it". is a destination to which we DO know how a package is delivered. If you are faced with a packet bound to a destination for which we don't have a specific entry in the routing table, that entry "default gateway" will always match (since it matches zero bits of the destination address), and it gives us the "last resort" we can send packages for delivery. Sometimes you will hear the default gateway called the "Gateway of Last Resort".

In order for a standard gateway route to be effective, it must refer to a router that can be reached via the other entries in the routing table. For example, if you tried to specify a default gateway of in router A, the delivery to such a default gateway would fail. is not an address that Router A understands about forwarding packets over any of the other routes in its routing table, so such an address would be ineffective as a default gateway. This can be briefly summarized: The standard gateway must be set to an address that can already be reached via another route in the routing table.

Real routers usually store the default gateway as the last route in their routing table, so packets will match after being unable to match all other entries in the table.

Urban planning and IP routing

The division of an IP subnet into smaller IP subnets is annoying urban planning. In urban planning, zoning is used to adapt to the natural features of the landscape (rivers, lakes, etc.), to influence traffic flows between different parts of the city and to separate different types of land use (industry, residential areas, etc.). . IP subnetting is actually the same.

There are three main reasons you might want to subnet a network:

  • You may want to communicate using other communication media. If you have a T1 WAN link between two buildings, IP routers can be placed at the ends of these links to facilitate communication over the T1. The networks at each end (and possibly the "interstitial" network on T1 itself) would be assigned unique IP subnets so that the routers can decide which traffic to send on the T1 line.

  • On an Ethernet network, you can use subnetting to limit broadcast traffic on a specific part of the network. Application layer protocols take advantage of the broadcast capability of Ethernet for very useful purposes. However, as you put more and more hosts on the same Ethernet network, the percentage of broadcast traffic on the line (or in the air on wireless ethernet) can increase to such a point that problems in providing non- Broadcast traffic may occur. (In the past, broadcast traffic could overwhelm the hosts' CPU by forcing them to examine every broadcast packet. Today it is less likely.) Excessive switched Ethernet traffic can also take the form of "flooding frames to unknown destinations" occur. This condition is caused by an Ethernet switch not being able to track all destinations on the network. This is why switched Ethernet networks cannot scale to an unlimited number of hosts. The effect of flooding frames to unknown destinations is similar to the effect of excessive broadcast traffic for subnetting purposes.

  • You may want to "monitor" the nature of the traffic between different groups of hosts. You may have print server equipment and want only authorized servers with print queued servers to send jobs to them. By restricting the traffic allowed on the print server, users cannot configure the user's subnet to communicate directly with the print server devices in order to bypass print accounting. You can subnet the print server devices and create a rule on the router or firewall connected to that subnet to control the list of hosts that are allowed to send traffic to the print server devices. (Both routers and firewalls can usually decide how or whether to deliver a packet based on the packet's source and destination addresses. Firewalls are usually a subset of routers with an obsessive personality. They can be very concerned about the payload of packets, whereas routers usually ignore payloads and only deliver the packets.)

When planning a city, you can plan how streets intersect and you can only use winding, one-way streets, and dead ends to control the flow of traffic. You might want the main street to be 30 blocks long with up to 99 buildings in each block. It's pretty easy to plan the street numbering so that each block on Main Street has a series of street numbers that are incremented by 100 for each block. It is very easy to know what the "start number" should be in each subsequent block.

When planning IP subnets, you need to create the correct number of subnets (streets) with the correct number of available host IDs (building numbers) and use routers to connect the subnets together (intersections). Rules for permitted source and destination addresses specified in the routers can further control the flow of traffic. Firewalls can act as obsessive traffic cops.

For the purposes of this answer, building our subnets is our only primary concern. Instead of working in the decimal range like you do in urban planning, you work in binary to describe the boundaries of each subnet.

Continued on: How does IPv4 subnetting work?

(Yes ... we have reached the maximum size of an answer (30,000 characters).)