Sunday, August 12, 2012

Subnets

When I'm teaching people about networks, the one thing that tends to cause confusion is the concept of Subnets.

If you've ever manually entered an IP address, you'll be familiar with the following:

I've added the red box to point out the "subnet mask"; a bunch of 255's and 0's that magically appear whenever you type in an IP address.

But what does it mean?

Splitting Networks

I briefly touched on the subject of packet switching in my "Layers of the Internet" article. Basically, an Internet Protocol (IP) network is a collection of devices connected via some form of network.

But what if we wanted to have some computers on the same network, but we didn't want them to interact? For example, we had the computers that controlled a company's payroll on the same network as the company's email servers.



Obviously that's not a wise thing; anyone with a bit of networking knowledge and access to Google would be able to give themselves an unexpected pay rise.

Thankfully, internet engineers foresaw this problem and came up with "subnets". A Subnet is a simple way of splitting one physical network in to two "virtual" networks.
Just like devices that are on separate physical networks, devices on different Subnets can't communicate with each other.

In other words, you can have the finance guys  on one subnet and the rest of the company on the other subnet, and you'll never have to worry about people editing their own pay grade.

One Number; two addresses

The great thing about Subnets is that they are contained within the devices' IP addresses by default.

The IP address is made up of two parts; the "Subnet" address and the "Device" address.

In fact, an IP address is a lot like a Street address. If you look at an address like "31 George St" you can instantly find that building. "31" by itself means nothing, and "George St" is too vague to be of any use.

In our IP addresses the "Subnet" address is the street, and the "Device" address is the number.

But let's look at one of the IP addresses above.

192.168.100.5
That doesn't look much like "31 George St". Which part is the Street, and which is the number?

Subnet Masks

Now we are finally coming to the mystery behind the Subnet Mask.
A Subnet mask tells us which part of the address is the street and which is the number.

The network in the diagram above has a subnet mask of:
255.255.255.0
Quite quickly we can see something special here. Everywhere that there is a "255" is part of the Street Name, and every where that there is a "0" is the number.

Let's look at that address again:
192.168.100.5
If use use the above rule, the "Street" (Subnet) becomes 192.168.100 and the Device number is 5.

Looking at our network again, we can see that the Finance machines on subnet 192.168.100 are effectively on a separate network from the workstations on the 192.168.101 subnet.

But what if...
Okay, for an exercise, let's take the same network as above, but let's change the subnet mask to:
255.255.0.0
As you'd imagine, all of the devices are now on the same subnet:
192.168.100.5
is on the same subnet as 
192.168.101.5

So we have to be careful when designing our networks to include the correct subnet masks in all of our addresses.

But what does 255.255.255.0 mean?
I have never been asked this question, so I am going to pre-empt you all and give you the answer.

Remember that all computers work in binary, that is, 0's and 1's.
An IP address is made up of four groups of eight bits, that is, eight 0's or 1's.

So, if we were to look at 192.168.100.5 in binary, it would look more like:
11000000.10101000.0110010.00000101
Now, that doesn't look like much to a normal person, but now let's have a look at the subnet mask 255.255.255.0:
11111111.11111111.11111111.00000000
It should be immediately obvious that the 1's show the subnet, and the 0's show the device number.

And so we come to a more general rule:
The Subnet Mask denotes the "Subnet" part of an IP address with a 1, and the "Device" part with a 0.

If we look at other subnet masks we can see this quite clearly:
255.255.0.0 = 11111111.11111111.00000000.00000000
We can also get into more exotic subnet masks:
255.248.0.0 = 11111111.11111000.00000000.00000000

It's very rare to find a subnet mask that isn't a combination of 255's and 0's for the simple reason that it is practically impossible to work out the subnet/device number of a "split" subnet mask.

Slash Fiction

Since writing 255.255.255.0 constantly is a bit of a pain, IT people have come up with a quicker way of notating the subnet mask of an IP address.

Normally, for our Finance Server in the example above, we'd have to write:
IP: 192.168.100.5
Subnet Mask: 255.255.255.0
But let's look at the subnet mask of 255.255.255.0 in binary again:
11111111.11111111.11111111.00000000
We can see that this is simply twenty-four 1's in a row. So, we can write the full IP address of the server as:
192.168.100.5/24
The "/" at the end of the address denotes the subnet mask; in this case, twenty-four 1's (or, in decimal, 255.255.255.0).

If we had the subnet of 255.255.0.0, the Full IP address could be written:
192.168.100.5/16
as 255.255.0.0 only has sixteen 1's in a row to denote the subnet address.


I hope that this has explained the concept of the subnet mask. As always, please let me know if you think that this could be a better explanation!

(PS: I do know that there is also the whole subject of VLANs that offer a better explanation for how to separate networks, but I'll leave that for another time!)

No comments:

Post a Comment