APLawrence.com - Resources for Unix and Linux Systems, Bloggers and the self-employed
RSS Feeds RSS Feeds











(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version

CIDR


See also Networking 101
Advanced TCP
Routing



Up till now, I've been talking about IP addresses and specifying the netmasks by spelling them out: network 192.168.13.0 with a netmask of 255.255.255.0. I've explained that the netmask indicates the bits that are the network part of the address, and that changing anything in those bits puts you on a different network or subnet.

Is there any real difference between a network and a subnet? Not really. Any network is a subnet of something larger, so in that sense, the terms are identical. However, you could look at this another way: your network is the addresses which you can subnet. Or, your network is the bits you cannot change because someone else assigned them to you. As it's always just the number of bits that is important, we can represent networks or subnets another way. The network 192.168.0 with that 255.255.255.0 netmask can be expressed as 192.168.13.0/24. The "24" is the number of bits set to "1" (remember, 8 bits in each section of a mask).

So, a 255.0.0.0 netmask would be /8, a 255.255.0.0 would be /16 and so on. Those are pretty easy. What about masks like 255.255.240.0? If you aren't used to thinking in bits, this might give you a little headache. But don't panic, it's not that hard. One way to think of it is how many bits are not set in the third octet. We have 8 each set in the first two, so that's 16, and it would be 24 if all the bits were set in the third, but bits adding up to 15 (255 - 240) are missing. That's the 8-4-2-1 bits (8 + 4 + 2 + 1 = 15), so 4 bits are missing, so it is a 20 bit mask: /20.



Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1










When you are working the other way, that is, when you've been told that this is network 192.168.16.0/23, I think it's even more useful to think about the "missing" bits. Let's take that one, for example. Obviously it is the "1" bit that is missing. What addresses does this network include?

First, remember that the bits that are masked are inviolate: you cannot change any of those or you are on a different network. So everything up through bit 23 is off limits. You can't change the 192, or the 168. The third octet can't be 18 or 192. That's obvious, right?

But you do have one bit in the third octet you can change, and that's the "1" bit. So the third octet could be 16 or 17 (use the Javascript Bit Twiddler if this is hard for you to see inside your head). Therefore, the possible addresses for 192.168.16.0/23 include 192.168.16.0 to 192.168.17.255. And that is an example of super-netting, which we'll touch more on later. Normally you won't see this kind of mask; you probably will see /25 through /30 (2 - 126 useable addresses). More on that below.

There's something very interesting about this situation, though. You have this 192.168.16.0/23 network. Obviously (I hope it's obvious), there are "unused" bits here that you aren't allowed to touch because of the mask.



Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1



Bits 3, 2 and 1 of the third octet (values 8, 4 and 2) are "covered" by the 23 bit netmask, but they are not set. The same is true for the 7, 6 and 5 bits. Those bits are all masked off, both unset and unavailable for you to use. Only the "16" bit is set within the 23 bit mask (but remember that it is within the mask, so it is off limits: you can't change it), and only the 0 bit is available for you to set or not set. Again, that gives you a subnet that covers both 16 and 17 in the 3rd octet. That gives you more adresses than you'd get with an old-style class C mask, but doesn't waste a class B.

What if you wanted to give someone less adresses than a class C? Simply, the mask would be more than /24. If you were given the CIDR address 201.123.45.48/30, you'd have 201.123.45.48, 201.123.45.49, 201.123.45.50 and 201.123.45.51 only.

Here's another way to think of all this:

A mask of 0 is 256 bits available (256 -0). That gives you 254 addresses because the bottom is the network and the top is the broadcast as always.

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 6.

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /30 is 4 addresses (but still only two useable).

Another way: In all cases, the /xx is the number of bits you can't change- the number of bits that fix your network. /32 is completely fixed to one address so is useless- and so is /31 which gives you 1 bit or two addresses. You can't do anything useful with 2 addresses because all you have is the network and the broadcast. The /30 (or 255.255.255.252) is the first useful mask. /30 gives you 2 bits to play with, so that's 4 addresses (but only two useable of course).

So:


/30 2 bits for you, 4 addresses, 2 useable.
/29 3 bits for you, 8 addresses, 6 useable.
/28 4 bits for you, 16 addresses, 14 useable.
/27 5 bits for you, 32 addresses, 30 useable.
/26 6 bits for you, 64 addresses, 62 useable.
/25 7 bits for you, 128 addresses, 126 useable.
/24 8 bits for you, 256 addresses, 254 useable.

What this is all leading up to is the concepts of Classless Interdomain Routing (CIDR) and Variable Length Subnet Masks (VLSM) . You may also have heard the term supernetting or network block; all of this stems from the abandonment of the original network classes (A, B, C).

What was wrong with the class scheme?

Mostly it's just that it was wasteful. Assigning an entire Class C ( /24 mask in the new terminology) to someone who needs half a dozen addresses or less is a terrible waste, and for a while it was looking as though running out of addresses was going to happen very quickly. A couple of things slowed that down, one of which was NAT (Network Address Translation, which means that a small subset of "real" addresses are used to let machines with "inside" addresses talk to the outside world. NAT is very much the same concept as proxying, except that the only thing that happens is that the address is translated) and the other was the CIDR concept we're discussing here.

A related problem was that the bigger guys, who needed more than Class C addresses, were looking at a rapidly diminishing pool of available Class B's (/16 masks), and most of them probably didn't need a full B block anyway. Supernetting multiple C blocks lets those folks get pretty close to what they actually need.

If you'd like to read more about this, I can suggest Managing IP Networks by Scott Ballew.



If this page was useful to you, please help others find it:  





4 comments




More Articles by Tony Lawrence - Find me on Google+



Click here to add your comments

---January 8, 2005

The line:

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /32 is 4 addresses (but still only two useable).

Should read:

and /30 is 4 addresses (but still only two useable).

I think...?


---January 8, 2005

Yes, thank you - fixed.

--TonyLawrence

---January 23, 2005

The line:

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 8.

Should read:

is 8, minus the top and bottom equals 6.

Ivan


---January 23, 2005

Thank you, corrected.

--TonyLawrence






Sun Jun 22 07:03:31 2008: 4355   NickPowers


/32 is used with PPP in dial-up Internet. It assigns a single IP address to the machine with a 255.255.255.255 netmask and the system uses that same IP address as it's default gateway. This causes the system to use the PPP link for it's default gateway (route of last resort). If you have ever worked at an Internet Service Provider (ISP) you would see many /32 subnets.

Nick Powers



Sun Jun 22 07:25:32 2008: 4356   NickPowers


Although /30 may seem silly since it only has two usable addresses but it is one of the most used subnets. It is used for creating point to point connections. For example, if I was an ISP and you bought a T1 circuit from me and I wanted to give you a /24 network (256 IP) I would first use a /30 to establish the 2 ends of the T1 circuit, one on your end and one on my end. Once I had done this then I would put a route in my router routing the /24 to the IP address I assigned to your end of the /30. This also is how DSL providers set up DSL circuits. I have often wondered why Cable modem providers don't use this method but they don't.

So say I have a /30 100.100.100.0/30 (which gives me 100.100.100.0 as a network address, 100.100.100.1 and 100.100.100.2 as usable IP addresses and 100.100.100.3 as my broadcast address). Also following the scenario above I want to route over 100.100.1.0/24 to you then I could do this:

ISP Router(100.100.100.1)-------T1 LINE-------YOU(100.100.100.2)

route add 100.100.1.0 255.255.255.255 100.100.100.2

So, you would have a router with 2 interfaces one is T1 and one is Ethernet. The T1 interface would be 100.100.100.2/30 and your Ethernet interface (the one you would set the computers on your Ethernet segment as their default gateway) could be any of the 100.100.1.0/24 but the most likely suspect would be 100.100.1.1/24 and then you would assign 100.100.1.2-100.100.1.254 for systems.

Your router would look like this:

----T1----(100.100.100.2/30)----Ethernet--(100.100.1.1/24)

Hope this helps

I agree though that /31 is useless, if anyone knows a practical use for this subnet please email me because I have never seen it used.

Nick Powers



Sun Jun 22 07:30:26 2008: 4357   NickPowers


oops this:

route add 100.100.1.0 255.255.255.255 100.100.100.2

should read:

route add 100.100.1.0 255.255.255.0 100.100.100.2

the previous is a /32 mask and the later is a /24.

Sorry for the mistake (it's late!)

Nick Powers



Tue Aug 23 22:30:12 2011: 9733   NickBarron

gravatar


Just having a trawl through these old articles, interesting and still very useful.

Thanks for showing the usage of /32 Nick

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


cartoon

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

pavatar.jpg
Kerio posts
Linux posts
Mac OS X posts
Shell scripting posts
Troubleshooting posts

This post tagged:

       - Networking

















My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!


book graphic unix and linux troubleshooting guide



Buy Kerio from a dealer
who knows tech:
I sell and support

Kerio Connect Mail server, Control, Workspace and Operator licenses and subscription renewals