CHAPTER 7: TCP/IP and Routing 316
Creating the Subnet Mask
We’ve determined our subnets, and now we need to create a subnet mask
that will work with each subnet ID we created. Recall that we use bitwise
ANDing to compare the bits of the IP address and the subnet mask. The
result of the comparison is the network ID. Using Table 6.16, we know that
we need to set to 1 any bits used for the network ID portion of the IP address.
In this case, the subnet mask would be set to: 11111111.11111111.11100
000.000000000.
Notice that we have set the left-most 19 bits to 1. Thus, our subnet
masks can be written in dotted decimal notation as 255.255.224.0. Let’s
compare this subnet mask to a sample IP address from within our subnetted
addresses to see how this works.
146.64.193.14 IP address  10010001.01000000.11000001.00001110
255.255.224.0 subnet mask  11111111.11111111.11100000.00000000
Result of bitwise ANDing  10010001.01000000.11000000.00000000
Underlying network ID  146.64.192.0
ExErcisE 7.3 Defining Subnet Masks
In this exercise, we’ll practice defining subnets and subnet masks. Use the
following scenario: Your brand new start-up company has been assigned a
Class C address.
You have only six computers, one router, and three printers attached
to your network. You’d like to subnet your network before your company’s
planned expansion and you’ll need a maximum of six to seven networks in
the future.
How many host address bits will you need to take from the host 1.
address space to create seven subnets? To solve this problem,
we need to think in terms of the bit value of the binary bits in
an octet. Which bit values, when added together, equal 7? The
answer is the right-most three bits, or 00000111. This tells us we
need three bits from the host address space to add to the network

address space. However, it’s important to remember that we don’t
use the right-most bits. This may be confusing, but we used the bit
Understanding Subnet Masking 317
values simply to determine how many bits we’ll need. We use the
bits closest to the octet used for the network ID.
What is the binary representation of the subnet mask used for 2.
this configuration? Class C uses the w.x.y octets for network ID.
Therefore, we know that the default subnet mask is 255.255.255.0.
We’ve determined that we need to take three bits from the host ID
space. We take the three left-most bits from the fourth octet so they
remain contiguous with the network address space. The result is a
subnet mask with the 1s in 27 of the 32 bits, moving left to right,
as shown: 11111111.11111111.11111111.11100000.
What is the dotted decimal value of the binary configuration shown 3.
in Problem 2? 255.255.255.224
What is one way of representing this network configuration, 4.
given that we are using three bits from the host address space for
network IDs? As you may recall, a common notation for showing
how many bits represent the network ID (and therefore the subnet
mask) is w.x.y.z /27 where w.x.y.z are the dotted decimal values of
the four octets that comprise an IP address and the /27 denotes the
number of bits used for the network address.
If we use three bits from the host space for network IDs, what is 5.
the maximum number of hosts we can have per subnet? We know
that an IP address has 32 bits and that we’re using 27 of those bits
for network addresses. 32 – 27 leaves 5 bits for host addresses. If
we use the formula 2
n
, we have 2
5

, or 32 addresses. However, this
includes an address of all 0s and all 1s, both of which cannot be
used, resulting in 30 possible host addresses per subnet.
This exercise should help you to find out if you have any areas of confu-
sion. If so, go back and work on the specific area that is giving you trouble.
The Network exam is not likely to have questions that rely upon this
knowledge to make you figure out a subnet, create one, or otherwise. You
need to understand the concept behind subnetting, and the subnet mask,
and understand the differences between the host ID and the network ID as
well as their relationship. Understanding the process of subnetting can help
to drive that home for you.
CHAPTER 7: TCP/IP and Routing 318

Table 7.17
Class A Subnet Table
Subnets Hosts Mask Subnet Bits Host Bits
2 8,388,606 255.128.0.0 1 23
4 4,194,302 255.192.0.0 2 22
8 2,097,150 255.224.0.0 3 21
16 1,048,574 255.240.0.0 4 20
Continued
HEAD OF THE CLASS…
Creating Subnet Masks
This topic always causes some confusion in the class-
room because it requires us to work left to right and right
to left. As we work through examples, some people get
it immediately and some people don’t. Usually the area
of most confusion deals with taking bits from the host
address space. This is because we use the bits with the
lowest bit values first. However, when we’re using those

bits, they shift over to the left because we always want to
use the bits contiguous with the network address space.
We emphasize that the bits retain their weighted
binary values within the octets, regardless of their use.
In the preceding exercise, we saw that there were both
network and host bits in the fourth octet (the z octet).
Although the bits are used for two different purposes, they
must be calculated into a single dotted decimal number.
The first thing we always calculate is how many subnets
we’re going to need. We convert that number to weighted
binary, to determine how many bits we need. This essen-
tially tells us how many possible bit combinations there
are and therefore how many subnets we can delineate.
One example we use to make this point clear is a
simple one. If we need one network ID, we don’t need
any bits from the host address space. There is only one
combination. If we need two networks, we need one
bit. Why? Because that one bit can be either 0 or 1,
and that’s two different combinations.
If we need one bit, we take that bit and use it on
the left side of the octet. That’s where some people get
confused. After we figure out how many bits we need,
we extend the network address space by that number
of bits, which is the reason they shift to the left while
retaining their weighted value based on their place-
ment within the octet.
You should work through lots of examples so that
you can fully understand both the concepts and the
practical applications of subnetting. Work through the
examples in this chapter and make up some of your

own. If you have a study buddy, you can help each
other by testing your knowledge of this crucial topic.
Tables 7.17, 7.18, and 7.19 show the possible subnet
masks that can be used in Class A, Class B, and Class
C networks, respectively. These tables are useful for
quickly determining the amount of hosts per subnet
that would be achieved with a particular mask.
These subnet mask tables make it easier to deter-
mine which subnet mask to use for any given situation.
As the table shows, the number of subnets increases
as the number of hosts in each subnet decreases. As
the number of subnet bits increases, the number of
host bits decreases. As there are a fixed number of bits
to work with in each class of network address, each bit
can be used in only one way as specified by the mask.
Each bit must be either a subnet bit or a host bit. An
increase in the number of subnet bits causes a reduc-
tion in the number of host bits, and vice versa.
Use these tables to help you memorize placement.
Understanding Subnet Masking 319
Table 7.18
Class B Subnet Table
Subnets Hosts Mask Subnet Bits Host Bits
2 32,766 255.255.128.0 1 15
4 16,382 255.255.192.0 2 14
8 8,190 255.255.224.0 3 13
16 4,094 255.255.240.0 4 12
32 2,046 255.255.248.0 5 11
64 1,022 255.255.252.0 6 10
128 510 255.255.254.0 7 9

256 254 255.255.255.0 8 8
512 126 255.255.255.128 9 7
1,024 62 255.255.255.192 10 6
Continued
Table 7.17
Class A Subnet Table continued
Subnets Hosts Mask Subnet Bits Host Bits
32 524,286 255.248.0.0 5 19
64 262,142 255.252.0.0 6 18
128 131,070 255.254.0.0 7 17
256 65,534 255.255.0.0 8 16
512 32,766 255.255.128.0 9 15
1,024 16,382 255.255.192.0 10 14
2,048 8,190 255.255.224.0 11 13
4,096 4,094 255.255.240.0 12 12
8,192 2,046 255.255.248.0 13 11
16,384 1,022 255.255.252.0 14 10
32,768 510 255.255.254.0 15 9
65,536 254 255.255.255.0 16 8
131,072 126 255.255.255.128 17 7
262,144 62 255.255.255.192 18 6
524,288 30 255.255.255.224 19 5
1,048,576 14 255.255.255.240 20 4
2,097,152 6 255.255.255.248 21 3
4,194,304 2 255.255.255.252 22 2
CHAPTER 7: TCP/IP and Routing 320
STRATEGIES TO CONSERVE ADDRESSES
Several strategies have been developed and implemented to help the Internet
community cope with the exhaustion of IP addresses. These strategies help
to reduce the load on Internet routers and also help administrators use glob-

ally unique IP addresses more efficiently. The following three strategies were
mentioned in previous sections and are discussed in more detail in the fol-
lowing paragraphs:
Classless InterDomain Routing (CIDR)
Variable-Length Subnet Mask
Private Addressing
Classless InterDomain Routing
CIDR (RFCs 1517, 1518, and 1519) reduces route table sizes as well as IP
address waste. Instead of full Class A, B, or C addresses, organizations can be
allocated subnet blocks. For example, if a network needed 3,000 addresses,
Table 7.18
Class B Subnet Table continued
Subnets Hosts Mask Subnet Bits Host Bits
2,048 30 255.255.255.224 11 5
4,096 14 255.255.255.240 12 4
8,192 6 255.255.255.248 13 3
16,384 2 255.255.255.252 14 2
Table 7.19
Class C Subnet Table
Subnets Hosts Mask Subnet Bits Host Bits
2 126 255.255.255.128 1 7
4 62 255.255.255.192 2 6
8 30 255.255.255.224 3 5
16 14 255.255.255.240 4 4
32 6 255.255.255.248 5 3
64 2 255.255.255.252 6 2
Strategies to Conserve Addresses 321
a single Class C network (256 addresses) would be insufficient. However,
if a Class B network was assigned (65,536 addresses), 62,000 addresses
would be wasted. With CIDR, a block of 4096 addresses can be allocated

– the equivalence of 16 Class C networks. This block of addresses covers
the immediate addressing needs, allows room for growth, and uses global
addresses efficiently.
Variable-Length Subnet Masks
VLSMs conserve IP addresses by tailoring the mask to each subnet. Subnet
masks are appropriated to meet the amount of addresses required. The idea
is to assign just the right amount of addresses to each subnet. Many orga-
nizations have point-to-point wide area network (WAN) links. Normally,
these links comprise a subnet with only the two addresses required. By using
a routing protocol that supports VLSM, administrators can use a block of
addresses much more efficiently. An example of a VLSM used on a WAN
link can be seen in Figure 7.4.
FIGURE 7.4
A VLSM in Use.
CHAPTER 7: TCP/IP and Routing 322
Private Addresses
The most effective strategy for conserving globally unique (public) IP addresses
is not using any. If an enterprise network is using TCP/IP, but is not com-
municating with hosts in the global Internet, public IP addresses are not
needed. If the internetwork is limited to one organization, the IP addresses
need only be unique within that organization. Only networks that interface
with public networks such as the Internet need public addresses. Using pub-
lic addresses on the outside and private addresses for inside networks is very
effective. NAT is used to convert those private (inside) addresses to public
(outside) addresses.
Public Versus Private Address Spaces
The IP requires that each interface on a network have a unique address.
If the scope of a network is global, the addresses must be globally unique.
Because global uniqueness must be assured, a centralized authority must be
responsible for making sure IP address assignments are made correctly and

fairly.
To meet the demands of a growing Internet community, the Internet
Assigned Numbers Authority (IANA) was replaced by the Internet Corpora-
tion for Assigned Names and Numbers (ICANN). If an organization wants
to use IP protocols and applications in its network, but is not connecting
its network to the global Internet, the IP addresses used do not have to be
globally unique. A network of this type is called a private network, and the
addresses used are called private addresses.
PRIVATE NETWORK ADDRESSES
RFC 1918 conserves globally unique IP addresses by providing three blocks of
addresses that are never officially allocated to any organization. These blocks
can then be used in private networks without fear of duplicating any officially
assigned IP addresses in other organizations. With the explosive growth of
the Internet, the InterNIC realized that some devices may never connect
directly to the Internet. A good example of this is that many computers
Exam Warning
Using VLSMs on WAN links on your network is very common. You don’t need to know
how to do this for the Network+ exam, but you should understand it so when you see it
in use, you understand that this is a common use of VLSMs. You will learn more about
WAN technologies in the next chapter.
Private Network Addresses 323
in a company connect to the Internet via an intermediate device such as
a firewall, proxy server, or router. Consequently, those devices behind the
firewall or other intermediate device don’t need globally unique IP addresses.
Three address blocks are defined as private address blocks, for situations in
which the host does not connect directly to the Internet.
 10.0.0.0/8 This is a private Class A network address with the host
ID range of 10.0.0.1 through 10.255.255.254. This private network
has 24 bits that can be used for any subnetting configuration
desired by the company.

 172.16.0.0/12 This scheme uses Class B addresses and allows for
up to 16 Class B networks, or 20 bits can be used for host IDs. The
range of valid addresses on this private network is from 172.16.0.1
through 172.31.255.254.
 192.168.0.0/16 This configuration can provide up to 256 Class
C networks, or 16 bits can be used for host addresses. The value
range of IP addresses in this private network is 192.168.0.1 through
192.168.255.254.
These private addresses are not assigned publicly and therefore will never
exist in Internet routing tables. This makes these private addresses unreach-
able via the Internet. If a host using a private network IP address requires
access to the Internet, it must use the services of an application layer gate-
way such as a proxy server, or it must have its address translated into a
legal, public address. A process called NAT performs this translation before
sending data out to the Internet from a private address host ID. NAT will be
covered in more depth later in this chapter.
Another use of private addressing is called automatic private IP address-
ing (APIPA). If a computer (Windows 98 or later) is configured to obtain its
address automatically from a DHCP server and it cannot locate a DHCP
server, it will configure itself using APIPA. The computer randomly selects
an address from the 169.254.0.0/16 address range and then checks the net-
work for uniqueness. If the address is unique, it will use that address until it
can reach a DHCP server. If the address is not unique, it will randomly select
another address from that range.
Exam Warning
You must know the private address ranges as well as the APIPA IP address range for the
Network+ exam. Also, do not forget the reserved loopback Class A address of 127.0.0.0.
CHAPTER 7: TCP/IP and Routing 324
Table 7.20 summarizes the private address blocks defined by RFC 1918.
Notice the CIDR shorthand for the mask. As a reminder, /8 would be equal

to 255.0.0.0.
Considerations
The address blocks in Table 7.20 can be used in any network at any time.
However, devices using these addresses will not be able to communicate
with other hosts on the Internet without some kind of address translation.
Some benefits of using private addresses are:
 Number of Addresses There are plenty of addresses for most inter-
nal networking needs.
 Security Private addresses are not routable on the Internet. The
translation from private to public addresses further obscures inter-
nal network information.
Table 7.20
Private IP Address Blocks
Address Block Classful Equivalent Prefix Length Number of Addresses
10.0.0.0 to
10.255.255.255
1 Class A
256 Class B
65,536 Class C
/8 16,777,216
172.16.0.0 to
172.31.255.255
16 Class B
4,096 Class C
/12 1,048,576
192.168.0.0 to
192.168.255.255
1 Class B
256 Class C
/16 65,536

Test Day Tip
Consider the following type of question on your Network+ exam. You may see a situ-
ation where you cannot get on the network because every node on the subnet is in
the 10.0.0.0 to 255.255.255.0 range, and one node is having a problem because it
has an APIPA address, so it won’t be on the same subnet. Either that or the DHCP
server is down and because of this the nodes on the network revert their addressing
to the APIPA range. Think about this chapter and what you have learned so far and
how it all ties together. All nodes on a subnet have to be in the same IP address range
to communicate. There will be problems that arise where APIPA comes into play and
you will need to know how to handle that situation. Make sure you consider this for the
Network+ exam.
Private Network Addresses 325
 Renumbering If using NAT, no readdressing of privately addressed
networks is necessary to access public networks.
 Networks Treating private addresses as public addresses when allo-
cating ensures that efficiency and design are maximized.
CONFIGURING A ND
IMPLEMENTING…
Is Private IP Addressing Really a Free-For-All?
One would think that with that much IP address
space available to them, network engineers, manag-
ers, administrators, and technicians would have a
lackadaisical attitude when assigning IP space. Quite
the contrary (as was learned earlier when we cov-
ered VLSMs); this is not the case. One of the great-
est challenges that you will face when working within
any network is that it’s always designed to grow. As
more technology develops, and as newer technologies
emerge and more and more of a need is placed on the
network, the more logical addressing you will need to

provide it. You should always work to conserve your
address space, never wasting it. You never know what
you will need in the future. The tighter you lock down
the procedures early on, the less of a chance you will
have to go back and fix it later. In networking, this is
always a problem because you never have the time
to go back. In the networking world, if you do man-
age to have the time, depending on the size and use
of your network, you may have to schedule an out-
age to change things over. An IP addressing change
on a local area network (LAN)-sized or larger scale is
always a lot of work and is somewhat time-consuming.
Design it right the first time and do not go back if you
do not have to, as it will be more difficult later to redo
it. Make sure you get into a good habit of conserving
(and documenting) your address space. Use DHCP
whenever possible and when it is not a security risk.
Always ensure that you consider future growth in the
way of acquisitions and mergers, which will bring up
the issues of duplicate IP addressing, as most of the
space used is in the same private range. This is why
NAT is so prevalent, and why you need to know it for
the Network+ exam. NAT will be covered later in this
chapter.
Static and Dynamic Assignments
On the Network exam, you will be responsible for not only knowing APIPA,
but knowing the whole concept behind dynamic and static assignments.
As mentioned earlier, DHCP is responsible for handing out a subset of IP
addresses that an administrator configures into what is called a scope. The
scope contains the leaseable address space that has been preconfigured. If

your network uses TCP/IP as its network protocol, the nodes will, of course,
need an IP address to communicate once they are up and running on the
network. To configure each node statically (to go to the node itself, its physi-
cal location, or connect via remote administration) and configure an actual
usable IP address on that node can become very unwieldy and it is highly
discouraged if your network is large enough to warrant the use of DHCP.