9000 words, pictures and text. Can you explain clearly the functions of IP address division and subnet mask?
The following articles come from the Internet Road Blog , Author's Road to the Internet Author's Day
(1) Subnet mask
The reason why a large amount of address waste occurs is that the early address classification used fixed lengths of network bits and host bits, and cannot be planned flexibly , so this rule was broken later. The 32-bit IP is still divided into network number and host number, but it is no longer in the form of a fixed length. The length can be changed according to environmental requirements, which brings a problem. In the past, hosts and network devices were identified through fixed classifications, but now the length of the network number is uncertain, so how to identify it? The function of this identification is the subnet mask . (What breaks this rule is CIDR and VLSM. In order to break the rule, the subnet mask is fixed and identifies the actual network number.)
The
subnet mask is also represented by 32-bit binary . In the network number part of the IP address, the subnet mask is set to 1, and the host part of the IP address is set to 0. Simply understand how many digits the IP network number has, and the subnet mask takes 1 as many digits as there are, and the remaining host numbers are 0. Then for the convenience of recording, just like the IP address form, each group of 8 digits is expressed in dotted decimal notation.
Example: the subnet mask of 202.100.1.33 is 255.255.255.0, calculate its network number.
In this way, the first 24 digits are the network number, the network number is 202.100.1, the host number is the last digit, and the available addresses are 1~254 (0 is the network segment address, 255 is the broadcast address excludes)
You will find that no matter it is a Windows system, Android, Apple or Linux system, as long as it is running the TCP/IP protocol system, it is required to fill in the subnet mask , otherwise an error will be prompted. Because we have introduced it before, the role of network number and host number . network number is used for communication between two computers to determine whether they are in the same network segment. That is, the network number is the same. Obviously in the same network segment, send the data packet directly to the target host. If the network number is different, it is not in the same network segment. At this time, it needs to be handed over to the default gateway filled in by the host (if there is no default gateway, the communication fails.), so with the subnet mask , you can confirm the range of the network number and determine whether the destination of the data packet is in the same network segment. This is the basis for the host terminal system to judge.
In the three-layer device routing addressing, the network number routing entry corresponding to the destination IP of the data packet is also found through the mask information existing in the routing table , and then the data packet is sent to the corresponding network.
There are usually two ways to express the combination of
IP and subnet mask in practice. One is that the decimal representation is: 255.255.255.0, or the slash representation: /24, such as 192.168.1.0/24 or 192 .168.1.0/255.255.255.0 all represent the 192.168.1.0 network segment (the network number is 192.168.1, the host address range is 1~254)
(2) VLSM (Variable Length Subnet Mask)
The subnet mask mentioned above only indicates the network number of the current address. It is used for judgment, such as the security issues mentioned before (Company A and B are on the same network segment), and how the operator puts a A standard Class C network segment is divided into the number required by the customer. This is the function implemented by VLSM. It can divide the previous A, B, C class addresses into the sizes required by various network scenarios. This process is also called subnet division into .
subnet division is to divide the host bits starting from the leftmost of the IP address and move the corresponding host bits according to the needs into the network bits, which can also be called borrowed bits. For example, a standard Class C is a 24-bit network number and an 8-bit host number. Borrow two bits from the leftmost, so that the network number becomes 26 bits, and the host number becomes 6 bits, so Turn a large network segment into multiple small network segments and distribute them to multiple companies or regions. The part where the host bit becomes the network bit is called the subnet number . There is no secret to this division. It can only rely on practice. Here are a few examples to understand the division skills and formulas, and then talk about what to pay attention to in the current enterprise network and in the planning.
Example 1: The company has three departments, and the number of terminals in each department is between 50 and 60. The network segment 202.100.1.0/24 is used, and each of the three departments is assigned an network segment .
(1) What we now know is that the number of terminals in each department is between 50 and 60, taking the maximum value of 60. At this time, there is a formula to calculate 2n-2≥m, m=the number of terminals required, that is, 2n-2≥60. This condition is only met when n=6. (The most basic mathematical formula, I really forget to use a calculator.)
(2) gets the corresponding network bits: 32 (subnet mask 255.255.255.255) - host bits (N=6) = 26 (255.255.255 .192)
(3) Start to divide, borrow two digits from the host number of the network segment 202.100.1.0/24 to become the subnet number. You can divide 4 subnets of the same size. How can you get 4 quickly? 22=4. Of course, you can also list the possible combinations according to the following method, and you will know it naturally.
. The calculated subnet numbers are allocated to three parts in ascending order. Here, 202.100.1.0/26, 202.100.1.64/26, 202.100.1.128/26 are allocated. The rest is actually very simple to calculate how many host addresses there are.
Remember the above formula 2n-2. The reason for subtracting 2 is that there is a network address and a broadcast address. These two are unavailable, so you need to subtract each stroke. The divided subnets are all the same. You may have also discovered a characteristic. The more subnets are divided, each subnet needs to subtract 2 addresses. This part of the addresses is also wasted, but this is also a helpless choice. Compared with wasting more addresses, this situation is still acceptable. In addition, calculate the minimum available address and the maximum available address. For novices, you can list the binary as above. The minimum bit is all 0 (network address), and the maximum bit is all 1 (broadcast address). Remove these two addresses, and the rest is the available range.
Example 2: A certain company has 180 people, 110 people in the sales department, 55 people in the technical department, 10 people in the management department, and the financial department. 5 people, still use the network segment division of 202.100.1.0/24. This is different from the first one. The number of each department is the same in the first one, but this one is different. The number of people in each department is different. At this time, the division starts with the number of people with the greatest demand.
. Divide according to the demand quantity, starting from the largest to the smallest address demand. Calculate the sales department first. The formula is still the previous 2n-2≥m, m=the number of terminals required, that is, 2n-2≥110, N=7. Substitute in the same method and calculate the technical department N=6, the management department N=4, and the financial department N=3
. Network numbers of each department, sales department 32-7=25 (255.255.255.128), technology department 32-6=26 (255.255.255.192), management department 32-4=28 digits (255.255.255.240), financial department 32-3=29 digits (255.255.255.248)
. Start dividing. Start with the largest allocation, 7 host bits, and borrow one as a subnet bit.
. The first subnet occupies the addresses 1~127. Although the demand only requires 110, VLSM cannot do it exactly. It can only be the closest to the 110 demand. When dividing the second subnet, it needs to be non-duplicate with the first subnet.The first one of
has used 202.100.1.0/25, and the remaining 202.100.1.128/25 has not been divided. The second subnet will continue to be divided from this. (The number of hosts has been calculated in the first and second steps. The host number of the technical department requires 6 digits of )
In the same way, the second subnet segment uses 202.100.1.128/26, leaving 202.100.1.192/26, which the management department then divides.
uses the same method. The third subnet segment uses 202.100.1.192/28. There are three more that can continue to be used. Use the smallest one, 202.100.1.208/28, to calculate the financial department.
At this point, VLSM ends here. For novices, as long as they master this division method, they know how to divide and calculate. If you want to be proficient in this, you need to practice more, but the blogger here said that this division method is in operation in our work. Networks such as business operation and maintenance, finance, government and enterprises have strict requirements for address range and planning, and VLSM is often used. However, most common environments for small and medium-sized enterprise networks do not have such strict requirements for addresses. You may see more of this requirement in interviews or questions. After learning about private network addresses later, the blogger will introduce it based on the actual environment.
(3) CIDR (Classless Inter-Domain Routing or Classless Addressing)
As can be seen from the above two examples, VLSM divides a large network segment into multiple small subnets, allowing users with low address requirements to obtain a similar number of addresses to avoid waste. Its core concept is to borrow a host number and turn it into a subnet number. CIDR is just the opposite. Let's look at an example.
Example: A company's office network has 200 people, and uses a network segment of 192.168.100.0/24. There is a monitoring network, including warehouses, offices, and various areas. There are 500 cameras points . For the convenience of management, I hope that these 500 cameras are all in the same network segment. What should I do at this time?
From what I learned before, VLSM does not have this function. It can only divide an original network segment into multiple small subnet network segments, and a standard Class C/24 address can only have 254 at most. If you use 2 Class C addresses, you can indeed reach 500. However, they do not belong to the same network segment. If these two Class C addresses can be merged together and become one network segment, this will have enough addresses and meet the needs of being in the same network segment. CIDR is to solve such a scenario. Assume that the allocated network segment is 192.168.0.0/24, and the host slot can accommodate 500 addresses.
Let’s review first. The judgment of a network segment is that the network number of is the same as , and the host number is variable. If you want to meet 500 addresses, then the host number is 2n-2≥500, N=9, and then use 32-9=23 bits (255.255.254.0), which is equivalent to borrowing one bit from the network bit to use as the host bit, which is exactly the opposite of VLSM. After
CIDR, the equivalent of the final network segment is 192.168.0.0/255.255.254.0 (23 ), the available addresses are 192.168.0.1 to 192.168.1.254, then here is a more interesting thing, like 192.168.0.255, 192.168.1.0, if according to the Class C standard 24-bit mask code, it is obviously a network address and a broadcast address. This is also often asked in many interviews or questions. It will give you such an address and ask you whether it is a broadcast address or a network address. Many friends will ignore the subnet mask at the end and just The choice is yes, but you must actually look at the subnet mask. If it is a 24-bit mask, it is indeed yes, but if it is a 23 or 22 mask, it is not. From the above, you can calculate that the smallest host bit is 192.168.0 0 0 0 0 0 0
CIDR, which is that the network number must be kept the same. This is easy to understand. Just like the above requirement that 500 addresses be in the same network segment, isn't the judgment of the same network segment that the network number is the same? Therefore, when planning, please note that you cannot merge 192.168.0.0/24 and 192.168.2.0/24 into one network segment with 500 addresses, because the network numbers obtained are different. If you want to put 0.0 and 2.0 in the same network segment, they must be in borrowed locations.
Only the network number remains the same before you can proceed to the next step, but you will find that in this case there are more than 500 addresses, including four combinations of 0 network segment (0 0=0) 1 network segment (0 1 =1), 2 network segment (1 0=2), and 3 network segment (1 1=3). The address becomes 2^10-2=1022 host addresses.
CIDR also has the function of aggregation. It merges network segments with similar network numbers into a supernet (large network segment), which can greatly reduce the pressure on the router and make the forwarding of data packets more efficient. This will be covered when learning routing knowledge points, so I will mention it here.
Small experience sharing:
- CIDR is used a lot in practice. For example, in the network deployment of a shopping mall, everyone is responsible for different things. Maybe A is responsible for the planning and connection of network equipment. , B is responsible for monitoring this area. At this time, B came over and told A that I need 500 addresses or 1000 addresses to monitor this area. When planning the address, help me separate such a network segment for monitoring. Just tell me the range. This is the network segment of 192.168.0.0/23 or 192.168.0.0/22 introduced above. There are many such demands in the wireless environment, especially in public places with high mobility. In order to have enough addresses, a large network segment is sometimes divided to avoid insufficient addresses. The more you use
- CIDR, the more experienced you will become. For example, a /24 Class C standard address, borrowing one bit from the subnet mask (move one bit to the left), can merge two network segments into one large one, borrowing two bits (moving two bits to the left), you can merge four network segments, borrowing three bits can merge eight network segments, and so on. In practice, you can completely plan how many addresses a network segment will accommodate according to different scenario requirements to meet customer needs.
(4) Public and private network addresses
With the problems caused by the early planning of IP addresses, a large number of Class A addresses have been allocated in the early days. Class A addresses occupy one-half of the entire IP address and cannot be taken back. As a result, only Classes B and C can be allocated. Although there are VLSM and CIDR technology solutions, they can only alleviate the speed of IP address depletion, so a concept was proposed, private network addresses.
I mentioned before that the IP address has a unique identifier on the Internet. This refers to the public network address . What is the role of the private network address? It can be imagined that today's office building or a large-scale enterprise has anywhere from dozens to hundreds of people, and each person not only has an office computer, but may also have a mobile phone or tablet connected to the network. This consumes a lot of addresses. The role of a private network address is A small part of the previous categories A, B, and C were used as the range of private network addresses. The addresses in this range can be used by any company's LAN, as long as there are no duplication or conflicts of network segments in the same LAN. The emergence of private network addresses has also helped alleviate the depletion of IP addresses.
Some friends may find it strange. Company A uses 192.168.1.0/24, and Company B also uses 192.168.1.0/24. So wouldn’t they conflict when they go to the Internet? Yes, if the same address appears on the Internet, it will inevitably conflict. Therefore, private network addresses are clearly stipulated to only be used within the LAN and are not allowed to appear on the Internet. Usually operators will implement access policies to deny access to private network addresses on the user's device.Now that the conflict problem is solved, can the LAN using the private address not be able to access the Internet? The answer is definitely yes. I wonder if you have noticed that the all-in-one modem or router used at home is assigned an address starting with 192.168.0.0/24 or 192.168.1.0/24. From the above list, you can see that no matter it is 192.168.0.0 Still 192.168.1.0 belongs to the private network address range of Class C, but it is indeed possible to access the Internet. The public network address is not used on computers or mobile phones. This is a technology we will explain later, called NAT, its function is briefly introduced to convert private network segment into a public network address (an address that can access the Internet) to complete access to the Internet (this technology will be explained in detail later, but is briefly mentioned here)
(5) Public network address management organization
Private network IP addresses are planned and allocated by IT personnel corresponding to the scenario, while public network addresses need to be unique. There is a special management organization called ICANN (Internet Corporation for Assigned Names and Numbers). There is an organization under it called IANA, which is mainly responsible for the allocation of Internet IP addresses. The allocation method of
is based on state-by-state allocation. APNIC is mainly responsible for Asia-Pacific region (China, Japan, South Korea and other countries). Each country has its own specialized agency to manage and distribute to operators. In China, CNNIC's agency manages and distributes.
(6) IPV6
The technologies introduced above can only alleviate the depletion of IP addresses. As early as 2011, IP addresses have been After the allocation of is completed, operators and corresponding management agencies are also recycling some bankrupt companies and idle IP addresses, but this only treats the symptoms rather than the root cause. Sooner or later, they will be exhausted. Therefore, while proposing mitigation technologies, they are also thinking about planning a new address system, that is, IPV6.
IPV6 will not be covered in this course. Special courses will be held in the future according to the situation. Here is a brief introduction to the functions and benefits of IPV6.
. Huge address space
The address number of IPV4 is 32 bits. IPV6 fully considered future development and adopted 128 bits. When IPV6 appeared, there was a saying: every grain of sand on the earth can be assigned an address.
. Message improvements
IPV6 adopts a new protocol header and simplifies the format, which makes data packet processing more efficient and introduces a security mechanism.
. The neighbor discovery protocol
is introduced to replace the ARP protocol and DHCP protocol relied on in IPV4.(You will be exposed to these two protocols soon)
uses the actual environment to explain and parse some confusing places
The above topology is a common enterprise network architecture, and the middle equipment has not yet been learned. You may not understand the switching technology, but it doesn’t matter. The simple understanding is that this enterprise network has three intranets, an office network, a monitoring network, and a server network. The office network requires 100 terminals, the monitoring network requires 500 terminals, and the server network requires 10 terminals. The customer hopes that each network will have an independent network segment. So how should we plan this network segment in practice?
(1) The first planning method is to divide as many
- monitoring network 500 terminals as needed, and borrow positions from the network according to the CIDR method. , 2n-2≥500, N=9, 32 bits-9 bits=23 bits, the subnet mask is 255.255.254.0 (/23), select 192.168.0.0/23, the available addresses are 192.168.0.1~192.168.1.254htm There are 100 l21
- office network terminals. According to the VLSM method, borrow bits from the host, 2n-2≥100, N=7, 32 bits-7 bits=25 bits, the subnet mask is 255.255.255.128 (/25), and 192.168.2 is selected. 0/25, available addresses: 192.168.2.1~192.168.2.126
- 10 server network terminals, borrow bits from the host according to the VLSM method, 2n-2≥10, N=4, 32 bits-4 bits=2 8 bits, the subnet mask is 255.255.255.240 (/28), select 192.168.2.128/28, available addresses: 192.168.2.129~142
(2) The second planning method reserves space for 500 terminals in the
- monitoring network, which can give 1022 addresses, using 10.0.0.0/22, with a range of 10.0.0.1~10.0.3.25 4
- 100 office network terminals, given a class C address/24 digits, using 10.0.4.0/24, range 10.0.4.1~10.0.4.254
- . There are 10 server network terminals, and a class C address of /24 is given. Use 10.0.5.0/24, with a range of 10.0.5.1~10.0.5.254
. Beginners may use the first method. , because the method introduced above or when reading the knowledge points are introduced in this way, but in practice, many aspects must be considered.
- uses a private network address range in the LAN, and it is up to the IT manager to plan for it. As an IT staff, it is natural to consider the long-term point. Compared with the usual For common corporate networks, private network addresses are equivalent to free use. Do not use the same network segment in the same LAN. Therefore, the usual practice is to give a standard C class to those who only need 100 addresses, and a 23-bit or 22-bit network segment to those who need 400 to 500 addresses. A network segment of 10 servers can also be given a standard C class.
- provides ample address space for scalability. For example, there are currently 100 terminals on the office network, which are allocated 25 bits, and there are only 126 available addresses. If 50 terminals are added in the future, then the addresses of this network segment will not be enough. Based on this situation, an expandable space is usually reserved.
- For enterprises with multiple network segments, if network segments communicate with each other, they must rely on gateways. Since they are not in the same network number, one is given to the layer 3 device in each network segment as the gateway address. Usually, the first or last address of the network segment is used as the gateway, such as 192.168.0.0/25. You can use 192.168.0.1 or 192.168.0.126.
- try to avoid using network segments such as 192.168.0.0, 1.0, 2.0, and 31.0 when planning, because the initialization network segments of many network devices are in these. In order to avoid If there is a conflict, it is recommended to use other network segments 10, 172.16.~172.31 or 192.168 for planning and selection. The familiar optical modems and home routers use the three network segments 192.168.0.0 or 1.0 and 2.0.
- In work exchanges, you will often hear Class C addresses or Class B addresses. Although classified addresses are no longer used, this name has always existed. When others refer to Class C addresses, they refer to them. is the mask of /24, and the class B address refers to the mask of /16. The actual use is very flexible, 10.0.0.0/24, 172.16.0.0/24, or 192.168.0.0/16 are all acceptable.The
- address is designed to be continuous, and can be aggregated on three-tier devices later.
- is just a common planning method. In the follow-up, we will continue to explain various network structures. You just need to learn to use them flexibly.
(3) Some other experiences
subnet planning and division. For beginners, it is enough to understand the uses of VLSM and CIDR and how to divide it, because in practice, an embarrassing problem is often encountered, and the second planning method is used directly. If you use 24 or 23 bits, over time the corresponding subnet division will be used less and you will forget it, or you will rely more on calculation tools, just like the mathematics we learn from elementary school to high school, but most of the calculations in daily life rely on calculators, so for beginners, it is enough to know its purpose and how to divide it. Let me share some useful experiences here, which can help everyone in actual planning.
1, shorthand table
For IP address planning, after remembering the uses and division methods of VLSM and CIDR, and using this table, you can achieve good results. So what does this table have? Useful information is
- subnet masks. The table lists them from /8 to /32. You don’t need to remember them all. /22~/26 and /30 and /32 are often encountered in projects. Just remember these commonly used ones. If you encounter the rest, you can get it by checking or converting. The number of available addresses for
- can be seen in the last column, which lists the number of common addresses). For example, if you need 500 addresses, to find the closest 512, use the mask /23.
- Multiple subnets are divided. If the same number of hosts is required, you can refer to the number of subnets, how many network segments are needed, and the corresponding mask settings. If the host requirements are different, this can only rely on the VLSM algorithm, but this environment is usually rarely encountered.
, calculation tools
Just like the calculators we use in daily life, there are also calculation tools for subnet masks. For mobile phones, it is recommended to use a network multimeter (can be found in the app store or browser). For the computer version, you can search for the subnet mask calculation tool online on the web or the offline version. I will share this in the official account, and you can get it yourself.
, expression format
You may see this format in subsequent project implementation and customer requirements documents, such as office network: 192.168.10.0/24, monitoring network: 192.168.11.0/24, this means office The network is planned to be a network segment of 192.168.10.0 (host range 1~254), and the monitoring network is planned to be 192.168.11.0 (host range 1~254). When communicating with customers or peers, if the other party only tells the IP address but not the subnet mask, it is impossible to determine the size of the network segment. Only by clearly indicating the subnet mask can the size of the network segment be determined.
and other special addresses
may also see many special addresses in the follow-up, such as 0.0.0.0, 255.255.255.255, and 169.254.0.0/16, 127.0.0.0/8, etc. We will gradually come into contact with these in the follow-up, so we will not go into details here for now, otherwise there will be too many things and it will be easy to get confused.
"Connecting the past and the next"
We already know what an IP address is, how to divide it, the rules of communication, and the role of MAC address . So in the next article, we will learn how the terminal knows the other party's MAC address during communication, and what role the gateway plays. We will learn it from various aspects such as packet capture and illustration. The content of the next two articles is very important and needs to be read again and again.
