When you are working the other way, that is, when you've been told that this is network 192.168.16.0/23, I think it's even more useful to think about the "missing" bits. Let's take that one, for example. Obviously it is the "1" bit that is missing. What addresses does this network include?

First, remember that the bits that are masked are inviolate: you cannot change any of those or you are on a different network. So everything up through bit 23 is off limits. You can't change the 192, or the 168. The third octet can't be 18 or 192. That's obvious, right?

But you do have one bit in the third octet you can change, and that's the "1" bit. So the third octet could be 16 or 17 (use the Javascript Bit Twiddler if this is hard for you to see inside your head). Therefore, the possible addresses for 192.168.16.0/23 include 192.168.16.0 to 192.168.17.255. And that is an example of super-netting, which we'll touch more on later. Normally you won't see this kind of mask; you probably will see /25 through /30 (2 - 126 useable addresses). More on that below.

There's something very interesting about this situation, though. You have this 192.168.16.0/23 network. Obviously (I hope it's obvious), there are "unused" bits here that you aren't allowed to touch because of the mask.

Bits 3, 2 and 1 of the third octet (values 8, 4 and 2) are "covered" by the 23 bit netmask, but they are not set. The same is true for the 7, 6 and 5 bits. Those bits are all masked off, both unset and unavailable for you to use. Only the "16" bit is set within the 23 bit mask (but remember that it is within the mask, so it is off limits: you can't change it), and only the 0 bit is available for you to set or not set. Again, that gives you a subnet that covers both 16 and 17 in the 3rd octet. That gives you more adresses than you'd get with an old-style class C mask, but doesn't waste a class B.

What if you wanted to give someone less adresses than a class C? Simply, the mask would be more than /24. If you were given the CIDR address 201.123.45.48/30, you'd have 201.123.45.48, 201.123.45.49, 201.123.45.50 and 201.123.45.51 only.

Here's another way to think of all this:

A mask of 0 is 256 bits available (256 -0). That gives you 254 addresses because the bottom is the network and the top is the broadcast as always.

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 6.

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /30 is 4 addresses (but still only two useable).

Another way: In all cases, the /xx is the number of bits you can't change- the number of bits that fix your network. /32 is completely fixed to one address so is useless- and so is /31 which gives you 1 bit or two addresses. You can't do anything useful with 2 addresses because all you have is the network and the broadcast. The /30 (or 255.255.255.252) is the first useful mask. /30 gives you 2 bits to play with, so that's 4 addresses (but only two useable of course).

So:

/30 2 bits for you, 4 addresses, 2 useable.
/29 3 bits for you, 8 addresses, 6 useable.
/28 4 bits for you, 16 addresses, 14 useable.
/27 5 bits for you, 32 addresses, 30 useable.
/26 6 bits for you, 64 addresses, 62 useable.
/25 7 bits for you, 128 addresses, 126 useable.
/24 8 bits for you, 256 addresses, 254 useable.
 

What this is all leading up to is the concepts of Classless Interdomain Routing (CIDR) and Variable Length Subnet Masks (VLSM) . You may also have heard the term supernetting or network block; all of this stems from the abandonment of the original network classes (A, B, C).

What was wrong with the class scheme?

Mostly it's just that it was wasteful. Assigning an entire Class C ( /24 mask in the new terminology) to someone who needs half a dozen addresses or less is a terrible waste, and for a while it was looking as though running out of addresses was going to happen very quickly. A couple of things slowed that down, one of which was NAT (Network Address Translation, which means that a small subset of "real" addresses are used to let machines with "inside" addresses talk to the outside world. NAT is very much the same concept as proxying, except that the only thing that happens is that the address is translated) and the other was the CIDR concept we're discussing here.

A related problem was that the bigger guys, who needed more than Class C addresses, were looking at a rapidly diminishing pool of available Class B's (/16 masks), and most of them probably didn't need a full B block anyway. Supernetting multiple C blocks lets those folks get pretty close to what they actually need.

If you'd like to read more about this, I can suggest Managing IP Networks by Scott Ballew.

Got something to add? Send me email.

4 comments