----------------------------------------------------- SUBNETS.DOC -- 19980217 -- Email thread on Subnetting ----------------------------------------------------- Feel free to add or edit this document and then email it back to faq@jelyon.com Date: Thu, 17 Aug 1995 19:25:54 -0700 From: Hansang Bae Subject: Re: routing revisited Last Modified: 12 July, 1995 This is a rough draft. If you have any suggestions or comments, please email me at hbae@primenet.com. Thanks. I wrote this primer of sorts in hopes that it will help out network admins new to TCP/IP. New to the concept of subnetting, anyway. Subnetting a Class B address at the byte boundry is pretty simple. So I'll concentrate on subnetting a Class C address. Please do not use these addresses, since they really do exist! Thanks to steved of IBM who allowed me to use his IP address as an example. Again, PLEASE DO NOT USE HIS ADDRESS!!! Also, here are some recommended readings. 1. "Internetworking with TCP/IP Vol. I" By: Douglas E. Comer. Publisher: Pretice Hall IMHO, it's the definitive work on TCP/IP. HIGHLY recommended. 2. "TCP/IP Network Administration" By: Craig Hunt. Publisher: O'Reilly & Associates, Inc. Part of the Nutshell series. Practical and a MUST-HAVE for any Unix network admins. 3. RFC 950 and 917. Ftp to nic.ddn.mil /rfc/rfcxxx.txt . RFC 950 is the RFC that I allude to in the following examples. A user posted this to the net. I'll use it as my example: I'm trying to split it up into two different subnets. bind ip to ip1 addr=204.32.24.13 mask=255.255.255.128 bind ip to ip2 addr=204.32.24.243 mask=255.255.255.128 It then complains that the subnet is all zeros or ones. Couple of observations. 1. Address in the range of 192-223 (first octet) is a class C address. That is, addresses in 192.x.x.x to 223.x.x.x. 2. Class-C address have a network mask of 255.255.255.0 3. When working with SUBnetwork masks, use binary numbers. 4. 255 in decimal is 1111 1111 in binary. 5. You cannot have all 0's or all 1's subnetwork. Per RFC 950 6. IP address are composed of 4 octets (i.e. 4 bytes). Netmask means that where ever you have a 1, disregard it since it belongs to the network portion. The rest makes up your host portion. So your IP address is really [NETWORK_PORTION][HOST_PORTION] When you borrow bits from the host portion, you are - as people commonly call it - subnetting. The RFCs state that you CANNOT have an all zero or all ones SUBNET. But the first three octets are all ones, you say! But they are NOT subnetworks. They are the network MASK. By definition, a class C address has three octets worth of network portion (hence the network mask of 255.255.255.0). At this point you are not SUBnetting. When you STEAL bits from the host portion, you are subnetting. It's easy to get confused about not being able to have all one's or all zero SUBnet when your NETMASK is comprised of all ones! But remember, your NETMASK is different then your SUBNETwork. To make it more clear, here are some examples. So, inorder to subnet, you have to have a minimum of two bits for your subnet MASK. i.e. 11111111.11111111.11111111.11 000000 dec=255.255.255.192 The above two values are subnet MASKS. (and are equivalent. Ones in decimal and the other in binary) This subnet mask allows you to have the following SUBNETWORKS: 1) 11001100.00100000.00011000.00 000000 (204.32.24.0) 2) 11001100.00100000.00011000.01 000000 (204.32.24.64) 3) 11001100.00100000.00011000.10 000000 (204.32.24.128) 4) 11001100.00100000.00011000.11 000000 (204.32.24.192) ^^^^^^--- Host portion ^^---------- Subnetwork portion. ^^^^^^^^^^^^^^^^^^^^^^^^^^------------- Network portion. So following the RFCs, 1) and 4) are not usuable. All zero and all one's subnetworks are not allowed, remember? This means that we have TWO usable subnetworks. Both will use the subnetwork MASK of 255.255.255.192. SubnetMASK of 255.255.255.128 (what the orig poster used) is: 11111111.11111111.11111111.1 0000000 in binary. Remember, the above is subnetwork MASKs. _NOT_ subNETWORKs. This allows you to have subnetworks of: 1) 11001100.00100000.00011000.0 0000000 (204.32.24.0) 2) 11001100.00100000.00011000.1 0000000 (204.32.24.128) ^^^^^^^--- Host portion. ^----------- Subnetwork portion. ^^^^^^^^^^^^^^^^^^^^^^^^^^------------- Network portion. Both are not usuable because you can ONLY have all 1 and all 0 SUBnetworks. Using 255.255.255.192 allows you to have TWO usuable subnets 2, and 3 in the first example. Since you have six bits in the host portion, that means that you have a total of 64 possible choices. Why 64? Because you have 6 bits to play with for the host portion. So in binary, this is: 000000 through 111111 or 0 through 63 in decimal. But one is used to denote "This network" and another is used to denote "broadcast". Therefore, you end up with 2 sets of 62 hosts. ie. 2 subnetworks with 62 hosts each (with two set aside for 'this network' and 'broadcast' in each of the two subnetworks.) They are: 11001100.00100000.00011000.01 000000 == 204.32.24.64 This denotes the 'current' subnetwork. This is one of the special IP addresses that is reserved. You cannot use this for one of your hosts. 11001100.00100000.00011000.01 000001 == 204.32.24.65 This is the FIRST usuable host address for the subnetwork of 204.32.24.64 11001100.00100000.00011000.01 111110 == 204.32.24.126 This is the LAST usuable host address for the subnetwork of 204.32.24.64 You can, of course, use any IP address in btn the two. 11001100.00100000.00011000.01 111111 == 204.32.24.127 This is the broadcast address for the subnetwork of 204.32.24.64 you cannot use this as a host address. It's the second of the special IP addresses that is reserved. This address denotes EVERY host on this particular SUBNETWORK. Next subnetwork is: 11001100.00100000.00011000.10 000000 == 204.32.24.128 This denotes the 'current' subnetwork. Again, this is one of the special IP addresses that is reserved. 11001100.00100000.00011000.10 000001 == 204.32.24.129 This is the FIRST usuable host address for the subnetwork of 204.32.24.128 11001100.00100000.00011000.10 111110 == 204.32.24.190 This is the LAST usuable host address for the subnetwork of 204.32.24.128 You can, of course, use any IP address in btn the two. 11001100.00100000.00011000.10 111111 == 204.32.24.191 This is the broadcast address for the subnetwork of 204.32.24.128. you cannot use this as a host address. It's the second of the special IP addressess that is reserved. Again, it denotes every HOST on this particular SUBNETWORK. Here are some more examples (taken from TCP/IP Network Administration.) IP SUBNET MASK Interpretation A) 128.66.12.1 255.255.255.0 host 1 on subnetwork 128.66.12.0 (note: this is a class b address) B) 130.97.16.132 255.255.255.192 host 4 on subnet 130.97.16.128 C) 192.178.16.66 255.255.255.192 host 2 on subnet 192.1778.16.64 D) 132.90.132.5 255.255.240.0 host 4.5 on subnet 132.90.128.0 E) 18.20.16.91 255.255.0.0 host 16.91 on subnet 18.20.0.0 Let's break each on down and look at it in detail. Case A. You can tell that this is a class B by looking at the first octet (128.x.x.x) Class B address have a NETWORK mask of 255.255.0.0. This is not an option. It's required. It's subnetted using 8 bits from the third octet. Probably the most common way of subnetting a Class B address. This gives you 254 (1-254) usualbe subnetworks. Again, subnetwork of 0 and 255 (all ones) are not allowed. Each subnetwork can have 254 hosts. Host number 0 and 255 are not allowed. It denotes 'this network' and 'every host' respectively. i.e. 128.66.12.0 means subnetwork of 128.66.12. 128.66.12.255 means every host on subnetwork 128.66.12.0. Because of the NETWORK maks of 255.255.0.0 and the SUBNETWORK mask of 0.0.255.0, your effective network mask is 255.255.255.0. This means that you ignore the firs three octets since it belongs to the network portion. The last octet alone is used to determine the host. Since it's "1", it means its the FIRST host. Again, there is no host "0" Case B. Again, it's a class B address, with network mask of 255.255.0.0 It's subnetted using ALL of the third octet (8 bits) and two BITS from the fourth octet. Subnet mask is 0.0.1111 1111.11000000 or 0.0.255.192 in decimal. The effective network mask (network mask + subnetwork mask) is 255.255.255.192. So our IP address of 130.97.16.132 in binary (last octet only) is: 130. 97. 16.10000100 This is the IP address. 255.255.255.11000000 This is the mask. -------------------- Wherever there is a zero (remember that 255=11111111) in the mask, allow the number to filter down. So ***.***.***.**000100 Is the host number. This is 4 in decimal notation. So what is the subnetwork number? Well, the subnetwork consists of all three octets (130.97.16) and the first TWO bits from the fourth octet. In this case, that's "10" But remember that their place is significant. i.e. it's (1 x 2^8) + (0 x 2^7) = 128. So your subnetwork is: 130.97.16.128. Case C. This is a class C address. Network mask = 255.255.255.0 It's subnetted with the first two BITS of the fourth octet. i.e. 11000000 = 192 in decimal. 192.178. 16. 01000010 This is the IP address. 255.255.255. 11000000 This is the mask. --------------------- Do as above (B) example. ***.***.***.**0000010 Is the host number. This is 2 in decimal. Subnet is 192.178.16.01xxxxxx or more explicitely 192.178.16.(0x2^8)+(1x2^7) == 192.178.16.64. The 'x" belong to the host. It's only used as a place holder. Case D. This is a class B address. Network mask = 255.255.0.0 It's subnetted using the first half of the third octet (4 bits). 132. 90.10000100.00000101 This is the IP address. 255.255.11110000.00000000 This is the mask. ------------------------- Do as above (B) example ***.***.****0100.00000101 Is the host number. This is 4.5 in decimal. This is not "four and a half!" It's host "four dot five." The subnetwork number is: 132.90.1000****.******** or 132.90.(1x2^8)+(0x2^7)+(0x2^6)+(0x2^5)**** == 132.90.128 Notice that this is 'different' than the previous examples. The host has two portions to its ID (4.5). Why? Because the third octet is part of the SUBNET and the HOST portion. Plus you have ALL of the last octet as your HOST portion. In the previous examples, ALL of the third octet were being used as the SUBNETwork portion. As a result, only the LAST octet was used in the HOST portion. ------------------------------ Date: Tue, 29 Aug 1995 15:41:41 -0600 From: Joe Doupnik Subject: Re: class c confusion >I am having a problem using my class c licience . >I was given the class c address 204.255.8.0 to allow pc users to >access the vax from the lan room. The file server has 2 NICS attached , >one on the backbone (where the vax is located) address assigned is >192.75.12.165. The other NIC is attached to a length of coax (I have assigned >the address 204.255.8.01) I have consulted the online documentation but I >have made an error. When I use kermit it tells me it can not resolve the >host address. > > >autoexec.ncf > >load smc8000 port=300 frame=ether_ii name=TSN >load smc8000 port=360 frame=ether_ii name=backbone >bind ipx backbone net=01 >bind ipx tsn net=03 > >load tcp forward=yes > >bind ip backbone ad=192.75.165 ma=255.255.255.0 >bind ip tsn ad=204.255.8.01 ma=255.255.255.0 -------- You omitted a default gateway clause, and the SNMP line. Here is the way to accomplish the job, lifted straight from the FAQ: load ne3200 slot=1 frame=Ethernet_II name=bbone load ipxstack load ipxrtr routing=nlsp mcast=yes bind ipx bbone net=817b0100 nlsp=yes load remote password load rspx load pserver edu-usu-netlab2 load snmp ControlCommunity=password TrapCommunity=password load tcpip rip=no forward=no bind ip bbone ad=129.123.1.44 ma=255.255.255.0 ga=129.123.1.254 load rdate /p 60 /v 10 129.123.1.9 129.123.1.2 129.123.1.7 etc If you neglect to use the SNMP line then it is loaded by tcpip with public access (not what you want to have happen). On Load tcpip say RIP=NO to prevent routing confusion. In your case Forward=yes to route IP between boards (only one board shown above, natch). >----------------------- >;kermit ini for pc on sub net (tsn) > >set tcp address 204.255.8.02 ; an address i chose from the class c >set port tcp 192.75.12.103 ; addres of vax server >set tcp gateway 204.255.8.01 ; addres of card in server These are fine. Be sure to set the subnet mask too, of course. Joe D. >---------------------- >I am using vlm1.2 with odipkt & the pc setup works on the backbone but >not on the subnet. > >Is there some info that will guide me thru this ( i tried the novell manual) >, or can any one see something obviously wrong with what I have done. > >Paul Karrel (computer support) >Trent University ------------------------------ Date: Fri, 8 Sep 1995 13:35:50 GMT+0100 From: William Sadler <16913_SU@FIR.COSSOR.COM> Subject: Re: TCP/IP and variable subnet masks >From: Steve Dunn > Our company presently has four networks populated with machines, one >point-to-point link, and a second point-to-point link will be coming >online in a month or so. We have been assigned a class C address in >preparation for hooking up to the Internet. Basically, our networks >look like: > > Network A >Server---------------------------- >| >| WAN >| Network B >Router------------------------ > | \ > | \ Network C > | ---------------------- > | > | Network D > +--------------------- > >Server: NetWare 4.02A; the second point-to-point link will also come > from this box to another not presently on our network. TCPIP.NLM > version 2.02l > >Router: NetWare 3.12. TCPIP.NLM 2.02i > >WAN: Implemented with Digi PCIMAC cards, as the forthcoming point-to-point > link will be. > >Network A, B, C, D: Ethernet; A, B, and C each need a subnet of 30 > hosts, while D could make do with 14 but has been given 30 anyway. > > I had hoped to use four 30-node subnets (.32, .64, .128, and >.192) for my four networks, and two 2-node subnets (.244 and .248) >for my point-to-point links. However, my NetWare 4.02A box refuses >to run the 2-node subnets, saying "Cannot support a.b.c.244 with >mask 255.255.255.252 because it conflicts with a.b.c.64 with mask >255.255.255.224, an address IP is already supporting on another >interface." The manual claims that this error message means my >subnet mask is illegal. > > AFAIK, having a single class C address subnetted into different- >sized subnets is RFC-legal, isn't it? I'm avoiding any subnets with >all zeroes or all ones. I do know there's a vague warning in the >manual that while TCPIP.NLM supports different subnet masks on >different ports, it's not recommended and there are certain combinations >which don't work. I also know I can't use RIP with this mishmash of >subnet masks; I can live with that. > > Did I, in fact, do something illegal, or is this just a limitation >with NetWare's TCP/IP implementation? Temporarily, I've reassigned >.96 and .160 for my point-to-point links, using the same 30-node >subnets ... it's quite a waste, though, and I expect that I will need >at least one of those for future expansion. Would MPR solve my >problem? > > I'd prefer not to have to mix subnet masks like that, but it does >seem like a waste to ask for a second class C just so I can hook up >two point-to-point links with it, while I have spare addresses on >my first class C ... Also, I've left .96 and .160 unallocated, as >.64 and .128 are my two largest networks and should either one need >to expand beyond 30 nodes, it could be done just by just expanding the >subnet mask - but only if I can have different subnet masks on the >same class C network. Use a "Private Network Number", (see RFC 1597 for private numbers), for the point to point link and make sure that that the Server's IP address for external use, (if required), as advertised by your DNS is the one on Network A. Having proposed a solution I can see that it may may not work with a sub-net split by the WAN! Question: Can the server Netware TCP/IP suport a static route to a part of a sub-net that it is directly attached to via another net? If the network numbers were: Network A xxx.xxx.xxx.32 Mask 255.255.255.224 Network A xxx.xxx.xxx.64 Mask 255.255.255.224 Network A xxx.xxx.xxx.128 Mask 255.255.255.224 Network A xxx.xxx.xxx.192 Mask 255.255.255.224 WAN 10.10.10.0 Mask 255.255.255.252 ie. WAN was a to node network: Server 10.10.10.1 Router 10.10.10.2 and the static routes on the server xxx.xxx.xxx.32 via 10.10.10.2 the static routes on the router xxx.xxx.xxx.64 via 10.10.10.1 xxx.xxx.xxx.128 via 10.10.10.1 xxx.xxx.xxx.192 via 10.10.10.1 It will work with different sub-net, (A,B or C Class number), on each side of the WAN. Extract from RFC1597: Address Allocation for Private Internets [snip] 3. Private Address Space The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 [snip] An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise. William Sadler Network Administrator Cossor Electronics Phone: UK(44) 1279 407025 Fax: UK(44) 1279 407384 ------------------------------ Date: Fri, 8 Sep 1995 20:37:14 +0000 From: Daryl Banttari Subject: Re: tcp/ip problem >The problem we have is that during loading and binding of the IP >stack/protocol no errors occure but we cann't get through the server. >tcpip is loaded with option forward=yes. > >I can ping from a workstation to the server and can ping from the >server to the rest of the world but cannot ping from a workstation to >the rest of the world. Presume you have two IP subnets... 100.100.100.0 and 100.100.101.0. Bind 100.0 to interface "A" as addr=100.100.100.253, bind IP to interface "B" as 100.100.101.254. Internet router is at 100.100.100.254. Presuming most of your traffic is outbound, workstations on segment "A" should have their default router set up as 100.100.100.254 (the router), workstations on segment "B" should have their default router set to 100.100.101.254 (the server.) Here's the trick: you have to set a default router for the server. The easy way is to add a GATE= entry to the BIND line, ex: BIND IP to My_Nic ADDR=100.100.100.253 MASK=255.255.255.0 GATE=100.100.100.254 (uh, that's suppossed to be all one line, of course.) Now, Netware will route any "unknown" packets to the "smart" router, where they will be sent on their merry way. Make sure the router knows that any return packets to segment "B" (101.0) need to go by way of 100.253. The router may need to be configured for this; hopefully it will learn about the route via RIP. Call the "router people" to make sure they know how to access the segment on the other side of your server. Hopefully it's just the "gate=" thing. Incidentally, you can add a default gateway on the fly using TCPCON. (LOAD TCPCON) I don't recall the details with enough clarity to describe here tho. Daryl Banttari, CNE ------------------------------ Date: Wed, 13 Sep 1995 18:00:34 CETDST From: David Hanson Subject: Re: routeing Kermit thru NW 312 server >From: PK >I am trying to use Kermit on a sub net. How do you derive a network's >subnet mask. When I use kermit now I get the message 'error resolving >the host address (192.12.75.103)'. I thought a sub netmask of >ff.ff.ff.0 would retain the first 3 groups of numbers & cut off the last group. >Which would leave the actual network address where the packet is destined for. > >Is the mask used for Binding ( in autoexec.ncf) different than the mask >kermit uses? Should the gateway refered to in the bind statement for the >backbone nic be the network gateway address or the backbone nic address.? > >--- Server setup: 2 nics > 192.12.75.165 c0.c.43.a5 backbone where host is > 204.255.8.01 cc.ff.8.01 subnet portion > >autoexec.ncf > >load snmp controlcommunity=xx trap=xx >load tcpip rip=no forward=yes >bind ip to backbone ad=192.12.75.165 ma=255.255.255.0 ga=192.12.75.244 >bind ip to tsn ad=204.255.8.01 ma=255.255.255.0 ga=204.255.8.01 > >----- mskermit.ini >; >; > SET TCP/IP ADDRESS 204.255.8.02 ; My PC's numeric IP address > SET TCP/IP SUBNETMASK 255.255.255.0 ; My physical network's subnet mask > >????; is this correct. ?????????? > > SET TCP/IP domain tsn.trentu.ca ; this is the subnet name > SET TCP/IP GATEWAY 204.255.8.01 ; nic in server IP address > SET TCP/IP PRIMARY-NAMESERVER 192.12.75.103 ; Primary nameserver's address > SET TCP/IP SECONDARY-NAMESERVER 192.12.75.200 ; fallback nameserver address > > SET TCP/IP BROADCAST: 255.255.255.255 ; My network's broadcast address > >------------- > calculating subnet mask ???? > >host address 192.12.75.103 c0.c.43.67 > >backbone nic address 192.12.75.165 .a5 >subnet " " 204.255.8.01 cc.ff.8.01 > >normal mask 255.255.255.0 ff.ff.ff.00 > >1) normal mask (ff.ff.ff.0) - subnet mask = subnet adress (cc.ff.8.0) > > subnet mask (xx.xx.xx.xx)- normal (ff.ff.ff.0)= sub add (cc.ff.8.0) > >sub add +normal mask= subnet mask ??????????????? > > cc.ff.8.0 > ff.ff.ff.0 + > ----------- > 1cb.1fe.107.0= subnet mask ????????????? use this in kermit > Whoa, you lost me there... >The RFCs (Request For Comments, the papers which define Internet >standards) governing IP addressing state that no portion of a >node's address may consist of all zeros or of all ones. You can >logically break down an address into three components where subnetting is >used (the network address; the subnetwork address, which is the >difference between the subnetwork mask and the normal mask used >for that address class; and the node address). 192.12.75.0 is the class C address you are starting with. The "normal" mask for a class C is 255.255.255.0. This means that the first three octets represent the network portion of the address and the fourth octet represents the host portion of the address. If you wish to use this address space across a router, then you will need to subnet it further. This involves taking bits from the host portion of the address and using them to extend the network portion of the address. This gives you subnetworks that you can route between. So if you wish to route through the NW server, you have to extend the subnet mask beyond 255.255.255.0. To do this, you first have to deal with the trade-offs. Nothing is free! Let's look at the simplest case, where you just want the two subnets. When looking at subnet masks, it is extremely helpful to convert all values to binary (hex is no better than decimal for this process). To get two useable subnetworks, you have to use a mask of 255.255.255.192 (1111 1111.1111 1111.1111 1111.1100 0000). The way you combine the address and mask to yield your subnet is two steps. 1. Convert all values to binary (not hex!). 2. Do a bitwise AND with the address and the mask to yield the subnetwork portion of the address. This process will yield 4 subnetworks, 192.12.75.0, 192.12.75.64, 192.12.75.128, and 192.12.75.192. Since the network portion of the last octet cannot be all ones or all zeros (per the RFC), then you have two useable subnets, 192.12.75.64 and 192.12.25.128. Notice that this means that one subnet will contain the range of addresses from .65 to.126 and the other contains the range of addresses from .129 to .190, so you went from 254 useable host addresses to 122 useable addresses, 61 per subnet. This is what I mean by nothing being free. You will lose fewer host addresses if you use a longer subnet mask, but that also means fewer host addresses per subnet, so it is a trade-off. > A text file explaining how to derive the ip values for kermit and > novell would be so helpful or better a demo using the values for Trent U. If you are actually doing this to connect to the Internet, then you better consult with the powers that are responsible for IP addressing at your site. It is a big-time no-no to just arbitrarily (or incorrectly) choose IP addresses for your subnets. ------------------------------ Date: Wed, 13 Sep 1995 15:09:23 -0600 From: Joe Doupnik Subject: Re: routeing Kermit thru NW 312 server >I am trying to use Kermit on a sub net. How do you derive a network's >subnet mask. When I use kermit now I get the message 'error resolving >the host address (192.12.75.103)'. I thought a sub netmask of >ff.ff.ff.0 would retain the first 3 groups of numbers & cut off the last group. >Which would leave the actual network address where the packet is destined for. > >Is the mask used for Binding ( in autoexec.ncf) different than the mask >kermit uses? Should the gateway refered to in the bind statement for the >backbone nic be the network gateway address or the backbone nic address.? > >--- Server setup: 2 nics > 192.12.75.165 c0.c.43.a5 backbone where host is > 204.255.8.01 cc.ff.8.01 subnet portion > >autoexec.ncf > >load snmp controlcommunity=xx trap=xx >load tcpip rip=no forward=yes >bind ip to backbone ad=192.12.75.165 ma=255.255.255.0 ga=192.12.75.244 >bind ip to tsn ad=204.255.8.01 ma=255.255.255.0 ga=204.255.8.01 The second line has a error. Do not use a second gateway= since only one is permitted on the server. Please remove ga=204.255.8.01. Ditto the second ma= phrase. >----- mskermit.ini >; >; > SET TCP/IP ADDRESS 204.255.8.02 ; My PC's numeric IP address > SET TCP/IP SUBNETMASK 255.255.255.0 ; My physical network's subnet mask > >????; is this correct. ?????????? > > SET TCP/IP domain tsn.trentu.ca ; this is the subnet name > SET TCP/IP GATEWAY 204.255.8.01 ; nic in server IP address > SET TCP/IP PRIMARY-NAMESERVER 192.12.75.103 ; Primary nameserver's address > SET TCP/IP SECONDARY-NAMESERVER 192.12.75.200 ; fallback nameserver address > > SET TCP/IP BROADCAST: 255.255.255.255 ; My network's broadcast address These are fine. >------------- > calculating subnet mask ???? This part is not so fine, and I suggest you follow the advice offered earlier today in response to your message. >host address 192.12.75.103 c0.c.43.67 > >backbone nic address 192.12.75.165 .a5 >subnet " " 204.255.8.01 cc.ff.8.01 > >normal mask 255.255.255.0 ff.ff.ff.00 > >1) normal mask (ff.ff.ff.0) - subnet mask = subnet adress (cc.ff.8.0) > > subnet mask (xx.xx.xx.xx)- normal (ff.ff.ff.0)= sub add (cc.ff.8.0) > >sub add +normal mask= subnet mask ??????????????? > > cc.ff.8.0 > ff.ff.ff.0 + > ----------- > 1cb.1fe.107.0= subnet mask ????????????? use this in kermit > >The RFCs (Request For Comments, the papers which define Internet >standards) governing IP addressing state that no portion of a >node's address may consist of all zeros or of all ones. You can >logically break down an address into three components where subnetting is >used (the network address; the subnetwork address, which is the >difference between the subnetwork mask and the normal mask used >for that address class; and the node address). > > A text file explaining how to derive the ip values for kermit and > novell would be so helpful or better a demo using the values for Trent U. It is fundamental IP knowledge, so we refer you to standard books on the subject, often Douglas Comer's volume 1 of "Internetworking with TCP/IP". Novell's TCP/IP manual (NW 3/4) is also good reading these days, as are a number of paperbound books in book stores. Hint: the GATEWAY is the only way off the LOCAL IP network, and thus it is Always On The Local Network (as well as on other networks). That's why it is named a gateway. IP routers are IP gateways. Your local IP Responsible Person should be able to supply all the IP values for you, and it is a heineous net.crime to invent them yourself (oh my goodness). Joe D. ------------------------------ Date: Tue, 21 Nov 1995 19:17:38 +0000 From: Richard Letts Subject: Re: TCPIP.NLM: Subnet value = all ones? >Michael Roth (mroth@WIRELESS.RCH.MCI.COM) wrote: >>Well, I was under the impression that when using the subnet mask of >>255.255.255.192 that you only get 2 useable subnets (masks of all 0's >>and all 1's being illegal). > >Thanks! That is exactly what Novell's TCPIP.NLM is saying. But >is all 1's in subnet bits really illegal? I'm having a hard time >agreeing with this (as with real routers, I do it all the time..). >Routers may also agree to subnet-zero (all 0 subnet field), but >this may require special settings. I never seen any objection >(or problem, for that matter) with all-one subnet fields, and I've >put up some pretty large (and small..) IP internetworks... Richard's quick question paper on IP addressing: 1) My station is on the network 146.87.1.0 I send a packet to 146.87.255.255 is this a) a broadcast to all 146.87.x.x sub-networks b) a broadcast to all nodes on my cable c) a broadcast to all nodes on 146.87.255.128 2) Is a packet addressed to 146.87.0.10 a) a unicast packet to the node 146.87.0.10 b) a unicast packet to the nearest router regardless of the network 3) For bonus marks: what is the subnetwork mask in use on the network Richard Letts Network Manager mail: R.J.Letts@salford.ac.uk University of Salford phone: +44 161 745 5252 Great Britain fax: +44 161 745 5888 ps. read comer: Internetworking with TCPIP volume 1 chaper 16 for details ANSWERS: 1)a -- using this subnet can lead to excessive broadcast traffic. if in a PURE classless environement (c) is correct, but most unix systems cannot cope with this, and few routers at that! 2)b -- minor loss of functionality. this is arcane usage of IP! 3) impossible to tell from the information given. In general stations use 255.255.255.128. Where the router provides proxy-arp the netmask of clients is set to 255.255.0.0. Routers use masks of: 255.255.255.128, 255.255.255.0, 255.255.255.254, 255.255.255.252 depending upon the network design. The switched-ethernet networks use the larger subnet masks. ------------------------------ Date: Tue, 21 Nov 1995 14:11:13 -0600 From: Joe Doupnik Subject: Re: TCPIP.NLM: Subnet value = all ones? >Yes, this is all truebut I guess the question of how many useable subnets >that you get depends on whether you are starting with a Class B or Class C >address. If its a "B" then you can use all four subnets (assuming mask of >255.255.255.192) for a given number (I'm pretty sure), but if its a "C" then >all you can use is the middle 2. And it boils down to the number of bits that >you are using in each case for the network portion and the host portion. >However, it much simpler to just print out RFC 1860 and follow the rules >and not try to understand them ;-) -------- No, da_nit, no. It is foolhardy to behave this way. As Richard explained RFC1860 is for CIDR (Classless Internet Domain Routing) ONLY, and very very few systems you can touch support CIDR. I say strongly: read and understand the subnet portions of RFC1122.TXT because they apply. No all 1's, no all 0's fields; and may your connectivity prosper. Joe D. --------- >>> Michael Roth (mroth@WIRELESS.RCH.MCI.COM) wrote: > >...stuff missing > >>1)a -- using this subnet can lead to excessive broadcast traffic. >> if in a PURE classless environement (c) is correct, but most unix >> systems cannot cope with this, and few routers at that! >>2)b -- minor loss of functionality. this is arcane usage of IP! >>3) impossible to tell from the information given. In general stations >>use 255.255.255.128. Where the router provides proxy-arp the netmask of >>clients is set to 255.255.0.0. Routers use masks of: 255.255.255.128, >>255.255.255.0, 255.255.255.254, 255.255.255.252 depending upon the network >>design. The switched-ethernet networks use the larger subnet masks. ------------------------------ Date: Tue, 12 Dec 1995 14:14:12 +0100 From: "David W. Hanson" Subject: Re: Subnet Mask >Is it possible to subnet a class C address - I tried this on our 3.11 >server using a mask of 255.255.240.0 but it insists on using a mask >of 255.255.255.0 . Does anyone now of an RFC that covers this ? To the concept of subnetting is to extend the network portion of the address by "borrowing" bits from the host portion of the address. The default subnet mask for a class C address is 255.255.255.0, meaning that the first three octets are the network portion of the address and the last octet is the host portion. To subnet, you must -extend- the network portion of the address, not truncate it. An example of a valid subnet mask for a class C address is 255.255.255.240, which yields 14 legal subnets with 14 hosts on each subnet. (I know that "real" routers can see the 0 network, but the RFC says no). To see what is really happening with the subnet mask, you must convert each octet to binary so that you can see the mask as a mask. Read Douglas E. Comer's "Internetworking With TCP/IP Volume I", ISBN 0-13-474321-0, Chapter 16 for all of the details. Relevant RFC's are: - Subnet Addressing - 950, 932, 936, 940, & 917 - Broadcasting in the presence of subnets - 922 - Proxy ARP - 925, 1027 ------------------------------ Date: Mon, 26 Feb 1996 19:43:17 +0100 From: Robert Olsson Subject: Re: IP Address Ranges >I know this isn't strictly Novell, but it does have to do with my >Novell based network... > >Could someone tell me (or point me to a good WWW reference) that >describes a "standard" or appropriate use of IP addresses? Several >weeks ago, someone posted a message like this: > >xxx.xxx.xxx.0 -Reserved >xxx.xxx.xxx.1 to 56 -Blah, blah, blah >xxx.xxx.xxx.57 to 127 -Blah, blah, blah >xxx.xxx.xxx.128 to 254 -Dynamic addresses >xxx.xxx.xxx.255 -Broadcast? > >What I'm really looking for is a "guide" to IP address assignment. >Are there standard addresses for gateways? dns servers? web servers? There is no guide. If you're gonna hook up to the Internet, get an official net-address from your Internet provider (in which case you'll probably end up with a class-C address unless your company is a big one). If you're gonna use a firewall you don't really have to worry about your internal addressing since it's only the firewall address that will be accesable. If you network is isolated from the outside world you can pick any net-address of your own choosing. It might be a good idea to get an official address anyway, because sooner or later you'll find yourself connected to someone or something else out in the big world. It's better to do it right the first time than having to re-do your entire networking setup. For "internal" networks there are actually a number of network addresses reserved for that specific use: class A 10.0.0.0 - 10.255.255.255 (one net) class B 172.16.0.0 - 172.31.255.255 (16 nets) class C 192.168.0.0 - 192.168.255.255 (255 nets) These nets are reserved for internal use, and as such they shouldn't be seen on the real Internet. When it comes to subnetting here is a short guide (it may be the one you referred to): Class B Effective Effective # bits Mask Subnets Hosts ------- --------------- --------- --------- 2 255.255.192.0 2 16382 3 255.255.224.0 6 8190 4 255.255.240.0 14 4094 5 255.255.248.0 30 2046 6 255.255.252.0 62 1022 7 255.255.254.0 126 510 8 255.255.255.0 254 254 9 255.255.255.128 510 126 10 255.255.255.192 1022 62 11 255.255.255.224 2046 30 12 255.255.255.240 4094 14 13 255.255.255.248 8190 6 14 255.255.255.252 16382 2 Class C Effective Effective # bits Mask Subnets Hosts ------- --------------- --------- --------- 2 255.255.255.192 2 62 3 255.255.255.224 6 30 4 255.255.255.240 14 14 5 255.255.255.248 30 6 6 255.255.255.252 62 2 Remember that nets and hosts with all ones or all zeros are invalid, so you always loose two nets and two hosts each time you subnet (that's why a 1 bit subnet doesn't work) ------------------------------ Date: Mon, 18 Mar 1996 10:02:54 -0600 From: Joe Doupnik Subject: Re: TCPIP - How to join two class C networks >We are trying to expand our IP address range from one C class >to two joined class C networks - 192.38.32.x and 192.38.31.x >Can you tell me have we can force the TCPIP to accept the >mask 255.255.254.0 ? >INETCFG won't accept other masks for class C networks than >255.255.255.X (X>=0) >If i use the bind command, it simply ignores the mask parameter, >if it is'nt at least 255.255.255.0 and selects the default >class C mask (255.255.255.0) ---------- It's called "supernetting" (versus subnetting), it falls under the CIDR (Classless Internet Domain Routing) RFCs, and NetWare doesn't do it. Router aggregation (the name of the process) is on most really big routers but not down at the PC level at this time. In short, you are stuck with two class C networks. Joe D. ------------------------------ Date: Wed, 24 Apr 1996 11:20:05 WET From: Dik van Oeveren To: netw4-l@bgu.edu Subject: Re: Routing TCP/IP - HELP PLEASE >I have a 4.1 Netware Server with 3 NIC, forming 3 sub-nets. No problem >with IPX/SPX routing - it's automatic and works very well!! But I can't >make the same with TCP/IP. I assign 3 diferent IP addresses - one for >each sub-net card, start the IP foreward facility from Netwere, but it >doesn't work. How can I do "automatic TCP/IP routing" with Netware?? How do you want the IP network to be setup ? Are you going to use IP subnets or do you want to use three different IP nets ? When you want to use subnets first you must understand the way subnets work. Please read this explanation very thorough if you want to understand subnetting. When you use subnets you have one IP net let's say a Class C address: 192.9.200.000 where the first three bytes is your IP net number (192.9.200). When you want to separate this IP net into subnets you must use a subnet mask. With this mask you can set the number of subnets in your network. For example, if you want to create three subnets you can set the subnet mask to 255.255.255.192. Let's change the fourth byte to a binary code: 192 = 1 1 0 0 0 0 0 0 Now you can use the seventh and eighth bit as a subnet number and create four subnets. The first subnet has an address range from: 0 0 0 0 0 0 0 1 to 0 0 1 1 1 1 1 1 (1 to 63 decimal). The second subnet has the following range: 0 1 0 0 0 0 0 1 to 0 1 1 1 1 1 1 0 (65 to 127 decimal). The third subnet has the following range: 1 0 0 0 0 0 0 1 to 1 0 1 1 1 1 1 0 (129 to 191 decimal). The fourth subnet has the following range: 1 1 0 0 0 0 0 1 to 1 1 1 1 1 1 1 0 (193 to 254 decimal). The reason why address 64, 128, 192 and 255 can't be used is that these addressed are reserved for broadcasts on the related subnet. Let's give the subnet a logical name: Address 1-63 = SUB1 Address 65-127 = SUB2 Address 129-191 = SUB3 Address 193-254 = SUB4 So these are the four subnets when you use subnetmask 255.255.255.192 The Novell server should be configured this way: AUTOEXEC.NCF: LOAD TCPIP FORWARD=YES LOAD FRAME=ETHERNET_II NAME=SUB1 LOAD FRAME=ETHERNET_II NAME=SUB2 LOAD FRAME=ETHERNET_II NAME=SUB3 LOAD FRAME=ETHERNET_II NAME=SUB4 BIND IP TO SUB1 ADDR=192.9.200.63 MASK=255.255.255.192 BIND IP TO SUB2 ADDR=192.9.200.127 MASK=255.255.255.192 BIND IP TO SUB3 ADDR=192.9.200.191 MASK=255.255.255.192 BIND IP TO SUB4 ADDR=192.9.200.254 MASK=255.255.255.192 When you don't want to use subnets, then it is very simple on the server side. AUTOEXEC.NCF: LOAD TCPIP FORWARD=YES LOAD FRAME=ETHERNET_II NAME=NET1 LOAD FRAME=ETHERNET_II NAME=NET2 LOAD FRAME=ETHERNET_II NAME=NET3 LOAD FRAME=ETHERNET_II NAME=NET4 BIND IP TO NET1 ADDR=192.9.50.254 MASK=255.255.255.0 BIND IP TO NET2 ADDR=192.9.60.254 MASK=255.255.255.0 BIND IP TO NET3 ADDR=192.9.70.254 MASK=255.255.255.0 BIND IP TO NET4 ADDR=192.9.80.254 MASK=255.255.255.0 On the client side you have to put an extra entry in somekind of configuration file. In Lan Work Place this entry is located in the NET.CFG. This entry is called: ROUTER and you have to put the IP address of the adapter of the Novell server on which the client is attached directly via the LAN. For example, if your workstation is attached to NET1 you have to add: ROUTER = 192.9.200.254 in your NET.CFG. If you have another software package, check your documentation, every package has a different way of defining routers or DefaultGateways. Hope that this will help you configure your TCP/IP network. ------------------------------ [Floyd: filename may have changed, best ftp to ./internet/] ftp://ftp.coast.net/SimTel/win3/internet/subnet10.zip SUBNET v1.0 suggests appropriate masks based on the quantity of subnets and hosts per subnet; creates listing of subnets, directed broadcasts and host-ranges per the number of bits you tell it to use for subnetting (it will then tell you what the mask should be). Lists include both binary and decimal displays (good learning tool for those new to TCP/IP addressing). Lists can be saved to disk as ASCII text or can be added to a database file (MS Access). The Decimal<->Binary tool included in this version works under MS-Windows 3.xx. This ShareWare version is limited to Class C addresses. The Deluxe version supports Class A - C addressing, including Variable Length Subnet Mask and Management tool for IP addresses. Guy Michaud ------------------------------ Date: Thu, 17 Oct 1996 12:41:41 -0600 From: Joe Doupnik Subject: Re: IP Subnet addresses and Physical Network Segments >I have three phisical network segments, each with its own Class C IP >Subnet address, and each with its own NIC in my NetWare 4.1 server. >I'm using a subnet mask of 255.255.255.0 on everything. >Network usage suggests its time to add a 4th segment. I only have 3 >Class C IP Address blocks... How do I adjust my system to allow IP >Subnets to span multiple physical segments/NIC's? ---------- First thing is watch the terminology very carefully. Are your IP addresses a piece of a Class B or a set of Class C's? IP Class is defined by the value of the first octet, not by subnet masks; 192 and above starts Class C. Second, NetWare does not support supernetting (aggregating many Class C addresses into one lump block). Each wire must be a separate IP network. Third, please look at file subnets.txt in directory misc on netlab2.usu.edu for illustration and explanation of a similar situation. Joe D. ------------------------------ Date: Mon, 9 Feb 1998 09:48:57 -0700 From: Joe Doupnik Subject: Re: IP Subnetting >Just one thought....does the net mask have to consist of contiguous bits, >ie what would happen with a netmask of 255.255.255.15, ie >11111111.11111111.11111111.00001111 ? ------ In principle, no; in practice, yes. The netmask game requires all stations play by the same rules. See notation 129.123/16 with router folks, meaning network 129.123.0.0 with 16 bits of network (the left 16). That notation is becoming popular and software is written to understand it. Thus the network mask needs to be contiguous 1's and then trailing 0's. There is no advantage to creating multiple fields of 1's, at least none that I can imagine. Joe D. --------- Date: Mon, 9 Feb 1998 16:15:00 -0000 From: Robin Bowes Subject: Re: IP subnetting > Thanks for illustrating why folks are befuddled and confused, and >outright scared, of sub/supernetting: too many buzz words by far. Real code >is free of these embellishments and overtones; it is one line of C. I don't know about "one line of C", but it certainly helps me to think about IP {sub|super} netting in binary - it makes much more sense. Sure if you do C then Joe's line of C says it all but if not, try looking at the IP addresses and masks in binary. eg 255.255.240.0 = 11111111 11111111 11110000 00000000 ie it is a 20-bit mask, thus leaving 12 bits of address space. --------- Date: Mon, 9 Feb 1998 11:46:15 -0700 From: Joe Doupnik Subject: Re: IP subnetting >>Thanks for illustrating why folks are befuddled and confused, and >>outright scared, of sub/supernetting: too many buzz words by far. Real >>code is free of these embellishments and overtones; it is one line of C. > >I don't know about "one line of C", but it certainly helps me to think >about IP {sub|super} netting in binary - it makes much more sense. Sure >if you do C then Joe's line of C says it all but if not, try looking at >the IP addresses and masks in binary. eg > >255.255.240.0 = 11111111 11111111 11110000 00000000 > >ie it is a 20-bit mask, thus leaving 12 bits of address space. ----------- Without detracting from your points maybe I can sharpen up the technical words involved. It is a 32 bit mask. The address space is 32 bits. However, in your example 20 bits are used to identify networks and 12 bits to identify hosts on each network. We could also write such an IP address as 111.123.122.212/20 where the /20 means use twenty left hand bits as network and the remainder as host. Dotted decimal notation is clearly to help us humans read quickly. The actual address being manipulated is a 32 bit quantity, not an arithmetic value nor a text string and there is no notion of 8 bit bytes. Joe D. --------- Date: Tue, 10 Feb 1998 10:57:12 -0700 From: Joe Doupnik Subject: Re: IP Subnetting >The mask is defining how many bits are in the subnet, starting with the most >valuable bit first. So therefore the subnet of 15 is invalid, 128 would be >the first one. Being picky again here. Actually the mask does not say sub or super, it says network or host. It's a 32 bit mask and covers the entire IP address. I admit not understanding the reason for your introducing or the meaning of embellishment "most valuable bit first." That seems to be a meta-networking concept where valuable implies less valuable etc. All 32 bits are needed. A fundamental theme from me on this matter is avoid embellishment and adjectives, because the real decision is independent of them. The extra words often baffle people by adding alternatives without a basis: no new information, just conflicts with what we have. Once again, a netmask is the final decision making element, not the fancy words. Nevertheless, to keep older and newer boxes operating together the IETF created the concept of subnets and the rules about non-all 0/1's in Class network, subnet, and host fields. Think of this as a crutch to help poorly designed configuration code, primarily routers and name servers, but continued into ordinary code by inertia and non-reflection upon fundamentals. The final code which does the testing and decision making is free of these overtones and does that one line of C (totally ignorant of "Class", "sub", "super", bytes, dots, IETF et al). Joe D. ------------------------------ Date: Thu, 12 Feb 1998 09:59:31 +1000 From: Patrick Trevor Subject: Re: NetWare and Variable Length Subnets >Protocol: TCP/IP >NetWare v4.11 > >I am aware that NetWare does not support Supernetting. > >However, does NetWare support Variable Length Subnets (VLS)? > >The reason I ask is that we are defining the IP standards we will >use. Most of the remote sites will need less than 50 IP addresses, >yet some will require more (up to 254) and headquarters requires >even more. Shouldn't be a problem. We are using quite a number of different length masks here from 16 1's all the way to 30 1's (for serial lines). That said, all our wide area links are connected via Cisco and Bay routers. Some simple tests in your environment should confirm that it will work. --------- Date: Wed, 11 Feb 1998 21:59:36 -0600 From: Andrew Large Subject: Re: NetWare and Variable Length Subnets Yes Netware does support variable length subnet. It is called OSPF. If Netware was to use RIP II then variable length subnet mask might be possible. ------------------------------ Date: Tue, 17 Feb 1998 09:56:47 -0800 From: Randy Richardson Subject: Novell TID: TCP/IP Routing - Subnet Masking In light of the recent discussions and confusion over TCP/IP routing and subnet masking, the following URL may prove to be useful to many since it lists various masks and the associated ranges: http://support.novell.com/cgi-bin/search/tidfinder.cgi?2911147 This is highly recommended reading for those who are not so familiar with, or unclear about, the configuration aspects of TCP/IP. Note that patch TCPN04a.Exe supercedes TCPN03.Exe, which is listed in this document. ------------------------------