HSRP

 HSRP

Apply hot standby router protocol (HSRP)

How Does HSRP Work?

The general idea behind HSRP is rather simple: Configure multiple devices that all exist on the same subnet and are able to act as gateways to the hosts on the subnet. Basic redundancy can be configured by configuring some of the hosts to use one gateway and the other hosts to use another. However, in this situation, if either one of the gateways was to fail, then there are still a large number of hosts that would lose outside network access.

HSRP provides a solution to this problem by allowing two of the connected gateways to be configured to provide redundancy. HSRP does this by providing a virtual MAC and IP address that is shared between these two devices; the active device between the two of them will be responsible for the handling of traffic to the virtual IP address, while the standby device will monitor the active device for signs of failure. Should the active router fail, the standby router will take over the duties of handling traffic that is sent to the virtual IP address by both accepting traffic to the IP address and by taking over the virtual MAC address (using the Address Resolution Protocol (ARP)). Hosts that are configured on the subnet use the virtual IP address as their gateway IP address, and if there is a failure between the HSRP devices, the switchover requires no extra configuration on the host device.

The determination as to which HSRP device on a subnet is elected the active router (versus the standby router) is completed initially by referencing the configured HSRP priority (0 – 255). If configured, the device with the highest priority will become the active HSRP router, and the router with the second highest priority will become the standby router. If there are more than two devices, all other devices will monitor active and standby devices and wait until they are required when a failure occurs. If none of the HSRP devices are configured with a non-default priority (100), then HSRP will use the device with the highest configured IP address on the shared subnet.

HSRP also provides the ability to configure multiple HSRP groups on a single interface. There are a number of different reasons why multiple HSRP groups would work in this way, including the ability to offer further redundancy configurations and load balancing configuration options. The utilization of a single HSRP group between devices has one major disadvantage: One of the gateways always sits idle until the active device fails. This wastes the forwarding potential of this second device; to solve this problem, utilize multiple HSRP groups.

HSRP Versions

There are two versions of HSRP: version 1 and version 2. The difference between them in terms of general functionality is small, but there are several improvements that Cisco made when updating to version 2. Some of these improvements include:

• HSRP version 2 now advertises and learns millisecond timer values, improving the stability of HSRP.
• The total number of HSRP group numbers increases from 256 to 4096 (not necessarily to utilize this many groups on a single interface, but to match local VLAN numbers—on sub-interfaces—for easy troubleshooting and documentation).
• HSRP version 2 includes the addition of an identifier field (which contains the physical MAC address of the source) within the HSRP packet that allows the ability to easily track which device sent an HSRP packet (this is because the active HSRP router will send traffic using the virtual MAC address).
• HSRP version 2 changes the multicast address that is used for HSRP communication to avoid conflict with Cisco Group Management Protocol (CGMP).

Some other differences are not really improvements, per se. HSRP version 1 utilizes the MAC address range from 0000.0C07.AC00 through 0000.0C07.ACFF (00 = Group 0, FF = Group 255), while HSRP version 2 utilizes the MAC address range from 0000.0C9F.F000 through 0000.0C9F.FFFF (000 = Group 0, FFF = Group 4095). HSRP version 1 uses the multicast address 224.0.0.2, while HSRP version 2 uses the multicast address 224.0.0.102. HSRP version 1 and version 2 are not compatible and use different packet formats.

HSRP Preemption, Priority, and Object Tracking

By default, HSRP devices have preemption disabled. What this means is that if a device with a higher priority were to come up on an existing HSRP network, it would not automatically become the active HSRP device. It would only gain this role should both the active AND standby devices fail. If HSRP preemption is enabled, then the device with higher priority will assert itself when it comes online to become the active HSRP device. As covered briefly above, the default HSRP priority that is configured on interfaces is 100 with a valid range from 0 through 255 (higher being better).

Some other capabilities exist with HSRP that enable it to alter its behavior (which device is active and standby), should a separate tracked object alter its status. For example, if two HSRP devices were configured on a subnet and both had separate connections that connected them to the next level of connectivity (closer to the center of the network). If one of these connections went down, it would not be an optional condition for that device to become (or stay) the active HSRP router.

HSRP Configuration Process and Commands

A few basic commands are used to configure HSRP on a device (see Table 1). This section goes over the commands that are required, along with a sequence that can be used to configure them. The next section will go into some examples of how HSRP can be configured.

Table 1 - HSRP Configuration Commands

1	Enter privileged EXEC mode.	router>enable
2	Enter global configuration mode.	router#configure terminal
3	Enter interface configuration mode.	router(config)#interface interface
4	Configure an IP address on the interface.	router(config-if)#ip address address netmask
5	Configure an HSRP virtual IP address. Note: If the group-numberis not entered, then it will default to a group number of 0. The ip-address parameter is not required but does need to be entered on at least one HSRP device. The other devices are able to learn the virtual IP address from this device.	router(config-if)#standby [group-number] ip [ip-address]
6	Configure the HSRP priority (optional). Note: If the group-numberis not entered, then it will default to a group number of 0. The valid values for the priorityare from 0 through 255.	router(config-if)#standby [group-number] priority priority
7	Configure HSRP preemption (optional).	router(config-if)#standby [group-number] preempt
8	Associate a tracked object to the HSRP group (optional). Note: If the group-numberis not entered, then it will default to a group number of 0. By default, the decrement-value is 10; what this means is that the HSRP priority will go down by 10 if the object is not ‘up’. The shutdown parameter will disable the HSRP group if the tracked object goes down.	router(config-if)#standby [group-number] track object-number [decrement decrement-value][shutdown]
9	Create a tracked object (optional). Note: The object-numbercan be any number between 1 and 1000. The line-protocolparameter will track the protocol state of the configured interface. The ip routingparameter will track the IP routing capability of an interface (is it configured with an IP address and operational).	router(config)#track object-number interface interface {line-protocol | ip routing}

Implement router security

Secure router interfaces
let’s start by securing the router access interfaces. The interface we are most concerned about is the VTY line used for Telnet access across the network. I don’t recommend allowing Telnet access to the router from outside your local network unless it occurs via an encrypted session. You may find this a little limiting, especially if you’re getting support from an outside vendor. If so, you may want to grant limited access via the outside interface to only specific addresses. If you choose to do this, there are several tasks to be completed. The first thing you’ll want to do is restrict Telnet access. Then, you’ll want to assign a password to the VTY lines:
Inet-rtr (config)# access-list 1 permit 213.150.10.12
Inet-rtr (config)# line vty 0 4
Inet-rtr (config-line)# password 7 xxxxxx
Inet-rtr (config-line)# login
Inet-rtr (config-line)# access-class 1 in

Other ports to consider are the console and auxiliary ports. The console access is used for physically connecting to the router, and the auxiliary (AUX) port is generally used for modem access. You can secure these ports with passwords, or you can physically secure access to the router. Actually, doing both wouldn’t be a bad idea. You’ll also want to configure an enable secret password.

Securing the external interface
Since the external interface is considered the most vulnerable point of entry, we definitely want to restrict the traffic that can enter. We do this with access lists. In this case, we’ll be using extended access lists. There are several kinds of traffic we want to allow; everything else will be denied. This access list would be applied on the inbound of the outside interface:
access-list 101 deny  ip 172.16.222.0 0.0.0.255 any
access-list 101 deny  ip host 210.28.16.48 any

These two statements above are for antispoofing. They keep out packets that are masquerading with addresses from our internal network, as well as the outside interface address on our router.
access-list 101 permit tcp any any established
access-list 101 deny  ip 192.168.0.0 0.0.255.255 any
access-list 101 deny  ip 172.16.0.0 0.15.255.255 any
access-list 101 deny  ip 10.0.0.0 0.255.255.255 any

The statements above permit only packets that were initiated by internal sessions; they restrict packets from the reserved, private address space designated by RFC. You’ll also want to limit packets that appear to be coming from the localhost loopback address, broadcast addresses, and multicast addresses, as follows:
access-list 101 deny  ip 127.0.0.0 0.255.255.255 any
access-list 101 deny  ip 255.0.0.0 0.255.255.255 any
access-list 101 deny  ip 224.0.0.0 7.255.255.255 any

Then, there’s always the issue of ICMP traffic. It’s nice when users can ping sites outside your network and receive responses. There are other types of ICMP traffic that you may also want to allow.You’ll want to allow SMTP e-mail traffic, but only to internal e-mail servers.

Another kind of traffic you’ll want to allow through is DNS:
access-list 101 permit tcp any any eq domain
access-list 101 permit udp any any eq domain

I also recommend that you log all traffic that matches the restrictions in your access lists. You can do this by adding the log parameter to the end of your access list statements. This also requires a logging server to store the log files.

Turn off unnecessary services and features
It’s always a good idea to lower your exposure on an Internet boundary device, whether it’s a firewall, router, or other edge system. In an effort to do so, it’s recommended that you disable all unnecessary features. The following is a list of features to consider:
no cdp run
no service finger
no ip source-route
no ip directed-broadcast
service timestamps debug datetime
service timestamps log datetime
no service udp-small-servers
no service tcp-small-servers
no ip http server

First, we disable Cisco Discovery Protocol (CDP) on the external interface. It’s a great feature to use internally, but you don’t want to allow outside sources to access CDP information about your router or network. The reason for disabling finger is much the same. Source routing and directed broadcasts should always be disabled unless there is a specific need for these features. Configuring debug logging will allow you to track down router messages. The next statements pertain to minor services but are generally recommended for the disable list. The last statement will shut down the HTTP server facility on the router, which is always a good idea.

So here are some of the basic steps that I think you should consider when configuring a Cisco device facing an untrusted network, assuming you may need these protocols on the interior:

• Disable or block Telnet or SSH
• Use Cisco Login Block
• Disable or block SNMP

From the interior side of the device:

• Centralize log collection and monitoring
• Make sure your secret and username passwords are encrypted in your configuration
• Disable unused services
• Limit access with ACLs
• Use encrypted protocols like HTTPS and SSH

By NIYONGABO Olivier

Tel: +250722833804

E-mail: niyolivier90@gmail.com

Read more »

BROADBAND

BROADBAND

What is Broadband?

Share the knowledge!

Broadband Internet service truly is the most used form of Internet access because of its high access speeds; it is offered in four different forms, DSL (or Digital Subscriber Line), also fiber-optic, cable, and satellite. The old dial-up connection is the only non-broadband internet service available, and even though it is cheaper, most Internet users are moving towards the faster broadband Internet connection.

DSL

The DSL (or Digital Subscriber Line) internet service makes its connection by utilizing unused telephone wires that cause no interruption to your telephone service. The speed you experience with a DSL connection varies with your distance from the switching station. Your speed will be slower the further away you are and faster the closer you are to the switching station and this may be a deciding factor when you attempt to select between a DSL line and a cable connection.

Cable

The broadband cable connection is provided by the local cable TV provider. Here the cable Internet connection speed varies with the number of users on the service at a specific point in time. Given a specific geographical area, users of the broadband cable service share the connection bandwidth which slows the speed the more users are on the system. This will occur at the peak times for example late in the evenings after the work day is over when many people will be accessing the Internet. Somewhat misleadingly, often the cable company would estimate connection speeds that are based on the thinking that you are using the service. But that is clearly not the case.

Fiber-Optic

The newest broadband service is fiber-optic, which is the fastest Internet connection thus far. However, this type of Internet service is still in its infancy as its service areas are quite limited and because the laying down of the fiber-optic cable takes a while to complete. Wherever it is available, the cost not only competes with that of DSL and cable, but it provides a much faster connection than both of those services.

Satellite

The last and slowest broadband service is provided by satellite. Although this is a good replacement for dial-up for those people living in remote rural areas, the installation costs are quite high, but the ongoing monthly charges are competitive to both cable and DSL.

There are many advantages to the DSL and cable broadband service. It provides greater bandwidth than other Internet access forms, and that makes it easier for the computer user to multitask with several applications performing in the background while you surf the web. It is possible for you to surf the web while listening to audio.

The networking of computers in the home is made easier with a broadband connection, by either using wireless or wired modems.

The cost of broadband service is higher annually than the cheaper dial-up version by $100 to $500, but given the advantages and ease of a broadband connection, it is well worth the cost.

A broadband connection allows you to play many popular computer games that rely on a fast Internet connection.

Broadband connection, unlike the old dial-up internet connection, will not engage your phone line when in use. In fact, having a broadband connection makes it possible for you to obtain an Internet phone service so you will no longer need the traditional phone line at all.

Another great benefit of a broadband connection is that you are constantly connected to the Internet. You are quickly able to connect with your work's intranet and email in a matter of seconds.

Many people considering between these broadband Internet service options generally narrow the search to the most popular services which are DSL and cable. A good approach when researching your options would be to ask those in the area you are considering, which service they are using and how it is working for them.

Even though cable broadband Internet service offers a speedy internet connection, this fast speed will not be realized if the connection itself cannot be relied on. For example, the cable connection you receive depends on the shared bandwidth, the number of users on the system at any time, and the latency on the network.

The bandwidth is just one factor that determines the Internet connection's speed. It is a measure of the quantity of data that enters the network over a period of time, and is measured in bps, or bits per second. The greater the data flow, the better the network Internet connection. In broadband connections the supported data rates are generally 300 Kbps and higher, as opposed to the old dial-up maximum of 53Kbps.

Latency is another factor that affects the cable Internet connection's speed. Latency refers to delays incurred in the network data processing. A network is described as low latency if it experiences only small delay times, and high latency if it suffers with long delays. When the latency becomes excessive, data transmission causes a bottleneck that prevents addition data from coming through and this effectively reduces cable's Internet connection bandwidth. So even though the cable bandwidth of your Internet connection is set, its effectiveness can be reduced by bottlenecks of data and a high number of users on the system .

Again, with a broadband DSL connection, the connection speed of the Internet can be severely reduced by the distance a subscriber is located from the switching station. The further away the subscriber is from the switching station, the slower the Internet connection.

Once installed, a broadband connection is always on. The connection is maintained with the use of a cable or DSL modem. These connect the computer to the cable outlet on the wall, in the case of the cable internet connection; or the DSL modem to the phone line. Only when these connections become unplugged, will the Internet connection be lost.

Unlike the old dial-up service, you will not be dialing a specific phone number to gain access to the Internet. With a broadband service, access to the Internet is given by simply double clicking your Internet browser icon of choice (this is usually on your desktop - Internet Explorer, Firefox, Netscape etc.); your default web page will open and you can immediately start surfing the web. The whole process should take no more than about 10 to 15 seconds, depending on the computer's speed itself and baring any issues of slowness.

By NIYONGABO Olivier

Tel: +250722833804

E-mail: niyolivier90@gmail.com

Read more »

NETWORK PROTOCOLS

Network+ Protocol Suites: TCP/IP, IPX, NetBeui, AppleTalk

Network+ Protocol Suites: TCP-IP, IPX, NetBeui, AppleTalk

You are here: Home > Schools > Comptia > Network+ Certification > Wiki Home > Network+ Wiki

TCP/IP

• Uses Address Resolution Protocol (ARP), router sends ARP request broadcast, matching device (matching IP) sends their MAC address, router then stores this in ARP Cache.

• To Route: must have IP address of sender/receiver/next router

• Very flexible and interoperable (multiple Operating Systems)

• Domain Name Services (DNS): host names resolved from IP addresses

IPX/SPX

• Internetwork Packet Exchange/Sequenced Packet Exchange

• IPX handles routing/addressing, only change is IPX network address

• Routing Protocols: RIP and NLSP

• Microsoft's version called NWLink

• Only devices that have names are NetWare servers. (64 characters, not case sensitive, can't use "illegal" characters)

NetBEUI

• Uses NetBIOS names (up to 15 characters, must follow special character rules)

• Not a routable protocol

• Support BY: Windows 9x, NT, 2000, 2003, LAN Manager, OS/2

AppleTalk/AppleTalk over IP

• AppleTalk version 2.0 supports Ethernet

• AppleTalk Filing Protocol (AFP): provides interface between application and a file server.

• AppleShare is the Mac service offered to implement AFP service

• Services for Macintosh: makes multiclient support possible (as shared folder or Macintosh volume)

• Use 24-bit address, can support 254 nodes, 16-bit network number or range of 16-bit network numbers (called Extended AppleTalk network > 254 nodes) Node address assigned by computer automatically

• Routing by: Routing Table Maintenance Protocol (RTMP)

• Naming: Uses Name Binding Protocol (NBP), broadcast based

By NIYONGABO Olivier

Tel: +250722833804

E-mail: niyolivier90@gmail.com

Read more »

SUBNETING

SUBNETTING

- Subnetting Explained with Examples

This tutorial explains Subnetting in easy language with examples. This tutorial is divided in three sections. First section provides a basic overview of Subnetting tools. Second section explains Subnetting process in easy steps. Last section includes Subnetting examples for beginners.

Subnetting

Subnetting is a process of dividing large network into the smaller networks based on layer 3 IP address. Every computer in network has an IP address which represents its location in network. There are two versions of IP address; IPv4 and IPv6. This tutorial explains Subnetting in IPv4.

This tutorial is the second part of our article “Network Addressing Explained with Subnetting and VLSM”. You can read other parts of this article here.

Basic of Network Addressing

This tutorial is the first part of this article. It explains how computers find each other in network with basic terminology of network addressing.

VLSM Tutorial with Examples

This tutorial is the last part of this article. It explains VLSM in detail with examples including a unique six steps method of VLSM that will help you in learning VLSM rapidly.

IPv4

IP addresses are displayed in dotted decimal notation, and appear as four numbers separated by dots. Each number of an IP address is made from eight individual bits known as octet. Each octet can create number value from 0 to 255. An IP address would be 32 bits long in binary divided into the two components, network component and host component. Network component is used to identify the network that the packet is intend for, and host component is used to identify the individual host on network.

IP addresses are broken into the two components:

Network component :- Defines network segment of device.

Host component :- Defines the specific device on a particular network segment

IP Classes in decimal notation

Class A addresses range from 1-126

Class B addresses range from 128-191

Class C addresses range from 192-223

Class D addresses range from 224-239

Class E addresses range from 240-254

·         0 [Zero] is reserved and represents all IP addresses.

·         127 is a reserved address and is used for testing, like a loop back on an interface.

·         255 is a reserved address and is used for broadcasting purposes.

Subnet mask

Subnet mask is a 32 bits long address used to distinguish between network address and host address in IP address. Subnet mask is always used with IP address. Subnet mask has only one purpose, to identify which part of an IP address is network address and which part is host address.

For example how will we figure out network partition and host partition from IP address 192.168.1.10 ? Here we need subnet mask to get details about network address and host address.

·         In decimal notation subnet mask value 1 to 255 represent network address and value 0 [Zero] represent host address.

·         In binary notation subnet mask ON bit [ 1] represent network address while OFF bit[0] represent host address.

In decimal notation

IP address       192.168.1.10

Subnet mask      255.255.255.0

Network address is 192.168.1 and host address is 10.

In binary notation

IP address 11000000.10101000.00000001.00001010

Subnet mask 11111111.11111111.11111111.00000000

Network address is 11000000.10101000.00000001 and host address is 00001010

IP Class	Default Subnet	Network bits	Host bits	Total hosts	Valid hosts
A	255.0.0.0	First 8 bits	Last 24 bits	16, 777, 216	16, 777, 214
B	255.255.0.0	First 16 bits	Last 16 bits	65,536	65,534
C	255.255.255.0	First 24 bits	Last 8 bits	256	254

Network ID

First address of subnet is called network ID. This address is used to identify one segment or broadcast domain from all the other segments in the network.

Block Size

Block size is the size of subnet including network address, hosts addresses and broadcast address.

Broadcast ID

There are two types of broadcast, direct broadcast and full broadcast.

Direct broadcast or local broadcast is the last address of subnet and can be hear by all hosts in subnet.

Full broadcast is the last address of IP classes and can be hear by all IP hosts in network. Full broadcast address is 255.255.255.255

The main difference between direct broadcast and full broadcast is that routers will not propagate local broadcasts between segments, but they will propagate directed broadcasts.

Host Addresses

All address between the network address and the directed broadcast address is called host address for the subnet. You can assign host addresses to any IP devices such as PCs, servers, routers, and switches.

Subnetting

Subnetting is a process of breaking large network in small networks known as subnets. Subnetting happens when we extend default boundary of subnet mask. Basically we borrow host bits to create networks. Let's take a example

Being a network administrator you are asked to create two networks, each will host 30 systems.

Single class C IP range can fulfill this requirement, still you have to purchase 2 class C IP range, one for each network. Single class C range provides 256 total addresses and we need only 30 addresses, this will waste 226 addresses. These unused addresses would make additional route advertisements slowing down the network.

With subnetting you only need to purchase single range of class C. You can configure router to take first 26 bits instead of default 24 bits as network bits. In this case we would extend default boundary of subnet mask and borrow 2 host bits to create networks. By taking two bits from the host range and counting them as network bits, we can create two new subnets, and assign hosts them. As long as the two new network bits match in the address, they belong to the same network. You can change either of the two bits, and you would be in a new subnet.

Advantage of Subnetting

·         Subnetting breaks large network in smaller networks and smaller networks are easier to manage.

·         Subnetting reduces network traffic by removing collision and broadcast traffic, that overall improve performance.

·         Subnetting allows you to apply network security polices at the interconnection between subnets.

·         Subnetting allows you to save money by reducing requirement for IP range.

Subnetting math

Subnetting process involves binary math calculation. Computers communicate with each other's in binary language. To succeed in any kind of networking career, you might be fluent in binary math calculation. Subnetting needs two type of calculation, convert decimal to binary and convert binary to decimal.

Base position	27	26	25	24	23	22	21	20
Decimal value	128	64	32	16	8	4	2	1

Binary system works exactly same as decimal system, except the base number. Base number is 2 in binary system and 10 in decimal system. To calculate decimal equivalent value of a binary number, you have to replace base value 10 with 2. Binary numbers are displayed in columns and each position in binary system has double value than the position in right. From earlier section of this article you know that each number of an IP address is made from eight individual bits known as octet. So you should remember at least eight decimal equivalent value from binary position.

Convert decimal to binary

To convert a decimal number in binary we would use addition till number method. In this method we start adding from left to get target value. If after adding right position value, sum is lower than target number, keep adding, or if sum is greater than target number skip the position value. Only the value of on bit [1] will be added in sum. Off bit [0] has zero value. For example, convert decimal number 117 in binary.

Target decimal number 117

Move direction From Left ===========================> to Right

Base position	27	26	25	24	23	22	21	20
Decimal value	128	64	32	16	8	4	2	1
Bit status	0	1	1	1	0	1	0	1
Decimal value in addition	0	64	32	16	0	4	0	1

Binary value of 117 is 01110101.

Decimal calculation	Bit in binary
128 is greater than 117	off the bit
0+64 = 64 is less than 117	on the bit
0+64+32 = 96 is less than 117	on the bit
0+64+32+16 = 112 is less than 117	on the bit
0+64+32+16+8 = 120 is greater than 117	off the bit
0+64+32+16+0+4 = 116 is less than 117	on the bit
0+64+32+16+0+4+2 = 118 is greater than 117	off the bit
0+64+32+16+0+4+0+1 = 117 is equivalent to 117	on the bit

Convert binary in decimal

To convert a binary in decimal we will follow above method in reverse mode. We will find the decimal value of on binary bit position and add them. For example convert 10101010 binary number in decimal.

Target binary number 10101010

Move direction From Left ===========================> to Right

Base position	27	26	25	24	23	22	21	20
Decimal value	128	64	32	16	8	4	2	1
Bit status	1	0	1	0	1	0	1	0
Decimal value in addition	128	0	32	0	8	0	2	0

Decimal value of 10101010 is 170 [ 128+0+32+0+8+0+2+0 ]

Binary bit	Decimal value
1 On bit	128
0 Off bit	0
1 On bit	64
0 Off bit	0
1 On bit	32
0 Off bit	0
1 On bit	8
0 Off bit	0
1 On bit	2
0 Off bit	0

Review above method and do as much practice of following as you can.

·         Pick any number from 0 - 255 and convert it in binary.

·         Pick any combination from 00000000 - 11111111 and convert it in decimal.

Better you are with this conversion, the better you will do on the subnetting.

Combination provided by binary position

Now you know the process of converting binary in decimal and decimal in binary. Our next step is to figure out the combination provided by a binary position.

First bit provide two combination 0 or 1. If we take two bits than we have four combinations 00,01,10,11. IP address has 32 bits, so you should be able to find the number of combinations provided by each bit position until position number 32.

Number of bit[s]	Number of combinations	Number of bits	Number of combinations
1	2	17	131072
2	4	18	262144
3	8	19	524288
4	16	20	1048576
5	32	21	2097152
6	64	22	4194304
7	128	23	8388608
8	256	24	16777216
9	512	25	33554432
10	1024	26	67108864
11	2048	27	134217728
12	4096	28	268435456
13	8192	29	536870912
14	16384	30	1073741824
15	32768	31	2147483648
16	65536	32	4294967296

Default subnet mask

Class	Subnet Mask	Format
A	255.0.0.0	Network.Host.Host.Host
B	255.255.0.0	Network.Network.Host.Host
C	255.255.255.0	Network.Network.Network.Host

Key terms to remembers

·         A subnet is a smaller portion of large network treated as its own separate network. To create subnet we borrow bits from host portion and assign them as network bits. This mean more networks, fewer hosts.

·         If the network bits on two addresses do not match, then the two packets are intended for two separate networks.

·         On a 32 bits IP address at least eight bits must belong to the network portion and at least 2 bits must belong to the host portion.

·         Each IP address has a predefined IP class and that cannot be changed.

·         Each class has a predefined default subnet mask that tell us the octets, which are already part of the network portion, as well as how many bits we have available to work with.

·         Whatever network class is it, we cannot change those bits that are already assigned.

·         We cannot assign the network ID and the broadcast address to a host.

·         Regardless how many bits are left in the host field, network ID and the broadcast address must be reserved.

·         Subnet bits start at the left and go to the right, without skipping bits.

CIDR [ Classless Inter Domain Routing]

CIDR is a slash notation of subnet mask. CIDR tells us number of on bits in a network address.

·         Class A has default subnet mask 255.0.0.0. that means first octet of the subnet mask has all on bits. In slash notation it would be written as /8, means address has 8 bits on.

·         Class B has default subnet mask 255.255.0.0. that means first two octets of the subnet mask have all on bits. In slash notation it would be written as /16, means address has 16 bits on.

·         Class C has default subnet mask 255.255.255.0. that means first three octets of the subnet mask have all on bits. In slash notation it would be written as /24, means address has 24 bits on.

Method of subnetting

In subnetting we find the answer of following questions.

·         What is subnet mask for given address?

·         How many subnets does given subnet mask provide ?

·         What is block size for given subnet mask?

·         What are the valid subnets?

·         What are the total hosts?

·         How many valid hosts are available per subnet?

·         What is broadcast address of each subnet?

·         What is network address of each subnet?

To answer above questions we use following method of subnetting.

What is subnet mask for given address?

Subnetting take places when we extend the default subnet mask. We cannot perform subnetting with default subnet mask and every classes have default subnet mask. To figure out subnetted subnet mask ,we first need to write down the default subnet mask. Now find the host bits borrowed to create subnets and convert them in decimal. For example find the subnet mask of address 188.25.45.48/20 ? This address belong to class B and class B has default subnet mask 255.255.0.0[ /16 in CIDR ]. We borrowed 4 bits from hosts portion. As you know subnetting move from left to right and it cannot skip any network bit. So this subnet mask in binary would be 11111111. 11111111.11110000.00000000. First two octet have default value so its decimal value would be 255.255. We will convert third octet in decimal value. To convert a binary number in decimal we add its decimal equivalent value. In our example it would be 128+64+32+16+0+0+0+0 = 240. Our fourth octet has all bits off so its decimal value would be 0+0+0+0+0+0+0+0 =0. Our answer subnet mask would be 255.255.240.0

How many subnets does given subnet mask provide ?

To calculate the number of subnets provided by given subnet mask we use 2^N , where N = number of bits borrowed from host bits to create subnets. For example in 192.168.1.0/27, N is 3. By looking at address we can determined that this address is belong to class C and class C has default subnet mask 255.255.255.0 [/24 in CIDR]. In given address we borrowed 27 - 24 = 3 host bits to create subnets. Now 2³ = 8, so our answer is 8.

What is block size for subnet mask?

Block size or increment number is used to calculate the valid subnets. Once you figure out the block size, calculation of valid subnets become piece of cake. To figure out the block size, use this formula 256 - Subnet mask = block size. For example block size for subnet mask 255.255.255.240 is 256 - 240 = 16.

What are the valid subnets?

Calculating valid subnet is two steps process. First calculate total subnet by using formula 2^N. In second step find the block size and count from zero in block until you reach the subnet mask value. For example calculate the valid subnets for 192.168.1.0/26.

Borrowed host bits are 2 [26-24].
Total subnets are 2

² = 4.Subnet mask would be 255.255.255.192.
Block size would be 256-192 = 64.
Start counting from zero at blocks of 64, so our valid subnets would be 0,64,128,192.

What are the total hosts?

Total hosts are the hosts available per subnet. To calculate total hosts  use formula 2^H = Total hosts. H is the number of host bits. For example in address 192.168.1.0/26 we have 32 - 26 [Total bits in IP address - Bits consumed by network address] = 6. Total hosts per subnet would be 2⁶ = 64.

How many valid hosts are available per subnet?

Valid hosts are the number of hosts those can be assigned to devices. As we know, we need to reduce two address per subnet, one for network ID and another for broadcast ID. So our formula, to calculate valid hosts would be Total hosts - 2 = Valid hosts. In above example we have 64 hosts per subnet, so valid hosts in each subnet would be 64 - 2 = 62.

What is broadcast address of each subnet?

Broadcast address is the last address of subnet. This address is reserve for network broadcast, and cannot be assigned to any host. In above example

0 Subnet has broadcast address 63
64 Subnet has broadcast address 127
128 Subnet has broadcast address 191
192 Subnet has broadcast address 255

What is the network address of each subnet?

Network address is the first address of subnet. This address is used to locate the network, and cannot be assigned to any host. In above example address 0,64,128,192 are the network address.

·         Network address is always the first IP address of subnet.

·         Broadcast address is always the last IP address of subnet ( IP address before the next subnet).

·         Valid hosts are the IP addresses between network address and broadcast address.

At this point you have powered with all essential tools for subnetting. In last section of this article we will practically implement what we have learn so far. Due to length of this article I will include examples only from class C.

Class C Subnetting

Default subnet mask of class C is 255.255.255.0. CIDR notation of class C is /24, which means 24 bits from IP address are already consumed by network portion and we have 8 host bits to work with. We cannot skip network bit, when we turned them on. Subnetting moves from left to right. So Class C subnet masks can only be the following:

CIDR	Decimal	Binary
/25	128	10000000
/26	192	11000000
/27	224	11100000
/28	240	11110000
/29	248	11111000
/30	252	11111100

As we have already discussed earlier in this article that we have to have at least 2 host bits for assigning IP addresses to hosts, that means we can't use /31 and /32 for subnetting.

/25

CIDR /25 has subnet mask 255.255.255.128 and 128 is 10000000 in binary. We used one host bit in network address.

N = 1 [Number of host bit used in network]
H = 7 [Remaining host bits]
Total subnets ( 2

^N ) :- 2¹ = 2Block size (256 - subnet mask) :- 256 - 128 = 128
Valid subnets ( Count blocks from 0) :- 0,128
Total hosts (2
^H) :- 2⁷ = 128Valid hosts per subnet ( Total host - 2 ) :- 128 - 2 = 126

Subnets	Subnet 1	Subnet 2
Network ID	0	128
First host	1	129
Last host	126	254
Broadcast ID	127	255

/26

CIDR /26 has subnet mask 255.255.255.192 and 192 is 11000000 in binary. We used two host bits in network address.

N = 2
H = 6
Total subnets ( 2

^N ) :- 2² = 4Block size (256 - subnet mask) :- 256 - 192 = 64
Valid subnets ( Count blocks from 0) :- 0,64,128,192
Total hosts (2
^H) :- 2⁶ = 64Valid hosts per subnet ( Total host - 2 ) :- 64 - 2 = 62

Subnets	Subnet 1	Subnet 2	Subnet 3	Subnet 4
Network ID	0	64	128	192
First host	1	65	129	193
Last host	62	126	190	254
Broadcast ID	63	127	191	255

/27

CIDR /27 has subnet mask 255.255.255.224 and 224 is 11100000 in binary. We used three host bits in network address.

N = 3
H = 5
Total subnets ( 2

^N ) :- 2³ = 8Block size (256 - subnet mask) :- 256 - 224 = 32
Valid subnets ( Count blocks from 0) :- 0, 32, 64, 96, 128, 160, 192, 224
Total hosts (2
^H) :- 2⁵ = 32Valid hosts per subnet ( Total host - 2 ) :- 32 - 2 = 30

Subnets	Sub 1	Sub 2	Sub 3	Sub 4	Sub 5	Sub 6	Sub 7	Sub 8
Network ID	0	32	64	96	128	160	192	224
First host	1	33	65	97	129	161	193	225
Last host	30	62	94	126	158	190	222	254
Broadcast ID	31	63	95	127	159	191	223	255

Sub = Subnet

/28

CIDR /28 has subnet mask 255.255.255.240 and 240 is 11110000 in binary. We used four host bits in network address.

N = 4
H = 4
Total subnets ( 2

^N ) :- 2⁴ = 16Block size (256 - subnet mask) :- 256 - 240 = 16
Valid subnets ( Count blocks from 0) :-0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240
Total hosts (2
^H) :- 2⁴ = 16Valid hosts per subnet ( Total host - 2 ) :- 16 - 2 = 14

I hope you have understand the pattern of making the subnet chart with above information's. Let's join me in this practice. For this example and next two examples I will fill only two subnets [first and last one], it's your turn to fill the middle subnets.

Subnets	Subnet 1	Subnet 2 To Subnet 15(Filled by you)	Subnet 16
Network ID	0	........................................	240
First host	1	........................................	241
Last host	14	........................................	254
Broadcast ID	15	......................................	255

/29

CIDR /29 has subnet mask 255.255.255.248 and 248 is 11111000 in binary. We used five host bits in network address.

N = 5
H = 3
Total subnets ( 2

^N ) :- 2⁵ = 32Block size (256 - subnet mask) :- 256 - 248 = 8
Valid subnets ( Count blocks from 0) :-
0, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248
Total hosts (2
^H) :- 2³ = 8Valid hosts per subnet ( Total host - 2 ) :- 8 - 2 = 6

Subnets	Subnet 1	Subnet 2 To Subnet 31(Filled by you)	Subnet 32
Network ID	0	..........................................	248
First host	1	..........................................	249
Last host	6	..........................................	254
Broadcast ID	7	.........................................	255

/30

CIDR /30 has subnet mask 255.255.255.252 and 252 is 11111100 in binary. We used six host bits in network address.

N = 6
H = 2
Total subnets ( 2

^N ) :- 2⁶ = 64Block size (256 - subnet mask) :- 256 - 252 = 4
Valid subnets ( Count blocks from 0) :-
0, 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 148, 152, 156, 160, 164, 168, 172, 176, 180, 184, 188, 192, 196, 200, 204, 208, 212, 216, 220, 224, 228, 232, 236, 240,2 44, 248, 252
Total hosts (2
^H) :- 2² = 4Valid hosts per subnet ( Total host - 2 ) :- 4 - 2 = 2

Subnets	Subnet 1	Subnet 2 To Subnet 63 (Filled by you)	Subnet 64
Network ID	0	..........................................	252
First host	1	..........................................	253
Last host	2	..........................................	254
Broadcast ID	3	.........................................	255

At the end of this long article I have a small word for you, that is practice. Believe me in exam you are going to face many questions related to subnetting. More practice will make you more comfortable in exam.

By NIYONGABO Olivier

Tel: +250722833804

E-mail: niyolivier90@gmail.com

Read more »