Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

IP Subnetting, Variable Subnetting, and CIDR (Supernetting)

  1. Who is this for?

    People who will be building networks.  If you're a manager you can go to sleep now; if you know this stuff already, take a pizza break; if you want to actually build networks some day and are not already comfortable working out appropriate sizes of subnets, please come to the front of the lecture hall - I have a few copies of this lesson but not enough for everyone in the room.

  2. Purpose of this lesson

    Some day you may be responsible for designing a network that connects several locations together with routers.  You'll have been given a certain number of IP addresses you can use, and you have to allocate them in chunks to each site without running out!

    The reason we are going to learn subnetting is simple: there are  not enough IP addresses free for you to give a whole Class C network to every site you manage.  Some upstream providers charge you for each Class C you allocate.  Others force you to justify your use of space in detail, showing that each network you allocated was fully populated.

    Before we go into details, there are two things you might be able to use which will avoid the need to learn any of this stuff:

    1. NAT - network address translation
      If it is available to you, NAT often lets you create any size of network you want, without worrying about how much IP space you have been  officially allocated.  I'm not going to explain what NAT is in detail, because it will be covered in someone else's lesson.  In short, it's a way to map large numbers of IPs on to a single IP (or to take a large sparse range such as a Class B and map each address that is actually used on to a small number of Class C's). NAT is worth taking the time to learn, because it can save you a whole lot of effort!
    2. Online tools to calculate subnets
      There are many web pages available that will calculate netmasks for given sizes of subnets.  These are useful as long as you understand the basics of what you're trying to do.  If you don't have 'the big picture', these tools won't help.  You can listen to this lecture to get 'the big picture' without getting distracted by the details, then use one of the online tools when you need actual numbers.
  3. IP address space in general - inference of Class A/B/C

    Before we start - a quick and very basic recap on IP addressing in general.
    Every machine on the net has an address.  Addresses are 32 bits. These 32 bits are split into two parts - a network number followed by a host address. The 'host address' part is for a number of machines on one physical network - say a bunch of machines connected with a hub or on a single thin ether wire.  The network number represents this group of hosts as a single unit, and routers need to know these network numbers to send data from one net to another.
    Just where the network/host split is made is arbitrary.  There's no real reason why should be part of a class A network and is part of a class C network - it just is.  The address space was split up as shown below, and any addresses in these ranges are deemed to be in the appropriate Class.  Why does this matter?  Well, some software will ask for an IP address but NOT a netmask - and it will infer a netmask from the address.  This is OK as long as you are staying within the class system, but if you are subnetting or supernetting, it can cause you a lot of trouble.

    There's actually very little difference between a Class C network, and a Class B network with a netmask applied.  (The only time they're different is if the network address is of the form X.X.0.X or X.X.255.X)

    Before you start designing your subnets, you should know what it is that you've been given.  Here are three ways of finding out what class your allocation is in.  Use whichever you find easiest.  

    • Class A addresses begin with 0xxx, or 1 to 126 decimal.  (127 is loopback)
    • Class B addresses begin with 10xx, or 128 to 191 decimal.
    • Class C addresses begin with 110x, or 192 to 223 decimal.
    • Class D addresses begin with 1110, or 224 to 239 decimal. (a.k.a multicast - you'll probably never see these)
    • Class E addresses begin with 1111, or 240 to 254 decimal. (or these)
    • If the first bit is 0 it is a Class A address
    • If the first two bits are 10 it is a Class B address
    • If the first three bits are 110 it is a Class C address
    • If the first four bits are 1110 it is a Class D multicast address
    • If the first four bits are 1111 it is a Class E experimental address

      First ByteClassNetwork Mask (explained later)
    In all the examples below we will assume we have been allocated a Class C network to work with: is actually a special type of Class C address - it's one that is reserved never to be allocated on the real Internet.  So we'll use it in our examples because if you do configure a network using these numbers, you won't mess anybody else up.  It's amazing the number of people who create internal networks using real IP addresses chosen at random.  If you ever connect one of these networks to the internet, you will not be to route because the space belongs to someone else.  If you disguise your addresses using NAT, you'll still not be able to access those parts of the net that legitimately use those addresses.

    Doing subnet calculations for Class A and Class B networks works just the same way as the Class C examples we are going to cover.  If you can do a Class C from first principles, you'll be able to do Class B's in your sleep.  Very few people here will get much opportunity to design Class A or Class B subnets, but you are quite likely to be asked to work on existing Class A or B networks, so it's still worth knowing.

  4. What is Broadcast?

    I assume you know what a broadcast address is - the necessity to handle broadcasts is actually what makes subnetting anything less than trivial: if you have a Class C network such as 192.168.1.* (with station addresses, etc), then a packet addressed to will be sent to *every* station on that network.  Later we'll discover that sending to is sort of something similar.  Or was once, anyway.

    In a Class C, the host part set to 255 means broadcast.  In a subnet, the subnet host part set to all ones means broadcast.  Eg in a /28, any addresses of the form N.N.N.XXXX1111 are broadcast addresses for their subnets only.

  5. Don't I need to know how to do binary arithmetic?

    Forgetaboutit.  If you can't do binary math in your head, just use the data in these tables below.  (On the other hand, if you can't do binary in your head by now, you probably shouldn't be looking at a career in networking.)

  6. Subnetting Class C - most typical example: /28  "all zeroes, all ones" excluded.  Mask is 11110000

    This table may be all you ever need to know, for many installations.  This is a typical example and possibly the most common one.  Because it is such a useful table, this is the only large one we will list in full.

    Network partSubnet.hostHost addressesBroadcast Address to - UNUSABLE - NETMASK ALL 0000's to to to to to to to to to to to to to to to - UNUSABLE - NETMASK ALL 1111's
  7. 0's/1's restriction on host part: let's take one subnet from the table above:

    Network partSubnet.hostHost addressesBroadcast Address to

    Now, let's look at the individual hosts within that subnet:

    Network partSubnet . Host partHost Address UNUSABLE - HOST PART IS ALL 0's UNUSABLE - HOST PART IS ALL 1's

    Although you may be familiar with the all ones broadcast addresses (typically x.x.x.255 for a Class C network) you may not realise that at some time in the past x.x.x.0 was also used as a broadcast address.  Although this seldom is done nowadays, for historical reasons we still obey this convention.  (The last machine I owned that actually used the .0 address for broadcast was a Sun from the late 1980's)

    Note what happens as the room for hosts gets smaller:

    This is the host table for a /30:
    Network partSubnet . Host partHost Address UNUSABLE - HOST PART IS ALL 0's UNUSABLE - HOST PART IS ALL 1's
    A /30 is particularly wasteful - 50% of the hosts are unusable.  Similarly, a /26 is pretty bad, because 50% of the nets are unusable.  a /28 is best because it lets you have (16 - 2) * (16 - 2) = 192 hosts.

    This would be the host table if a /31, if it existed:
    Network partSubnet . Host partHost Address UNUSABLE - HOST PART IS ALL 0's UNUSABLE - HOST PART IS ALL 1's

    What's wrong with this picture???  Well, you can't have a /31.  Here's why...

  8. We can have subnets of /26,/27,/28,/29,/30  - BUT NOT /25 or /31!

    This is a /30 (with sections removed for brevity):
    Mask is 11111100
    Network partSubnet.hostHost addressesBroadcast Address to - UNUSABLE - NETMASK ALL 000000's to to to to to - 244... .............................. ............. to to  - UNUSABLE - NETMASK ALL 111111's
  9. So why not a /25????

    Network partSubnet.hostHost addressesBroadcast Address to - UNUSABLE - NETMASK ALL 0's to  - UNUSABLE - NETMASK ALL 1's
    When the netmask is only one bit, it can't help but being all zeroes or all ones.

  10. And why not a /31?  
    Network partSubnet.hostHost addressesBroadcast Addresses (0's and 1's) to - UNUSABLE - NETMASK 000000's - UNUSABLE - NETMASK 000000's to - UNUSABLE - Broadcast 0's - UNUSABLE - Broadcast 1's - 250... .............................. .............
    ............. to - UNUSABLE - Broadcast 0's - UNUSABLE - Broadcast 1's to  UNUSABLE - NETMASK 111111's  UNUSABLE - NETMASK 111111's
  11. Variable subnetting example 1 (insert /30 into /28 from above)

    Well, in the /28 example above, we've shown that the first and last subnets are unusable, because the subnet mask is either all 0's or all 1's.  This is unfortunate because each of those subnets is losing 16 (-2) IP addresses each.

    Is there any way we can get back some of those addresses?  Well, yes - there is. If you look at the example of a /30 subnet, you'll see these entries:

    Network partSubnet.hostHost addressesBroadcast Address to - UNUSABLE - NETMASK ALL 000000's to to to - 252... .............................. .............

    Apart from the first one, these are all perfectly valid subnets, and if we were to configure machines using them, they will look just like normal addresses in a /30 subnet.  We can do exactly the same thing for the addresses.

    These small subnets - they only have 2 IP addresses that are usable - are actually just what you need when you are setting up a point to point link between different subnets (in different locations).  So by using the 'slop' at the end of the range, you can get your point to point links for free.

  12. Variable subnetting example 2 (insert /28 from above into /26)

    Here we have a different and possibly more useful example of variable subnetting. Let's say we have a central office with 50 workstations, one remote office with 10, and another remote office with 9 workstations.

    The following table tells you how many workstations and how many offices you can have for each size of subnet mask:   

    Bit Split

    Subnet Mask

    Block Size

    Max Useable Subnets
    (number of offices)

    # C IPs/Subnet
    (number of workstations)


    192 (/26)





    224 (/27)





    240 (/28)





    248 (/29)





    252 (/30)




    You see, with one office of size 50, we're forced with a simple subnet scheme to use a /26 (2 bits subnet, 6 bits host).  However, we have three offices, so this won't work.
    With offices of size 9 or 10 (which we round up to 16 - 2), we could use a /28 (16 - 2 subnets of 16 - 2 stations) - but then we couldn't fit in our 50 station office.

    Well, the solution is simple: Treat it as a /26, allocate the large office, then extract from a table of /28's enough smaller subnets to fit in the one remaining /26 slot.  Like this:

    Network partSubnet.hostHost addressesBroadcast Address to   UNUSABLE - NETMASK ALL 00's to  ALLOCATE THIS TO BE FURTHER SUBNETTED to  ALLOCATE THIS ONE TO THE 50-STATION OFFICE to  UNUSABLE - NETMASK ALL 11's
    (note: with a simple /26, you lose HALF of your potential IP addresses to the broadcast network addresses)

    And guess what ... if we look at the earlier table for a /28, you'll find exactly the section we need to extract and fit in here: 
    Network partSubnet.hostHost addressesBroadcast Address to to to to

    Now we simply put the two tables together, and we have a variable subnet solution for our three offices.  Plus some spares!

    and don't forget the trick of grabbing the end IP's for the point to point networks to link these offices together.

  13. Preference to finer resolution routes - don't need to fully enumerate

    Let's say you have variably subnetted a network, and of the 30 subnets available, 29 of them are in one office, but the 30th is in the other.  To route this properly you would issue 29 routing commands to one address and 1 to the other.  This is wasteful of router table space.  The thing to do is to issue ONE router command that covers all 30 subnets and send them to the one office, but issue a second router command which is MORE SPECIFIC to extract that one subnet from the block, and route it elsewhere.  More specific routes take precedence in most routers.  Occasionally you will find some brand of router which does require non-overlapping routes, and if this happens to you, just issue all 30 explicit commands.

  14. "Supernetting", aka CIDR (Classless InterDomain Routing)

    The world has a big problem with too many route table entries in the big backbone routers.  To solve that problem, people realised they could aggregate network routing commands, eg a network and a neighboring network could be represented by merging them like this:

    This would be fine, except we know the problems of subnetting and all-zeroes and all-ones masks.  The same problems would start showing up here.  The solution is simple: someone just issued an edict saying "forget everything you learned, we won't bother with those rules any more".  There's even a command to tell the routers themselves that they should ignore the rules - "ip classless"
    When you break the rules like this, and allow netmasks that end in all 0's or all 1's, it's called "CIDR" - Classless InterDomain Routing.

    That's really all you need to know about CIDR.  It's trivial, it's easy, and the details work just the same as subnetting but you merge up instead of splitting down.

  15. Calculators

    Once you understand subnetting as described above, you'll probably be able to do it in your head.  However sometimes you want to check your work, or are in a hurry, and if so, there are many web pages on the net which offer "subnet calculator"s.
    Just be warned - often they do not check for the special conditions such as all-one's subnets, and will let you do something stupid like ask for a /25 subnet.  The one referred to below does appear to make an effort at checking for this sort of thing, so it may be a good one to bookmark.
Version history
Revision #:
1 of 1
Last update:
‎10-25-2013 12:46 AM
Updated by:
Labels (1)