Good afternoon all! This has been a blog post about 3+ years in the making. Allow me to digress and give you some context. Prior to joining the ranks at the “mother ship” (A.k.a. Microsoft), in my previous life I was an MCT (Microsoft certified trainer). In that prior role I was teaching all kinds of classes. Everything from A+, Net+ (Comptia) to Microsoft Official Curriculum classes on topics ranging from Windows client, server, Exchange, IIS, etc.. Now through this process I developed a ** shortcut** method for a way to teach subnetting. Way back in the day I sat through a 5 day CCNA class. Now I think the day we covered it, we spent a good

**SIX HOURS**on subnetting. Being a bit of a numbers guy I picked it up quickly. I had wondered why others were struggling with it. Don’t get me wrong I know people all learn via different methods and I don’t judge, but I knew there had to be a better way. Immediately I started to notice patterns in the math. This kind of felt like a Charlie Epps moment from the now defunct TV show Numb3rs. The following post and content came from that epiphany. It was very well received by the students I delivered it to and even re-taught it to some of the other MCT’s I worked with and they kept just saying, “Wow, I didn’t think it could be delivered just that simple”.

Alright, if all goes well you can get through this fast and via some self-practice be able to subnet in your head. After using it for some time there is a SMALL bit you should commit to memory and then you’ll be able look at an /## or .XXX value subnet mask and know immediately how many networks, how many useable hosts and maybe even the ranges for each network that are created. At least that is the end goal.

## Basics

Alright before we run, let’s make sure we can all walk. Any network communication usually is dependent on the client having some basic settings configured.

**IP address –** Think of this like the address of your house. 123 Maple Ave. There may be many houses on Maple ave., but YOU specifically are at 123 Maple. Usually an IPv4 address (all we’ll cover here) in ###.###.###.### type of format. Each block of numbers (octet) is the decimal equivalent of a 8bit base-2 value. So that means if we have four octets, we have a 32-bit IP address. How did we get a numerical digit out of a bit/byte value? Each base2 bit (1 or 0) has a positional value. I.E. 129 would equal 10000001. Each of the positions of the 1’s and 0’s represent a value. They go as follows; I’ll put the same bits we talked about below them to help illustrate

128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | =255 |

1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | =129 |

See any patterns here? numbers increasing or decreasing by a multiplier of 2 (base2 remember?) so everything we’ll deal with when subnetting will either double or halve in our calculations. One thing you may note above is the value of 255. We technically count all 0’s and that value would be 0 as well, thus a total range of 0-255 = total of 256 since were counting the 0. The value 256 will be a running theme. I like to call it the “Magic Number”

Let’s do one more together

128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | |

1 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | =165 |

If we add all the bit positional values together that has the value of 1 ( 128 + 32+ 4+1 =165 )Great, now we understand where the numbers and the ranges come from.

**Subnet mask – **this is what defines boundaries, or in our street / address analogy, which houses are on what streets. Is the house with address 210 Main street on the same street as my house? Nope! But a street address of 48 Maple street is. So it’s near me.

**Default gateway – **If the endpoint address *isn’t* on my street, which intersection do I go through first to get off of the street I live on. There is a traffic cop at the gateway to help onto the next step (routers / switches). If I have to leave my street or block, where is the first place to go to get to my eventual endpoint?

## Why do we even need to subnet?

Alright, networks can be large. The A-typical network is what is best described as a class C network and you probably use one at home. My home network uses a 192.168.1.x address with a mask of 255.255.255.0 (Class C subnet mask). This means that my one network could have IP addresses from 192.168.1.0 – 192.168.1.255. That is a lot of IP’s! my home network isn’t that large and I can’t use 256 (we count the 0) IP’s anyway. Now this is what those in the know call wasteful addressing. So we will use a subnet mask to take this one large network and chop it up into equal smaller sections. Similar to taking our one long street and adding stop signs in the middle of it making equally sized “blocks”. In IP terms we’ve created IP ranges that makes up our smaller subnets.

## Purpose of the mask

We stated above it shows us boundaries. If you look at an address of a neighbor you can tell if they’re on your same street right? how? via a comparing of your address to theirs. This same process of comparing the source and destination in IP speak is called “ANDing”. It’s the comparison of your IP to the destination IP address. This post won’t cover how you turned www.bing.com into an IP address, that is what DNS (Domain Name Resolution) is for and it’s out of scope. Now what if your street does have blocks? are you on still on Maple , but 3 blocks away? Then that address isn’t *local* to you. You would have to go through an intersection. So how *much *of the address do we compare? That is what the mask tells us.

Do we compare the following like this…?

123 Maple St.

100 Maple St.

They look similar right? That’s because we ANDed the addresses and you saw similarities until you got to the number right? ANDing with IP’s is similar. IP ANDing is performed from right to left. Let’s look at a class C subnet mask of 255.255.255.0. This tells us that the first 24 of the 32 bit addresses are all 1’s! How did I get that? Using the value tables above, eight 1’s in a single octet = 255. So three of those tells us the first 24 bits are all 1’s. That is the mask. let’s see it in a table

192 | 168 | 10 | 100 | |

255 | 255 | 255 | 0 | |

yes | yes | yes | no | Masked? |

So this above shows us that if the first 3 numbers match, the target address is considered local to the source. Similar how we compared the street address from before, albeit from the other direction.

So this boundary we’re creating is also dividing the address. The left half up to the end of the mask is considered the Network portion of the IP address. The previous example shows us the network ID is 192.168.10.0. The remaining 8 bits are considered the Host portion of the IP address. That is what makes it unique on the 192.168.10.x network. Similar to how our street address number shows where we are in the street, the host portion shows where on the network we are.

Now when we adjust the mask to make more smaller networks, we increase the number of bits used for the network portion of the address and automatically then *reduce* the host portion of the IP. So since everything is even chunks, if we take one network of 256 IP’s and chop it in half to make two, we get *half* as many IP’s per network. Here is the doubling and halving we mentioned earlier.

## Let’s get chopping!

This is normally where other subnetting systems become overly complex with large matrices that map out the doubling and halving we’ve learned to this point. I found a nice pattern that is easy to remember since it uses the same patterns. Let’s look at it. It will be our ongoing reference, “the Solarz Slide Rule”

# of IP’s | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |

# of Networks | 2 | 4 | 8 | 16 | 32 | 64 | 128 | 256 |

Notice any patterns there? Doubling and halving. Notice the values? They should look familiar, they map to the values for bit placement in an octet! Now this mini table makes a few assumptions. I like to think of these as the “rules”

- We are subnetting in the 4th octet. We are taking a single class C network (192.168.1.x) and making more smaller networks.
- The defacto standard 255.255.255.0 address is (as we learned before, you were paying attention right?) using the first 24 bits for the mask. This is also represented as /24 mask. So a 255.255.255.0 mask is the exact same thing as /24. Just whether were calling out the numeric value of the bits or the bit count, it’s the same thing
- using the above rule, the first column in the slide rule is the 25th bit, the second the 26th, and so on.
- EVERY network uses the first network for the network ID, and the last IP for the broadcast address. So a standard Class C network of 192.168.1.x, it’s ID IP is 192.168.1.0 and it’s broadcast IP (The one everyone listens too) is 192.168.1.255. Taking this logic forward, every network you make will take the number of IP’s per networks and take two away. [# of IP’s – 2]

Let’s get to using it! Scenario 1…

I the network manager task you with taking your class C subnet (10.10.2.x/24) network and make 4 smaller networks. So we need to solve for a few items..

- What is the numeric subnet mask? 255.255.255.?
- how many networks are made?
- How many
IP’s are there per network.*USABLE*

As long as we know ONE of these three, we can solve for the other two using the slide rule. So our scenario is asking for 4 networks. Let’s plug this in..

So we take 2 bits from the 8 in the slide rule. We always use the values to the left of where we split the slide rule. This takes us from 1 network of 256 IP’s to four networks of 64 IP’s each. Unsure if it’s right? multiply one by the other. What do the equal? the magic # of 256! so if we started with a 24 bit mask, we now have a 26 bit mask. So 26 bits now are for the network portion of the address, and the remaining 6 are the host portion of the address. So using the slide rule we solved for item #2. Just like the request, we have 4 networks. Per the slide rule that gives us 64 IP’s in each new smaller network. Now recall the last rule, we lose the first and last IP for network ID and broadcast address. So that now gives us the answer for #3. There are 62 **usable** IP’s in the 4 networks. Now it’s been pretty clear thus far. This is the part where everyone gets a bit lost. How do we solve for #1? How do we derive the numerical mask? Well we continue to use the slide rule and the magic number. Let’s take the **TOTAL** IP’s per network and subtract it from the magic number of 256.

256-64 = 192

So to solve for #1, our subnet mask is 255.255.255.192.

so to recap, we made 4 networks which each had 64 total IP’s (62 useable by PC’s or devices) and the mask created is 255.255.255.192.

Let’s reverse engineer this. Scenario #2….

I the IT director tell you to break up the internal private network 172.26.15.0/24 and break it up with a 255.255.255.240 mask. How many Networks and usable IP’s does this give us?

So again we have the three questions, but we already know one of the answers..

- What is the numeric subnet mask? 255.255.255.240
- how many networks are made?
- How many
IP’s are there per network.*USABLE*

So if we KNOW the mask, how do we go backwards through the slide rule? Let’s flip the script. If we got the previous one by subtracting a value from the magic number of 256, why can’t we just solve for the other missing variables since that is a constant?

Previously we used 256-64 = 192. This can be translated as X-Y=Z. If we know X (256) and Z(240) then we have this… [256-Y=240]. Basic math skills intervene and we know we have 16 IP’s / network. We plug this in the slide rule and we see this..

so using the same logic, we get 16 networks of 16 IP’s each (14 usable). Now looks like were taking 4 bits from the octet to give to the network side of the IP. This means we went from a /24 subnet mask to a /28.

Clear as mud right?