Cisco inverse subnet masks
Posted by on 2015-02-20 15:52:16:
Leeched from http://www.cyberflunk.com/~nikm/cisco/masks.html (without permission)
The address/netmask syntax of 172.16.35.0/255.255.255.0 should be familiar to anyone with some experience with IP routing, and is fairly easy to figure out address ranges given a calculator and a piece of scrap paper.
There are other forms of addressing which are used interchangeably which start to get confusing even to experienced routing folks - occasionally people call me experienced and I have a little slip of paper next to my monitor with all the translations on it.
That same network may be addressed as 172.16.35.0/24 or even 172.16.35.0 0.0.0.255 in Cisco access-lists.
Let's take the address 172.16.35.42.
This address is represented as:
10101100 00010000 00100011 00101010 (172.16.35.42)
to the computer. Now for routing to work, the computer needs to know which addresses are local to the subnet (ie: it can send packets directly to that
computer) or if it needs to use a gateway ('router') to get there.
The netmask is used for this. The address and netmask are:
10101100 00010000 00100011 00101010 (172.16.35.42) 11111111 11111111 11111111 00000000 (255.255.255.0)
now say the computer is trying to get to the address 172.16.35.109 we use the AND logical function to see if the networks are the same:
10101100 00010000 00100011 00101010 (172.16.35.42 - my address) 11111111 11111111 11111111 00000000 (255.255.255.0 - my netmask) 10101100 00010000 00100011 00000000 (my address AND netmask = network) 10101100 00010000 00100011 01101101 (172.16.35.109 - remote address) 11111111 11111111 11111111 00000000 (255.255.255.0 - my netmask) 10101100 00010000 00100011 00000000 (remote address AND netmask = network)
See how these are both the same. This means that the source computer can simply send packets directly to the remote computer.
Let's look at a different example.
Say we wanted to go to 192.48.96.9.
Let's take a look at the numbers:
10101100 00010000 00100011 00101010 (172.16.35.42 - my address) 11111111 11111111 11111111 00000000 (255.255.255.0 - my netmask) 10101100 00010000 00100011 00000000 (my address AND netmask = network) 11000000 00110000 01100000 00001001 (192.48.96.9 - remote address) 11111111 11111111 11111111 00000000 (255.255.255.0 - my netmask) 11000000 00110000 01100000 00000000 (remote address AND netmask)
A quick comparison shows that these address/netmask comparisons are not the same hence a gateway must be used to get to this address.
The CIDR syntax is simply the number of ones in the netmask and the inverse netmask is just that, the inverse of the netmask.
Looking at 255.255.255.0 you see:
11111111 11111111 11111111 00000000 (255.255.255.0 netmask) -------- -------- -------- (there are 24 ones, hence this is a /24) 00000000 00000000 00000000 11111111 (0.0.0.255 inverse netmask)
This is one of the simpler cases, things get interesting when you move away from the classical Class A/B/C boundaries.
Below is a translation table of netmask to inverse to CIDR.
Netmask | Inverse | /CIDR | Usable | Size |
---|---|---|---|---|
0.0.0.0 | 255.255.255.255 | /0 | 4,294,967,294 | The Internet |
128.0.0.0 | 127.255.255.255 | /1 | 2,147,483,646 | 128 Class 'A's |
192.0.0.0 | 63.255.255.255 | /2 | 1,073,741,822 | 64 Class 'A's |
224.0.0.0 | 31.255.255.255 | /3 | 536,870,910 | 32 Class 'A's |
240.0.0.0 | 15.255.255.255 | /4 | 268,435,454 | 16 Class 'A's |
248.0.0.0 | 7.255.255.255 | /5 | 134,217,726 | 8 Class 'A's |
252.0.0.0 | 3.255.255.255 | /6 | 67,108,862 | 4 Class 'A's |
254.0.0.0 | 1.255.255.255 | /7 | 33,554,430 | 2 Class 'A's |
255.0.0.0 | 0.255.255.255 | /8 | 16,777,214 | 1 Class 'A' |
255.128.0.0 | 0.127.255.255 | /9 | 8,388,606 | 128 Class 'B's |
255.192.0.0 | 0.63.255.255 | /10 | 4,194,302 | 64 Class 'B's |
255.224.0.0 | 0.31.255.255 | /11 | 2,097,150 | 32 Class 'B's |
255.240.0.0 | 0.15.255.255 | /12 | 1,048,574 | 16 Class 'B's |
255.248.0.0 | 0.7.255.255 | /13 | 524,286 | 8 Class 'B's |
255.252.0.0 | 0.3.255.255 | /14 | 262,142 | 4 Class 'B's |
255.254.0.0 | 0.1.255.255 | /15 | 131,070 | 2 Class 'B's |
255.255.0.0 | 0.0.255.255 | /16 | 65,534 | 1 Class 'B' |
255.255.128.0 | 0.0.127.255 | /17 | 32,766 | 128 Class 'C's |
255.255.192.0 | 0.0.63.255 | /18 | 16,382 | 64 Class 'C's |
255.255.224.0 | 0.0.31.255 | /19 | 8,190 | 32 Class 'C's |
255.255.240.0 | 0.0.15.255 | /20 | 4,094 | 16 Class 'C's |
255.255.248.0 | 0.0.7.255 | /21 | 2,046 | 8 Class 'C's |
255.255.252.0 | 0.0.3.255 | /22 | 1,022 | 4 Class 'C's |
255.255.254.0 | 0.0.1.255 | /23 | 510 | 2 Class 'C's |
255.255.255.0 | 0.0.0.255 | /24 | 254 | 1 Class 'C' |
255.255.255.128 | 0.0.0.127 | /25 | 126 | 128 Hosts |
255.255.255.192 | 0.0.0.63 | /26 | 62 | 64 Hosts |
255.255.255.224 | 0.0.0.31 | /27 | 30 | 32 Hosts |
255.255.255.240 | 0.0.0.15 | /28 | 14 | 16 Hosts |
255.255.255.248 | 0.0.0.7 | /29 | 6 | 8 Hosts |
255.255.255.252 | 0.0.0.3 | /30 | 2 | 4 Hosts |
255.255.255.254 | 0.0.0.1 | /31 | 0 | 2 Hosts |
255.255.255.255 | 0.0.0.0 | /32 | 1 | 1 Host |
Tags: Networking , Cisco
Return to home page: Home