Subnetting

Table of Contents

1. In-Class Exercises
2. Subnetting in IPv6

This lab is actually run as a class-tutorial. Thus, when we come to do this tutorial, everyone should do it at the same time. In this tutorial, we shall learn about subnetting, mostly in IPv4, but we shall also cover IPv6, which is easier. IPv4 is a bit more challenging, largely because we have do deal with conversions between decimal and binary a lot, but the concepts are otherwise identical.

As part of this tutorial, you will be given a set of questions. These questions are very similar in style to what you would find in any networking examination, whether it be a professional certification (such as a Cisco CCNA), or for this paper. The content of this tutorial is vendor inspecific: everyone in the networking field needs to know this.

This tutorial and the following firewall lab will use the IPv4 addressing scheme you have developed in this tutorial. The (quite small) network we shall be addressing is shown in Figure 23, “Network Map for this Laboratory”.

Figure 23. Network Map for this Laboratory

Network Map for this Laboratory

The network that we shall be subnetting. You shall later use the addressing scheme when we implement this network in a the next lab.


The external network will be similar to the Internet, but several orders of magnitude smaller and not as complete. There is a single host on the external network, with a very different public IP address (as you would expect with a distant host on the Internet.) As we are modelling the Internet (and I use the term “model” very loosely here,) the hosts are not using RFC1918 private “non-routeable” addresses. Generally, you should never make up addresses in this way; I just want you to have some experience working with other address ranges and subnet sizes.

Speaking of subnet sizes, you will not be using the /24 addresses we have become accustomed to in this lab. To make it more interesting, the DMZ and internal networks will not use /24 (previously called “Class C” networks). Instead, we shall use CIDR (pronounced “cider”) addressing and use subnets.

F1, which is a router/firewall, will have a single public IP address (203.0.113.117), and the internal and DMZ networks will use two subnets, each appropriately sized, which you will split out from 10.18.2.0/24 yourself, which for the purposes of this exercise you must use sparingly.

You will only have one machine in your DMZ in this lab, but you should pretend that in the real network that you currently have 7 hosts in the DMZ, and you must allow for some growth. What is the smallest practical subnet size for the DMZ network? Don’t forget the very first address (subnet address) and very last address (broadcast address) are reserved, and the router will need an address for each subnet it has an interface on. For the internal network, consider your needs to be 100 hosts, which is considered a small business. As a point of comparison, a medium sized network would have about 500 hosts.

For the DMZ network, to make it a little more educational, do not use the first available subnet, but choose the second or third available subnet instead. [In an exam situation, you should be able to handle any subnet.] When you have designed your subnets, write them down, including the following information:

For your benefit, Figure 24, “Subnetting a /24” shows a chart to help you understand the relationship between prefix-length and address-space. Using this chart will help you check for overlapping allocations, and to visualise “holes” in the address-space. You should not, however, depend on it because it will be unavailable in the examination.

Figure 24. Subnetting a /24

Subnetting a /24

This chart shows the relationship between prefix-length and allocation size. You can use it for visualising your address space and checking your subnetting calculations.


In production networks, you generally need to have some tool to assist you in managing your address space. In many networks, one simple solution is to use a spreadsheet. A nicely designed spreadsheet can show you your address space very nicely. You can drill down to arbitrary levels of detail, even down to individual addresses. This sort of spreadsheet could be useful for adding things like DNS names, MAC addresses, and accounting data. However, for larger networks with more IT staff, this rapidly becomes unmanagable. One sample spreadsheet is available in the Lab Resources/Subnetting folder. It spans a few pages, so is not included in this text, but Figure 25, “1000-foot View of an Example Address Management Spreadsheet” shows a “1000-foot” view of it.

Figure 25. 1000-foot View of an Example Address Management Spreadsheet

1000-foot View of an Example Address Management Spreadsheet

1000-foot view of a example address management spreadsheet. The spreadsheet is very long, so it has been split into four pages. Each page covers a /26 exactly.

Note that a visual device has been included to help you see the size of various allocations. Colour is used to delineate different allocations; here there are two subnets shown, one for the LAN, and another for the DMZ. There is still ample empty space. Inside the LAN subnet, a particular allocation has been set aside for a dynamic DHCP range of addresses.


1. In-Class Exercises

Most of these questions were sourced from SubnettingQuestions.com, which is a very useful resource for practicing these skills; recommended for your exam study. The last question is another style of question you could expect in any subnetting examination.

1.1.

Which subnet does host 192.168.77.108/28 belong to?

1.2.

What valid host range is the IP address 172.21.71.219/20 a part of?

1.3.

What is the first valid host on the subnetwork that the node 172.16.139.35/26 belongs to?

1.4.

What is the broadcast address of the network 172.30.134.0/23?

1.5.

How many subnets and hosts can you get from the network 172.20.0.0/255.255.254.0?

Sometimes you need to know the class of an address, for example, to answer a question such as this one. The class of an address, and therefore its network mask, can be determined by the first few bits of the address, as shown below.

Class A  ≤127  0nnn nnnn  hhhh hhhh  hhhh hhhh  hhhh hhhh
Class B        10nn nnnn  nnnn nnnn  hhhh hhhh  hhhh hhhh
Class C  >192  110n nnnn  nnnn nnnn  nnnn nnnn  hhhh hhhh

1.6.

Given the following address allocations, create two further allocations, a /29 (“Test Network”) and a /27 (“Sensor Network”), such that fragmentation of the address space is minimised. The “Test Network” can be a subnet of the Engineering subnet.

172.16.20.0/24      Complete allocation
172.16.20.0/27      DMZ
172.16.20.64/26     Engineering
172.16.20.192/26    Main Office