Subnet Masking

First off, what good is it? Well, let's say you've got a network that consists of two parts: you've got some computers on ethernet and some on token ring. Your boss says "I want everyone on the internet" and you've got a class c license to work with. It used to be that you would create a subnet so that your router would pass traffic (packets of data) towards their correct destination which helps ease your data traffic woes. (Nowadays, you create a virtual private network.. err, I'll talk about that later. For now, let's pretend that isn't a option.) That's what subnetting gets you: a way to tell your router that you've got different segments on your network so it can properly route traffic. So what does a subnet mask look like? Ooo, back to "fun with binary"..

Starting from the right and working towards the left, take 2 and raise it to an increasing power. First column is two to the zero power (which equals 1), next is two to the first power (2), on and on until you have 8 columns.

128 64 32 16 8 4 2 1

A subnet mask uses some of the first digits of your binary number as a way to tell the router which network segment this data packet should be routed to. Those digits are called the "subnet id". The rest of the digits are called the "host id". One other thing you have to keep in mind: a host id of all zero's or all one's is a special situation: You can't use those. The "all ones" is a broadcast. It's a way to tell all network devices "HEY! Listen up" without having to address each one individually. "All zeros" is the same idea, but on a smaller scale ("Hey everybody on my segment of the network!"). The same restriction applies to a subnet id of all zero's or all one's. Thus, you can't use a subnet mask of 128 (1000 0000) and split your network in half. Now, I haven't figured out _why_ you can't have a subnet id of all zeros or all ones (my book says to refer to RFC 905 but my brain cramps when I read those so if some kind person would explain that to me in words of two syllables or less, I would be grateful). Meanwhile, back to subnetting..

Okay, so I've got these two segments and I can't use a subnet mask of 128. I could use xx00 0000. My subnet mask would be 192 (128 + 64). That leaves 6 digits for the host id. Cool! Lot's of room.. But, uh oh.. you can't use a host id of all zeros or all ones. Thus 63 (0011 1111), 127 (0111 1111), 191 (1011 1111) and 255 (1111 1111) are out. ..oof.. feeling kinda cramped.. Worse, you can't use any of the hosts that happen to fall in the all zeros subnet id (ie., 0 to 63) nor those that happen to fall in the all ones subnet id (193 to 255). Hey! Wait a minute, you say. Why am I doing subnetting again? To ease your traffic woes. Well, geez, with all those addresses that I can't use, no wonder I haven't got any traffic problems!

That's why the idea of "virtual private networks" is catching on. This is a cool idea because you don't have to give a real IP address to anything on the inside of your network. You can, instead, pretend that you have a class A license (use 10.x.x.x, which was set aside just for this idea) and that gives your network plenty of room. Additionally, because you have a device somewhere that translates real-external IP to fake-internal IP and usually that device is a firewall, it's harder for hackers to get to individual pc's on your network.

(Except.. when some sh*thead newbie admin [who, _of course_, knows more than _you_ do even though you constantly have to correct them in spite their obvious lack of experience or knowledge] decides to put PC Anywhere on their frigging pc at work. To do this, they tell the people who installed the firewall to punch a hole in the firewall [ie, open a particular port] thus a lazy dumbf*ck admin can administrate the network while sitting on his fat ass at home. Not that I know of a place like that.. buuuut.. gee, I was just wondering, does anybody happen to know what port PC Anywhere uses? muahahaha!)

PC Chick

Comments? Questions? Bugs? Email:John Holstein

Return to the Help Desk