Friday, 31 January 2014

Subnet calculation


http://forum.parallels.com/showthread.php?70762-Plesk-Firewall-amp-IP-Range


You want to use the bitmask at the end, heres a quick cheat sheet:

11.11.11.11/32 <- just the host 11.11.11.11

11.11.11.0/24 <- the whole 11.11.11.0 network (254 ips)

11.11.0.0/16 <- the 11.11.0.0 network (64k ips)


11.0.0.0/8 <- the 11.0.0.0 network (16million ips)

Ahh taking out germany huh. So netmasks can be kind of daunting if you don't understand the guts of tcp/ip. Short version, the bitmask is a binary representation of a network block.

So what that means is that in binary this:

255.255.255.0

looks like
11111111.11111111.11111111.00000000

and if you add all those 1's up you get:

24

It helps if you can do math in binary. Which is probably one of the least useful skills a person can have. Its actually my 2nd least useful skill, my first is I can also read heiroglyphics. But I digress, the answer for your firewall netblocks question is you need 2 networks:

89.145.16.0/20 (89.145.16.1 - 89.145.31.254)
89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

This is because TCP/IP is base 8, dividing each section of an IP address into an octet. We're dealing with subdividing a 16 bit network (2nd position), so we start all calculations from there. Cheat sheet:

bits 0 = 256
bits 1 = 128
bits 2 = 64
bits 3 = 32
bits 4 = 16
bits 5 = 8
bits 6 = 4
bits 7 = 2
bits 8 = 1



Forget about networks for a moment, and just do the math using into the largest group that fits into the above, in your case 89.145.16.0 - 89.145.64.0 is a total of 48 networks. So you need a block of 16 (4 bits) and a block of 32(3 bits) to get (16 + 32) 48. We're chopping up a class B (16 bit) network into smaller pieces so we start our math problem at 16. Using the network 89.145.16.0 as a jumping point, if we add 16 networks (or 4 bits) to our class B (16 bits) we get 16 + 4 = 20:
89.145.16.0/20 (89.145.16.1 - 89.145.31.254)

If you started at 89.145.32.0/20, you would be covering the network space from: 89.145.32.1 - 89.145.47.254


Another way to look at it is a 4 bit netmask breaks the network up into 16 pieces:
0-15
16-31
32-47
48-63
64-79
80-95
96-111
112-127
128-143
144-159
160-175
176-191
192-207
208-223
224-239
240-255



For the 2nd net block, I start at the IP 89.145.32.0, and add 32 networks to it. Again since we're playing in Class B (16 bit) network space, we start at 16, and add 3 bits (32 networks) to it: 16 + 3 = 19:
89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

a 3 bit netmask breaks the network up into 8 pieces:
0-31
32-63
64-95
96-127
128-159
160-191
192-223
224-255

Confused yet? Oh and for your first question, while you can use .0 or .255 as IP addresses, it's not a good idea to use the starting or ending IP's for a netblock. This is because they are used for either defining the network (IE, 10.10.10.0/24 uses 10.10.10.0 to define the network) or for broadcasts on the network (10.10.10.255 is the broadcast IP).

No comments:

Post a Comment