Partial IPv4 range masking

I’ve read several online resources, and though I think I’ve made a good beginning at understanding, I have trouble getting further. I am assuming a basic prerequisite hasn’t “clicked” yet.

  • two versions of protocol, IPv4 and IPv6
  • (IPv6 aside) often expressed as ###.###.###.### where ### is an integer 0 - 255 eight bit byte

this is where my understanding starts to get hazy

(out of range intentional) “subnet masking” “flips bits” eg. 345.345.345.0/24 would match IPs 345.345.345.0 to 345.345.345.255 inclusive. The “0/24” value ≈ “first 24 bits” i.e. the “345.345.345.” portion. Similar for “0/8” and “0/16”

this is where I flounder

Say there are two IPs
one IP 345.345.345.0 to 345.345.345.127
two IP 345.345.345.128 to 345.345.345.255

I know it involves other numbers of bits (“0/20”?), but I can’t see a connection. I’m guessing it involves converting and that I’ve managed to miss seeing that it was needed.

1 Like

(I’m going to vastly simplify this concept. Fair warning to networking nerds.)

Let’s say the IP range in question is 192.168.0.1 to 192.168.0.255. The classic /24 network. (Also a private one.)

Where does /24 come from?
Well, in this range, the bits that DONT change are the Network bits. that’s the 192.168.0 bit in this case.
Each octect is from 0-255 - an 8 bit number (2^8 = 256).
There are 4 octets, so there are a total of 32 bits required to specify our IP address.
In terms of routing information, the computer needs to know "How much of this IP is networking information, and how much is computer-specific information. This is where the netmask comes in.

We have 256 possible addresses on our network (granted, one of them will be used for the gateway, and another for the broadcast address, but those are still addresses on the network.)
256 addresses can be represented by 8 bits. So, the last 8 bits of our binary string are the computer specific information. This means that 32-8 = 24 … there are 24 bits available to be used for Networking information. (/24 … 24 bits of Networking information.)

Netmask says: Take a binary string. Networking Information space = 1’s, Computer Specific information space = 0’s.

For our /24, that would be 11111111111111111111111100000000.
Break that up into 8-bit chunks: 11111111 11111111 111111111 00000000
Convert those 8 bit chunks into decimal: 255 255 255 0 (Look familiar?)

Now lets take your example:
one IP 345.345.345.0 to 345.345.345.127

So you’re looking at 128 addresses this time. We don’t need 8 bits for that, because 2^7 is 128. So we can use 7 bits of information for the computer-specific addressing, and stick that extra bit out front back into the Network addressing pool.
Because we’re using 7 bits for that, and our IP string is still 32 bits long (never changes in IPv4), that means our networking information is 25 bits long. This is a /25 network.
What is its Netmask? Well, repeat the process:

Take the 32 bit breakdown: 11111111111111111111111110000000.
Break that up into 8-bit chunks: 11111111 11111111 111111111 10000000
Convert those 8 bit chunks into decimal: 255 255 255 128
So your netmask is 255.255.255.128. It will be the same for your second network.

So what differentiates the networks? Well, both networks will have a Gateway. Normally, that’s the first IP in the range. Because of the Netmask, it knows it’s a /25, and it can say “the gateway for 345.345.345.6 will be 345.345.345.1.”

Similarly, because of the netmask, a computer can say “the gateway for 345.345.345.200 is 345.345.345.128.”

So: Test Yourself: What would be the Netmask for a network from 192.73.208.1 to 192.73.209.255? What /# is it?

2 Likes

And for the sake of networking nerds flipping out: Yes, i’m completely simplifying the concept.
A network cannot just start at any given number - I can’t say my network goes from 192.168.1.3 to 192.168.2.2.
Because of the nature of using bits to give address ranges, the start point of a network must be a power of 2 address that corresponds to the number of bits in the computer-specific space. The end point of the network is defined to be the highest possible value of addresses in that space.

I’m only using 256 addresses in my above example. So it’s a /24 right?
Not… so fast.
Let’s assume it’s a /24. that means the last 8 bits of the address are my comp-specific space.
I say my start point is 192.168.1.3.
The computer looks at my netmask and says “192.168.1” (1100 0000 1010 1000 0000 0001 ) is your networking space.
I can encode my low IP in binary inside this space just fine:
1100 0000 1010 1000 0000 0001 0000 0011 = (192 168 1 3)
But when i try to encode my high IP:
1100 0000 1010 1000 0000 0010 0000 0010 = (192.168 2 2)
wooooah now. Suddenly i’ve overflowed and changed two of the bits that were in my Networking space. That means i’m talking to a DIFFERENT network.

In order to be able to change those two bits, I need to move them into my computer-specific space. Which i can do. I pull the bits in. Now my network isnt a /24 anymore - it’s a /22 (because i’ve taken 2 bits away from the Networking pool).
So now:
The computer looks at my netmask and says “192.168.(unintelligible 6 bit fragment)” (1100 0000 1010 1000 0000 00 ) is your networking space.
I can encode my addresses just fine.
But… what is the start and end of my network ACTUALLY?
Well, the start of the network would be the Networking space, plus enough 0’s to form a 32 bit number:
1100 0000 1010 1000 0000 0000 0000 0000 , which translates back into decimal as 192.168.0.0
and the end of the network would be the Networking space, plus enough 1’s to form a 32 bit number:
1100 0000 1010 1000 0000 0011 1111 1111 , which translates back into decimal as 192.168.3.255.

So while I may say my network goes from 192.168.1.3 to 192.168.2.2, my network is ACTUALLY from 192.168.0.0 to 192.168.3.255 - much bigger than I had intended!

4 Likes

Thanks. The last post answers some questions I had.

I broke things down

 192.73.208.1 to 192.73.209.255 

1 - 00000001
73 - 01001001 
192 - 11000000 
208 - 11010000 
209 - 11010001 
255 - 11111111 
127 - 01111111 
128 - 10000000 

11000000  01001001  11010000  00000001 
11000000  01001001  11010001  11111111 
0/23 

I got the 23, but couldn’t see how to get to the “00000001” (without the 0) without going all the way there. - you can’t

I’m not seeing how to differentiate the low and high halves eg.

192.73.209.0 to 192.73.209.127 
11000000  01001001  11010001  00000000 
11000000  01001001  11010001  01111111 
0/25

192.73.209.128 to 192.73.209.255 
11000000  01001001  11010001  10000000 
11000000  01001001  11010001  11111111 
0/25 

Another “can’t” and the examples I have seen are not arbitrary?

You sure you cant see a difference between the two of them? Keep in mind that red digit is still part of the networking space.

These networks would be identified as “192.73.209.0/25” and “192.73.209.128/25” in nomenclature.

Ah, that’s a click. I was thinking of the denominator as “the last network bit” but completely didn’t think of the numerator that was staring straight at me. :see_no_evil:

1 Like

Network start address and bit size is suffficient information to describe an IP network; it is in fact the minimal description without requiring significant processing.

Start by itself is insufficient; 192.168.0.0 could be a /16, or it could be a /31, and they would both start at 192.168.0.0.

Size by itself is obviously insufficient; /24 can describe 255^3 networks, which one do you mean?

2 Likes