Subnet Mask and Its Application

In TCP/IP, subnet masks are used to determine whether hosts on the network are in the same network segment. In A large network, the subnet masks of class a are 255.0.0.0, The subnet masks of class B is 255.255.0.0, And the SUBNET MASKS of CLASS C is 255.255.255.0.

Assume that the subnet masks of a host is 202.119.115.78, and its subnet masks is 255.255.255.0. After performing the AND operation on the two data, the non-0 bytes in the obtained value are the network id. The operation steps are as follows:

The binary value of 202.119.115.78 is:

11001010.01110111.01110011.01001110

The binary value of 255.255.255.0 is:

11111111.111111.1111111111.00000000

The result after AND is:

11001010.01110111.01110011.00000000

After being converted to binary:

202.119.115.0

It is the network id, and the remaining IP address is the host id, that is, 78. In this way, when the IP address of another HOST is 202.119.115.83, its subnet masks are also 255.255.0, the network id is 202.119.115 and the host id is 83. Because the NETWORK IDs of both hosts are 202.119.115, the two hosts are in the same NETWORK segment.

However, in practice, there may be multiple networks distributed across different regions, and the number of hosts per NETWORK is not large. If you apply for multiple NETWORK IDs, it will cause a waste of IP resources, and it is not economical. If we move our hands and feet on subnet masks, we can solve this problem by applying only one network id.

For example, we have three different subnets. Each network has 20 hosts, 25 hosts, and 50 hosts, however, only one network id is 202.119.115. First, we should change subnet masks of Party A and Party B to the following:

11111111.111111.1111111111.11100000

In this way, we use the third-digit host id to separate subnets. There are eight combinations: 000, 001, 010, 011, 100, 101, 110, and 111, in addition to 000 (representing itself) and 111 (representing broadcast), there are also six combinations, that is, six subnets can be provided. Their IP addresses are: (the first three bytes are still 202.119.115)

00100001 ~ 00111110 is 33 ~ 62 is the first Subnet

01000001 ~ 01011110 is 65 ~ 94 is the second Subnet

01100001 ~ 01111110 is 97 ~ 126 is the third Subnet

10000001 ~ 10011110 is 129 ~ 158 is the fourth Subnet

10100001 ~ 10111110 IS 161 ~ 190 is the fifth Subnet

11000001 ~ 11011110 is 193 ~ 222 is the sixth Subnet

Select 161 ~ Section 190 is sent to Network A, 193 ~ Section 222 is sent to Network B because each subnet supports 30 hosts, which is sufficient to meet the needs of Network A and Network B's 20 and 25 hosts.

Let's take a look at Network C. Since there are 50 hosts in the Network C, the above splitting method cannot meet its IP requirements. We can set its subnet masks to dynamic route 201710000192, since the binary value of 192 is 11000000, according to the above method, it can be divided into two subnets, the IP address is:

01000001 ~ 01111110 is 65 ~ 126 is the first Subnet

10000001 ~ 10111110 is 129 ~ 190 is the second Subnet

In this way, each subnet has 62 IP addresses available ~ 126 assign a network c. multiple sub-networks are implemented with one network id.

If the subnet mask is too large, that is, the subnet range is expanded. According to the subnet routing rule, it is very likely that the data is sent to the destination machine that is not in the same subnet as the local machine and is considered to be in the same subnet due to incorrect phase and result, the data packet will be cyclically in the subnetwork until it times out and is discarded. Data cannot arrive at the target machine correctly, resulting in network transmission errors. If the subnet mask is set to be too small, the communication between machines in the same subnet will be considered as cross-subnet transmission, and all data packets will be sent to the default gateway for processing, this will inevitably increase the burden on the default gateway, resulting in reduced network efficiency. Therefore, it is incorrect to set any subnet mask. You should set it according to the regulations of the network management department.

As IP Address resources become increasingly exhausted, fewer IP addresses are available. A network with hundreds of computers can only obtain several IP addresses in the zone, many people begin to use other technologies to expand IP space.

1. subnet mask settings

If the IP address you are allocated only meets the requirements of the host, but far from meeting the need to create several subnets in the local area network, setting the subnet mask is what you have to do.

The subnet mask is also expressed in four bytes to distinguish the network number and host number of the IP address. The default subnet mask is shown in the following table:

Subnet Mask (in decimal format)

Class A 255.0.0.0

Class B 255.255.0.0

Class C 255.255.255.0

When the IP address and subnet mask are the same, the non-zero part is confirmed as the network number.

If we change some bits starting from the fourth byte of the subnet mask from 0 to 1 so that the part that originally belongs to the host number is changed to the network number, this achieves our goal of dividing subnets. For example, if you get a class C network address 198.189.98, all your devices from 198.189.98.0 to 198.189.98.254 will be in the same network, however, if you need to divide your network into five subnets for management, you must modify the subnet mask 255.255.255.0 and take the first three of the fourth byte of the mask out as the subnet mask, to change 00000000 of the fourth byte to 11100000 (decimal number: 224), you should set the subnet mask to too many bytes. In this way, we have 001, 010, 011, 100, 101, 110 in six different ways and get different network numbers (except 000 and 111 cannot be used as reserved addresses ), the first three bytes of each subnet are still 198.189.98. You can know that, for example, the more digits the subnet mask has, the more subnets you can divide, but the fewer hosts in each subnet. The Division setting of the subnet mask also has a disadvantage: the more subnets are divided, the more IP addresses are lost. Because each subnet retains two addresses of either 0 or 1, they cannot be used.

2. Dynamic IP Address Settings

DHCP (DynamicHostConfigurationProtocol) is a way to share IP addresses among multiple workstations. When the number of IP addresses we allocate is much smaller than the number of Network Workstations, if a fixed IP address is assigned to each device, it is clear that some computer machines cannot connect to the network. DHCP provides us with a better solution. The precondition is that each device does not need to connect to the access network at any time, and there are not many devices accessing the network at the same time. Dynamic IP addresses, as the name implies, are non-fixed IP addresses obtained by each device. That is, a computer automatically requests to obtain a valid IP address when connected to the network, and returns the IP address when disconnected for use by other computers. In this way, we can use a small number of IP addresses to build a large network, or increase the portability of the network workstation. If a host is moved from one subnet to another, the IP address of the computer will be changed because of different network numbers. Otherwise, the computer cannot communicate with other hosts. If we adopt Dynamic IP addresses, the complexity of network management will be reduced. DHCP is now very popular. It supports a lot of software and can run on different machines and platforms. Currently, Internet users on dial-up basically use this method.

3. Non-route address

Within the IP address range, IANA (InternetAssignedNumbersAuthority) retains a sub-address as a private IP address space for internal lan use. These addresses are shown in the following table:

Number of networks in the IP address range

A 10.0.0.0 --- 10.20.255.255 1

B 172.16.0.0 --- 172.31.255.255 16

C 192.168.0.0 --- 192.168.255.255 255

These addresses are not allocated by the Internet, so they are never routed on the Internet. Although they cannot be directly connected to the Internet, they can still be used to communicate with the Internet, we can select an appropriate address class as needed and use these addresses as public IP addresses in the internal LAN. On the Internet, devices that do not need to communicate with the Internet, such as printers and manageable hubs, can also use these addresses to save IP Address resources.

4. Proxy Server

The proxy server is actually a host device on the Internet. It has a fixed IP address. When you need to access the Internet, you need to send a request to the server, the Proxy Server accepts the request and establishes a connection for you. Then, it notifies you of the service response information you need. All data and communication processing are completed through the IP address of the proxy server. In this case, the hosts in our lan should use non-route addresses. This ensures communication between internal hosts and rejects direct access requests from external networks.

The proxy server has the following two advantages: First, if the data you requested has been requested by someone else on the same network segment, then, most proxy servers can call the data from the Cache and send it to you directly to avoid the time and bandwidth for reconnection. Second, the proxy server can protect your internal network from intrusion, you can also set the necessary limits on the access capability of some hosts, which actually acts as a proxy firewall.

There are also a lot of software supporting proxy servers. WinGate, MsProxy, and so on are very popular proxy server software. In China, proxy servers are widely used. The Chinese public multimedia communication network (169) is actually a huge example of using proxy servers.

5. Address Translation

Address translation is actually a packet processing process in a vro. When a packet passes through a vro, the IP address translation process resolves the internal private IP address and translates it into a valid IP address. During address translation, you can perform one-to-one ing based on the pre-defined address table, or translate multiple internal private addresses into one external legal IP address. Because each device in the network has an internal stable IP address, this method has strong network security control performance.

 

In addition, network devices can be divided into the CIDR block address and non-CIDR block address as soon as possible.

Example:

650) this. width = 650; "twffan =" done "big (this )? ? If (this. width>

Interaction between host A and host B.

Host A: IP Address: 202.183.58.11

Subnet Mask: 255.255.255.0

Route address: 202.183.58.1

Host B: IP Address: 202.183.56.5

Subnet Mask: 255.255.255.0

Route address: 202.183.56.1

After the router receives the IP data packet sent from host A to host B from Port 202.183.58.1,

(1) first, use the port address 202.183.58.1 and the subnet mask address 255.255.255.0 for "logic and" to obtain the port CIDR block address: 202.183.58.0,

(2) then, "logic and" obtain 202.183.56.5 and 255.255.255.0 as the destination address,

(3) compare the result 202.183.56.0 with the port CIDR block address 202.183.58.0. If the result is the same, it is deemed to be in this segment and will not be forwarded. If the IP address is different, the IP address is forwarded to the CIDR Block corresponding to port 202.183.56.1.

Further divide subnets to reduce the subnet address space. Divides a CIDR block into multiple sub-CIDR blocks to Facilitate network management.

Example:

650) this. width = 650; "twffan =" done "big (this )? ? If (this. width>

The School Campus Network Information Center can allocate 202.183.56.0 (Class C address) to two systems, each of which has about 120 computers. Then, the subnet mask address can be defined as 255.255.255.255.128

In this way, the original CIDR block is divided into two independent subnet segments to Facilitate network management.

　

System 1 address range: 202.183.56.1-202.183.56.126

Subnet address: 11001010 10110111 00111000 0 xxxxxxx

System 2 address range: 202.183.56.129-202.183.56.254

Subnet address: 11001010 10110111 00111000 1 xxxxxxx