Number of subnets in CIDR.

[torak3x]

In CIDR, there is no such concept as "number of subnets created" right ? As CIDR subnetting seems to be based on allocating a range of IP addresses instead.

 

[VulgarDisplay]

I'm not sure what you mean? When you create a subnet you create a number of subnets. You can further split those subnets from there. If they are asking for the number of subnets they are most likely asking you for is the 2^(network bits in that octet).

Someone can correct me if I'm wrong. I'm rusty on subnetting.

Say you have

192.168.1.0/28

N.N.N.ssss hhhh

s = subnet bits which in this case if 4 bits for your subnet.

2^4 = 16 new networks

 

[torak3x]

Hmm because I came across an article about CIDR which used the example 192.168.12.0/23.

In this case, the subnet mask is 255.255.254.0 .

How do I calculate the number of subnets created in this case ?

 

[lif_andi]

...

 

[kevnich2]

Hmm because I came across an article about CIDR which used the example 192.168.12.0/23.

In this case, the subnet mask is 255.255.254.0 .

How do I calculate the number of subnets created in this case ?

Well a /23 is 23 network bits leaving 9 host bits (32-23) = 2^9 = 512 maximum subnets

 

[drebo]

I think they're referring to how many subnets of the classful network in this case. This is a pretty antiquated concept, though, and I wish people would stop talking about it.

In this case, the classful network is 192.168.0.0/16. You have a /23, which leaves 23-16=7 bits for "subnets" of size /23. That'd be 128 total subnets with 510 hosts each.

However, the question is ambiguous and it could mean other things as well.

 

[imagoon]

Hmm because I came across an article about CIDR which used the example 192.168.12.0/23.

In this case, the subnet mask is 255.255.254.0 .

How do I calculate the number of subnets created in this case ?

You can't with out more information. In CIDR there is no reason why you could not have 8 "/24" hundreds of "/30" a few "/28" and a few hundred more "/31" point to points, and etc as long is fall inside the rules for a valid network.

 

[noobsrevenge]

CIDR refers to subnet size.

IMO you should be intimitely familiar with regular subnetting format 255.255.0.0 for example before reading or writing as CIDR.

In your example of 192.168.12.0/23. Your network range is:

192.168.12.0 to 192.168.13.255

And I would be confused by any question that asks "how many subnets are created with a /23 network" as what I would take from that is

"Well, 1 subnet is created, and its /23 in size"

 

[SecurityTheatre]

In CIDR, there is no such concept as "number of subnets created" right ? As CIDR subnetting seems to be based on allocating a range of IP addresses instead.

When you create a subnet, you create a subnet (as in ONE subnet).

The Internet uses CIDR routing (that's classless). Subnets are arbitrary size.


Certainly, you can further subnet your /23 network, but then it's not a /23 network anymore, it's TWO /24 networks, or 4 /25 networks or 8 /26 networks.

But it ceases to be a /23 when you do that. Of course, a routing table might still refer to this collection of 16 /26 networks as a /23 netblock, but that's a different definition if you ask me.

 

[drebo]

When you create a subnet, you create a subnet (as in ONE subnet).

The Internet uses CIDR routing (that's classless). Subnets are arbitrary size.


Certainly, you can further subnet your /23 network, but then it's not a /23 network anymore, it's TWO /24 networks, or 4 /25 networks or 8 /26 networks.

But it ceases to be a /23 when you do that. Of course, a routing table might still refer to this collection of 16 /26 networks as a /23 netblock, but that's a different definition if you ask me.

Except that it's not a different definition. It's still a /23 network, regardless of whether or not it's further subnetted somewhere else in the network.

A subnet is not an abstract concept. It is a literal, definable thing. An aggregate network or a summarized network is still a subnet, as are the smaller subnets that make up the aggregated subnet. Both still exist and both are still called subnets.

 

[SecurityTheatre]

Except that it's not a different definition. It's still a /23 network, regardless of whether or not it's further subnetted somewhere else in the network.

A subnet is not an abstract concept. It is a literal, definable thing. An aggregate network or a summarized network is still a subnet, as are the smaller subnets that make up the aggregated subnet. Both still exist and both are still called subnets.

Accurate, though, my line of discussion was more in line of what you might call a client-facing subnet, or an access subnet (more specifically, a broadcast domain). I suspect that's what the OP was referring to, and why I took that particular tack.

 

[drebo]

A broadcast domain is not necessarily defined by the IP subnet(s) that the devices in the broadcast domain use. Those are arbitrary. A broadcast domain is simply a definition of L3 boundaries. Multiple L3 networks can (but shouldn't) exist within a single broadcast domain.

Broadcast domains are a L2 concept, not a L3 concept. As such, they have no bearing on the discussion of L3 addressing.

 

[SecurityTheatre]

A broadcast domain is not necessarily defined by the IP subnet(s) that the devices in the broadcast domain use. Those are arbitrary. A broadcast domain is simply a definition of L3 boundaries. Multiple L3 networks can (but shouldn't) exist within a single broadcast domain.

Broadcast domains are a L2 concept, not a L3 concept. As such, they have no bearing on the discussion of L3 addressing.

That's not accurate.

When a machine attempts to issue a Layer 3 broadcast (which is different from a layer 2 broadcast), it uses the last IP in its subnet/netmask definition.

For example, a machine at 192.168.1.1/26 (netmask 255.255.252.0) would broadcast to 192.168.1.64, and all hosts in the range 192.168.1.1-192.168.1.63 would be in the layer 3 "broadcast domain".

A machine at 192.168.1.1/24 (netmask 255.255.255.0) would broadcast to 192.168.1.255 and all hosts in the range 192.168.1.1-192.168.1.254 would be in its Layer 3 broadcast domain.

Layer 2 is a separate thing and (in Ethernet) involves MAC broadcasts to FF:FF:FF:FF:FF:FF, the boundary of which is simply defined by the physical structure of the network (the edges defined by device placement).

I suspect you know this, but I'm not sure why you are strenuously disagreeing with it, so I'm putting it out there anyway.

 

[drebo]

The concept of a broadcast domain determines which machines are available via a local link. Nothing more. L3 addressing is more or less irrelevant in this instance, which is why static ARP entries have a place in troubleshooting, and even work at all.

The fact that the "broadcast address" of a subnet is the last address in its range is also irrelevant.

Broadcast domain is a L2 concept, just like collision domain is a L1 concept. Discussing it in the context of subnetting is simply confusing people.

 

[VulgarDisplay]

The concept of a broadcast domain determines which machines are available via a local link. Nothing more. L3 addressing is more or less irrelevant in this instance, which is why static ARP entries have a place in troubleshooting, and even work at all.

The fact that the "broadcast address" of a subnet is the last address in its range is also irrelevant.

Broadcast domain is a L2 concept, just like collision domain is a L1 concept. Discussing it in the context of subnetting is simply confusing people.

So much incorrect information. Explain to me why you must use a layer 3 device to separate broadcast domains? You have to use a layer 3 switch or a router. You can seperate broadcast domains on a layer 2 switch with vlans, but any broadcast in that vlan will go to all layer 2 devices configured with that vlan.

Collision domains are separated at layer 2. A switch creates a desperate collision domain between every one of its ports and whatever is connected. With a hub everything that is connected is in the same collision domain which is why Ethernet had to use CSMA/CD to stop collisions before switches.

Layer 1 is just the currents transmitted across the medium that stand for 1's and 0's.

I'm still a lowly net academy student so I could easily have some things wrong, but I know for sure that you aren't right...

 

[VulgarDisplay]

That's not accurate.

When a machine attempts to issue a Layer 3 broadcast (which is different from a layer 2 broadcast), it uses the last IP in its subnet/netmask definition.

For example, a machine at 192.168.1.1/26 (netmask 255.255.252.0) would broadcast to 192.168.1.64, and all hosts in the range 192.168.1.1-192.168.1.63 would be in the layer 3 "broadcast domain".

A machine at 192.168.1.1/24 (netmask 255.255.255.0) would broadcast to 192.168.1.255 and all hosts in the range 192.168.1.1-192.168.1.254 would be in its Layer 3 broadcast domain.

Layer 2 is a separate thing and (in Ethernet) involves MAC broadcasts to FF:FF:FF:FF:FF:FF, the boundary of which is simply defined by the physical structure of the network (the edges defined by device placement).

I suspect you know this, but I'm not sure why you are strenuously disagreeing with it, so I'm putting it out there anyway.

192.168.1.64 is the network address of your next subnet. .63 is the broadcast and .62 is your last host address. Network addresses are even numbers.

 

[imagoon]

Yeah I am not quite following the whole broadcast thing here. Packets sent to a broadcast IP address typically get a destination MAC addres (from ARP) of FF:FF:FF:FF:FF:FF so that the packets are flooded properly at the layer 2 (on Ethernet.) There are special cases required to properly handle IP broadcast when the layer 3 domain extends over more than one Layer 2 domain (think VPN tunnels etc) so that the IP broadcasts actually reach the remote side. IP broadcasts being the last address is certainly not irrelevant and layer 3 has these provisions on purpose. The broadcasts are handle differently on other layer 2 techs and maybe filtered or controlled in those techs. Then we also need to look at multicast which is similar in that it could be broadcasting in to hundreds of other layer 2 domains if needed.

 

[drebo]

So much incorrect information. Explain to me why you must use a layer 3 device to separate broadcast domains? You have to use a layer 3 switch or a router. You can seperate broadcast domains on a layer 2 switch with vlans, but any broadcast in that vlan will go to all layer 2 devices configured with that vlan.

Collision domains are separated at layer 2. A switch creates a desperate collision domain between every one of its ports and whatever is connected. With a hub everything that is connected is in the same collision domain which is why Ethernet had to use CSMA/CD to stop collisions before switches.

Layer 1 is just the currents transmitted across the medium that stand for 1's and 0's.

I'm still a lowly net academy student so I could easily have some things wrong, but I know for sure that you aren't right...

.....

You pretty much have everything wrong.

Consider how ARP works. Machine needs to send a packet to an address. If that address is in the current subnet (link local) it sends an ARP request to the broadcast address (MAC FF:FF:FF:FF:FF:FF) asking about the IP address it needs to send to. If that address is on a different subnet (as determined by the subnet mask, which is directly related to the CIDR notation,) then the ARP request is instead for the next hop to the address (in most cases, this is a configured default gateway, but it doesn't have to be.)

ARP is meant to learn the L2 address of a host that is known only by L3 address. This can only (with the exception of proxy ARP) happen within a broadcast domain, hence why broadcast domains are a L2 concept and not a L3 concept. L3 addressing does not determine which hosts will respond to a broadcast message because broadcasts are a L2 concept.

A routing domain or autonomous system, which is much more abstract, could be considered the analog in L3 terms.

As to a collision domain, you are also wrong. Collision avoidance occurs at L1, not at L2. A hub is a L1 device. All devices connected to a hub share a common collision domain, because they are all connected to the same "cable." When you introduce a switch (which is a L2 device,) you segregate collision domains. Again, though, the L2 addressing is irrelevant because all you've established is a method for full duplex communication whereby both devices on the link can send at the same time...which is the same thing as collision avoidance.

This correlates to a broadcast domain, and to your question about why you need a L3 device, as follows: a switch (or in the old word, a bridge) segregates collision domains on a per port (logical or otherwise) basis the same way a router segregates broadcast domains on a per port (logical or otherwise) basis. On a switch, every port is its own collision domain, and the switch uses the L2 address to switch frames between the collision domains. On a router, every port is its own broadcast domain, and the router uses L3 addresses to route packets between the broadcast domains.

But here's the important thing: inside a collision domain, the L2 address is not relevant to avoiding collisions and being able to transmit data...just as inside a broadcast domain, the L3 address is not relevant to sending ethernet frames between hosts.

 

[drebo]

Yeah I am not quite following the whole broadcast thing here. Packets sent to a broadcast IP address typically get a destination MAC addres (from ARP) of FF:FF:FF:FF:FF:FF so that the packets are flooded properly at the layer 2 (on Ethernet.) There are special cases required to properly handle IP broadcast when the layer 3 domain extends over more than one Layer 2 domain (think VPN tunnels etc) so that the IP broadcasts actually reach the remote side. IP broadcasts being the last address is certainly not irrelevant and layer 3 has these provisions on purpose. The broadcasts are handle differently on other layer 2 techs and maybe filtered or controlled in those techs. Then we also need to look at multicast which is similar in that it could be broadcasting in to hundreds of other layer 2 domains if needed.

Multicast isn't the same thing as broadcast, but it is treated as simple broadcasts in the event that PIM isn't configured...which means that without the use of PIM, multicast will never leave the L2 broadcast domain. Multicast routing is its own beast and, again, isn't strictly relevant to the scope of a broadcast domain because of the reason I've just stated. Multicasts have their own set of MAC addresses and L3 addresses that hosts can be configured to listen to or ignore, in the exact same way that they listen to or ignore any traffic that they receive. The fact that the traffic can be "routed" between broadcast domains (which you even refer to when you say "l2 domain') doesn't change what a broadcast domain is.

As to why I'm being so pedantic, this stuff is extremely important for people who ever want to be troubleshooting or designing a network of any size, and the previous misinformation in this thread by SecurityTheatre and VulgarDisplay could easily lead someone with a problem down an incorrect path to a solution.

To everyone else: Next time you're on your computer, go ahead and ping your "L3 broadcast address" and then check your ARP table. You might see something interesting.

 

[noobsrevenge]

drebo, I don't see what was wrong with what vulgar said, it seems you basically said he was wrong, reworded things, and said the same thing over again but more convoluted.

Also I don't get why you are going on about L3 broadcast domains not existing and yes L3 broadcast domains do exist, yes doing an L3 broadcast will L2 broadcast at the same time. But that does not mean you can go and say an L3 broadcast does not exist.

Vulgar admittedly said he is an entry network academy beginner or some such, I would re-read what he said, and clearly point to where you think he was wrong and explain it again, but better. Because IMO you guys are saying nearly the same thing right now, but at some point ethernet was brought into this TCP/IP conversation to further convolute things and it did not need to be.

 

[VulgarDisplay]

.....

You pretty much have everything wrong.

Consider how ARP works. Machine needs to send a packet to an address. If that address is in the current subnet (link local) it sends an ARP request to the broadcast address (MAC FF:FF:FF:FF:FF:FF) asking about the IP address it needs to send to. If that address is on a different subnet (as determined by the subnet mask, which is directly related to the CIDR notation,) then the ARP request is instead for the next hop to the address (in most cases, this is a configured default gateway, but it doesn't have to be.)

ARP is meant to learn the L2 address of a host that is known only by L3 address. This can only (with the exception of proxy ARP) happen within a broadcast domain, hence why broadcast domains are a L2 concept and not a L3 concept. L3 addressing does not determine which hosts will respond to a broadcast message because broadcasts are a L2 concept.

A routing domain or autonomous system, which is much more abstract, could be considered the analog in L3 terms.



As to a collision domain, you are also wrong. Collision avoidance occurs at L1, not at L2. A hub is a L1 device. All devices connected to a hub share a common collision domain, because they are all connected to the same "cable." When you introduce a switch (which is a L2 device,) you segregate collision domains. Again, though, the L2 addressing is irrelevant because all you've established is a method for full duplex communication whereby both devices on the link can send at the same time...which is the same thing as collision avoidance.

This correlates to a broadcast domain, and to your question about why you need a L3 device, as follows: a switch (or in the old word, a bridge) segregates collision domains on a per port (logical or otherwise) basis the same way a router segregates broadcast domains on a per port (logical or otherwise) basis. On a switch, every port is its own collision domain, and the switch uses the L2 address to switch frames between the collision domains. On a router, every port is its own broadcast domain, and the router uses L3 addresses to route packets between the broadcast domains.

But here's the important thing: inside a collision domain, the L2 address is not relevant to avoiding collisions and being able to transmit data...just as inside a broadcast domain, the L3 address is not relevant to sending ethernet frames between hosts.

I'll just pick the most obviously wrong part of your post and refute that.

The OSI Physical layer provides the means to transport across the network media the bits that make up a Data Link layer frame. This layer accepts a complete frame from the Data Link layer and encodes it as a series of signals that are transmitted onto the local media. The encoded bits that comprise a frame are received by either an end device or an intermediate device.

The delivery of frames across the local media requires the following Physical layer elements:
The physical media and associated connectors
A representation of bits on the media
Encoding of data and control information
Transmitter and receiver circuitry on the network devices

At this stage of the communication process, the user data has been segmented by the Transport layer, placed into packets by the Network layer, and further encapsulated as frames by the Data Link layer. The purpose of the Physical layer is to create the electrical, optical, or microwave signal that represents the bits in each frame. These signals are then sent on the media one at a time.

It is also the job of the Physical layer to retrieve these individual signals from the media, restore them to their bit representations, and pass the bits up to the Data Link layer as a complete frame.

The physical layer, or Layer 1 is just the encoded signals (optical, electrical, radio, etc.) that are transmitted across the media. That quote is directly from cisco. You seem dead set on thinking that a wire or a radio signal is capable of knowing that it is a collision domain and doing something about it. Layer 2 devices like switches create collision domains for every connection to a port, and hubs (also layer 2) have 1 collision domain. When a device is connected to a hub every wire connected to the hub is essentially the same wire.

I think you're confused by the fact that there are layer 2 and layer 3 broadcasts. Which with what is currently being discussed, classless IP addressing and subnetting, it's obvious that the layer 3 broadcast domain is what we are currently discussing.

 

[dedriven]

my problem/question but first my findings.1) Cisco says Proxy arp works when two ethernet port on a router are in the same subnet & when a host on one ethernet wants a host MAC that is on the other side of the router it ARP's for it and the router replies with it's int facing the requester. 2)ARP With host on different subnets cisco says the router sends a L-3 broadcast for the target and the target replies & the router forwards the arp reply to the sender so it can update. 3)With ARP on a single Lan the ARP is sent out and the target replies. My problem/questions is this 1) when a router with proxy arp enabled recieves this request doesn't this mean that the destination MaC is the routers& since it is in the same subnet the router tells the requester to reach the other host simply use it's MAc. 2)Arp on different subnet So does this mean the router opens a ARP packet and sees that the destination add needs to send a mac so it L-3 broadcast. 3)ARP local lan only. When the sender sends the arp request the router process it further because it is a L-2 broadcast but drops the packet because it knows the request is for that local Lan. * I have been studying Cisco for a while and see so many confused about ARP, especially because ARP sends with dest L-2 broadcast & I think many forget that ARP is a packet as well. ANY help

 

[Gryz]

I can't parse that without spaces and newlines.
So here some random remarks.

doesn't this mean that the destination MaC is the routers

ARP packets are always sent to the broadcast mac address.
Or, by "destination Mac", do you mean the "who-has?" ip-address ? No, the "who-has?" address in this case is the final destination ip-address, not the router's ip-address.

In any case, one should not design networks with proxy-arp. Proxy-arp was an ugly-kludge 20 years ago, causing constant problems. And I doubt it got any better. Just design your network-ranges (aka subnets) properly. And then configure all hosts on the network with proper network masks. That should fix it. Just forget about proxy-arp.

 

[dedriven]

The question is not meant to be determining a subnetting scheme. The post talks about subnets & networks with 3 different ARP types Proxy ARP, ARP on a different subnet & ARP on the same subnet. Their are 3 topics numbered 1,2 & 3 with questions regarding the topics for clearness numbered 1,2 & 3 which associate to the topic with the same corresponding number.

 

[dedriven]

Why would this class C address be able to borrow bits into a class B, why not class A. That question is a good question. Why because the router bases it's routing decisions on longest subnet mask. EIGRP would autosummarize it based on network add like 192/24.