Moving on up from our layer 2 addresses to our layer 3 addresses. So layer 2 provides connectivity on the same broadcast domain, whereas layer 3 is where we can get outside of that broadcast domain and reach other networks. Layer 3 is where routing happens, and here we’re going to talk about the most common version of IP, or Internet Protocol, and that’s version 4. It is at least the most common version right now, in 2022.
IP version 4 is commonly notated as IPv4. The address used in this protocol are a 32-bit address field, they’re typically represented in dotted decimal notation, an example would be a common address most people know:
So that this is dotted decimal notation, this here would be in binary notation:
IP addresses themselves don’t say much, we also need to know what part of the address are the network bits and which part are the host bits. This is a lot like a street address in the physical world. The network bits tell us what ‘street’ the device lives on, then the host bits tell us which house on that street is our device’s home.
This is where a subnet mask comes in. Subnet masks can also be represented in dotted decimal notation, like so:
Or in CIDR notation:
CIDR, pronounced “cider” stands for Classless InterDomain Routing form. This is also called prefix length. However, I think it’s easiest to understand what a subnet mask is for when we write it in binary notation:
The subnet mask is what defines which bits in the IP address are the network bits and which are the host bits. It does this by having a certain number of continuous ones. The subnet mask is the same length as the IP address, 32 bits. Each 1 in the mask is a network bit in the corresponding IP address. Likewise, each 0 in the mask is a host bit in the corresponding IP address:
(subnet mask image)
Since the subnet mask defines which bits of our address are network bits and which are host bits, we can use it to determine what our network identifier is. In continuing the analogy above, the network ID is the ‘street’ our device lives on, generally written in dotted decimal notation. In order to determine the network ID from an IP address and a subnet mask, we perform a logical AND between the subnet mask bits and the corresponding IP address bits. (A logical AND means both items must be a 1 for the result to be a 1.):
(logical AND image)
This is pretty easy to understand when our network mask ends on the bit boundary, where we have 1’s in increments of 8 so that it ends at one of the periods. However, it can be tricky to calculate the network ID when the subnet mask doesn’t end on a bit boundary. Let’s take a look at the calculation for the network ID of 192.168.1.1/22:
(/22 logical AND image)
This network is pretty easy to see, let’s take a look at a more complex scenario, 10.160.124.30/21:
(/21 logical AND image)
You may notice the patterns that all of the host bits are set to 0 to determine the network ID. The other important property of a subnet is the Broadcast Address. This is equivalent to the Layer 2 broadcast address, packets with a destination of this address will be processed by all devices in the broadcast domain.
To calculate the broadcast address of a subnet, we set all the host bits to 1s instead. Let’s take a look at our last example and calculate the broadcast address, 10.160.124.30/21:
(broadcast address example)
The broadcast address and network ID are important properties of the subnet, however these are not able to be assigned and used by devices on the network. The usable addresses, the ones you can actually give to your devices in this subnet, is everything between the network identifier and the broadcast address.
Using our last example once more, this would be the full subnet information for the subnet this IP address belongs to, 10.160.124.30/21:
Network ID: 10.160.120.0
Broadcast Address: 10.160.127.255
Usable Address Range: 10.160.120.1 – 10.160.127.254
Now, how do we calculate the number of usable addresses in this range? The formula is X = 2^N – 2 where X is the number of usable addresses, and N is the number of host bits in the subnet mask. (The ^N notation is read “to the power of N” which means multiplying 2 by itself N times. 2*2*2*2…N times)
Recall that CIDR notation provides the number of network bits in the subnet mask. The number of host bits would therefore be 32 minus the number of network bits. Using our example address again, 10.160.124.30/21, here’s the number of host bits:
32 – 21 = 11
Then if we plug this into N of our X = 2^N – 2 formula:
X = 2^11 – 2
X = 2048 – 2
X = 2046
So in a /21 subnet, we have 2046 usable addresses. Most often students find it easiest to simply memorize a table of the number of usable addresses in each prefix length:
Note that the numbers get a little weird once we hit a prefix length of 31 and 32. A prefix length of 31 only leaves 2 possible addresses, and given our rules so far that would only give us a network ID and a broadcast address and nothing more. However, some devices do support assigning /31 addresses. This is a point-to-point address, which does not have a network ID or broadcast address, both addresses are just usable addresses. Since only 2 addresses exist in network, there’s no need for a broadcast address, as the only other device we can talk to is at the other IP. Note that not all devices support assigning /31 addresses.
A /32 address is not a subnet but rather just a single individual address. This is not a network. Typically /32 addresses are assigned to loopback interfaces.
Public vs. Private Addressing
You may have noticed that IP addresses within your home or business LAN generally have a recognizable number scheme. After IPv4 was developed, an additional RFC was released providing address space for private LANs. This is address space that was agreed to not be routable on the public internet. This means if you look at the global public IPv4 routing tables, none of these ranges should be present, although it does happen occasionally when an ISP makes a mistake.
There are multiple special ranges of IPv4 addresses. Like the multicast ranges defined in RFC5771, or the loopback range defined in RFC6761. However the primary ranges you must be aware of for the CCNA exam are the private address ranges defined in RFC1918.
The ranges defined in RFC1918 are for private LANs only and should not be routable on the public internet. These ranges are part of classes as well, for classful routing. We’ll talk a bit more about what that means shortly, for now, here are the RFC1918 address ranges:
The primary definition you’ll need to know for the address classes are as follows:
Class A networks are /8
Class B networks are /16
Class C networks are /24
You can get some excellent practice subnetting using our Subnetting Game. This is a skill that will serve you well in the future, and help you look like a true professional when your coworkers see you don’t need to go looking up a calculator online to figure out subnetting information.