Note that all digits in the "High Order Bits" are significant. These bits represent the left most bits in the octet. Without the the zero bit in a "C" class octet, for example, you would have a range of available 1st octet numbers from 192-255. Assignments in the range of 224-255 are reserved for other special purpose classes. Therefore the additional 0 bit is required to limit the upper end of the range 223.

Also notice that 127 is not included. 127 is a reserved address used for the local loopback. If you are not familiar with using the loopback address (127.0.0.1) for trouble shooting purposes you should be.

This table should not be difficult to memorize. If you have trouble just remember the high-order bit patterns. The full octet, when converted to decimal, will give you the lower end of the range. To figure out the high end replace the 0 bit with a 1, convert to decial and subtract 1.

For example, the high order bit pattern for a class B is "10". "10000000" converted to decimal is 128, the lower limit. Replace the "0" in the high-order bits to "1" will yield "11000000" or 192. Subtract 1 and you have your full range of 128-191. Just don't forget to omit 127 from class A addresses.

Subnet Expansion

Bit Pattern

Masked Bits

Provided Subnets

Subnet Mask

11000000

2

2

192

11100000

3

6

224

11110000

4

14

240

11111000

5

30

248

11111100

6

62

252

11111110

7

126

254

11111111

8

254

255

This table is really easy to create, but you should memorize it anyway, at least the subnet masks, also referred to as high-order sums. You'll simply run into them often enough to make it worth while and there are a lot of short cuts that you can learn once you memorize the high-order sums. The "Masked Bits" column refers to the number of bits in the bit pattern that are "masked" ("1") for use as subnet addresses. For example "11100000" indicates three masked bits. Applying this number to the formula "2^n - 2" yields the next column, "Provided Subnets". By subtracting two, this formula takes into account the two illegal subnets resulting from a network address of all 1's or all 0's. Finally, the subnet mask is determined by converting the bit pattern to decimal.

Notice that there is not a bit pattern of "10000000". This goes back to the illegal network addresses. The only possible networks resulting from this bit mask are "1" (all 1's) or "0" (all 0's), both illegal.

Calculating Hosts:
You've already learned the formula for calculating the number of subnets, 2^n, where "n" is the number of subnet bits. The formula is very similar when determining the number of hosts. Simply determine the number of "non-masked" bits and use that figure for "n". For example, a class "B" address with 50 subnets will have a subnet mask of "255.255.252.0". The masked bit pattern in this example is "11111111.11111111.11111100.00000000". There are 6 subnet bits allowing up to 62 subnets and 10 unmasked bits providing for up to 1022 hosts (2^10=1024, 1024-2=1022).

Using this information you can expand the above table to include all possible hosts.

Subnet Expansion

Bit Pattern

Masked Bits

Provided Subnets

Subnet Mask

Class C Hosts/Subnet

Class B Hosts/Subnet

Class A Hosts/Subnet

11000000

2

2

192

62

16,382

4,194,302

11100000

3

6

224

30

8,190

2,097,150

11110000

4

14

240

14

4,094

1,048,574

11111000

5

30

248

6

2,046

524,286

11111100

6

62

252

2

1,022

262,142

11111110

7

126

254

0

510

131,070

11111111

8

254

255

0

254

65,534

Determining Valid IPs for a Given Subnets:
There are several ways to determine if an IP is valid for a particular subnet. It helps first to understand the binary of what is going on though. Always remember that your IP addresses are just 32 bit binary numbers. Forget the decimal and the dots for a moment ... to the computer they are meaningless.

Take an example subnet of 170.168.160.0 with a subnet mask of 255.255.240.0. Let's look it this in binary (I'm leaving in the dots for readability):

Now it is the subnet mask that tells us (and more importantly the computer) how many of the bits will be used as the network id. The 1's represent the portion that is the network id. In this case is is the left-most 20 bits (20 1's).

Now, for two hosts to be on the same subnet they must have the same subnet id, right? So, all hosts on this subnet MUST have the same first 20 bits, right? Therefore, all we need to do to determine if a host is on this subnet is to look at those 20 bits and see if they match what we already know from above.

Now you should be able to quickly eyeball between the given host ID and the network ID ... comparing all bits where a corresponding 1 exists in the subnet mask ... i.e. the left-most 20 bits. As you can see they are the same. Therefore, the given host is inded on this network.

What you have just done is essentially an AND operation. An AND operation is the logical operation a computer does to determine what use humans are able to do by sight. The computer can't "eyeball" these numbers ... it needs to crank them through a logic gate of some sort to determine the same thing.

Here are the basics of the AND operation:

1 AND 1 yields 1
1 AND 0 yields 0
0 AND 1 yields 0
0 AND 0 yields 0

In other words, both binary digits in the comparison MUST be 1 for the AND to resolve to 1. When you AND a HOST ID with a SUBNET MASK you end up with the NETWORK ID. Try it out in the above example.

Now when we "eyeballed" the HOST and SUBNET IDs with the mask we were doing the following comparison:

The host is on the subnet IF:

HostID AND SubnetMask = Subnet ID

Try this procedure out a few times for the following subnets and Host IDs... are each on the given Subnet?:

Subnet ID: 10.176.0.0
Subnet MASK: 255.248.0.0
Host ID: 10.188.23.19
Host ID: 10.191.255.255
Host ID: 10.190.255.255
Now hopefully you understand HOW or WHY this works. So a few shortcuts:

This is the subnet BROADCAST address. All addresses between your NETWORK and this address will be the assignable HOST addresses for this segment. So, in this case all HOST IDs from 170.168.160.1 and 170.168.175.254 (inclusive) are on the same segment.

This can even be done more quickly ... if you know the binary places:

128 64 32 16 8 4 2 1

Take a look at the RIGHTMOST bit of the network ID (just the masked bits)... now consider the PLACE VALUE of that bit. In the example above for 170.168.160.0, the rightmost bit is a place value of 16 (in green above). Add this value (16) to the network ID ... in this case it would be 170.168.176.0 ... this is the NEXT subnet ... so subtracting ONE will yield the broadcast address for OUR subnet ... in this case 175.255.

Now suppose you have a subnet mask, and TWO HOST IDs ... how do you determine if they are on the same subnet? Think back to the AND operation ... any HOST ID when ANDed with the subnet mask should yield the SUBNET ID. Therefore if you AND each HOST ID with the subnet mask, the results should be equivalent IF they are on the same subnet. If the results are NOT the same then they are NOT on the same subnet.

Are these two hosts on the same subnet? We can visually see that the first two octets are completely masked (255=11111111) and they match so we really don't care about those. Also the LAST octet is not masked at all so we know that is part of the host portion ... and we really don't care about that. The only part we really care about is the third octet. Given a mask of 224, are 190 and 192 on the same subnet?

Using the Windows Calculator (in scientific mode) do the following:

190 AND 224 =
192 AND 224 =

The results are 160 for the first operation and 192 for the second. The results are NOT the same and therefore they are NOT on the same subnet. The results, by the way are the SUBNETS that the DO belong to. Therefore 10.120.190.5 is part of the 10.120.160.0 subnet and 10.120.192.7 is part of the 10.120.192.0 subnet.

Basic Supernetting Example
Supernetting often is a source of confusion for students who are new to learning subnetting. It's certainly understandable. However, once you've gotten the hang of subnetting, you'll realize that it isn't really a whole lot different. In subnetting you create additional networks by moving some bits from the "host" portion of an address into the network portion of the address. Supernetting is just the opposite. You merge distinct networks by moving bits from the network portion of the address into the host portion of the address. To see how this works, let's just walk through a simple example.

You're goal is to make these networks all appear as one. Well, first ask yourself "what makes them appear distinct to the computer?" You probably already know that when one host wants to send a packet to another host it first compares the destination IP address with it's own, using the subnet mask to determine if the network is the same or different. It's the subnet mask that really makes the networks distince. The computer compares those bits in each address that correspond to "1"s in the mask. If those bits are the same, then the network to which the addresses belong is the same. Take a look at those addresses above in binary. I'll also throw in the subnet mask for the comparison.

Note that the subnet mask spans 24 bits. Now look at those 24 bits in each network (host bits have been greyed). Notice that they are each different and hence each network is different. But look closely at just how similar they actually are. The first 22 bits in each network is actually the same. So, how might you trick the computer into thinking these networks are actually the same? You change the subnet mask! Make it a bit shorter, so that it only spans those first 22 bits:

Now compare the addresses against the new subnet mask. They are identical for bits set to "1" in the mask. When the hosts now do thier comparisons they will no longer see 4 networks but rather 1 large network. You've just "supernetted" these networks! Your "new" network address is 192.168.0.0 with a subnet mask of 255.255.252.0.

You will note that this technique requires the original network addresses to be contiguous. In other words, you couldn't simply take two class C addresses such as 192.168.32.0 and 192.168.63.0 and expect to supernet them without also supernetting all networks in between. You also don't have complete control over how many subnets your merge together. For instance, in the above example, what would happen if we decreased the subnet mask by yet another bit? Take a look:

That additional bit would actually cause our hosts to also consider networks 192.168.4.0, 192.168.5.0, 192.168.6.0, and 192.168.7.0 to have been merged in with the others. So, when supernetting, the number of contiguous networks being merged must be a power of 2.

The idea aggregating blocks of addresses, by the way, is part of Classless Internet Domain Routing, or CIDR. It makes routing tables more efficient. For instance, consider you have 256 class C addresses. Traditionally this would mean 256 entries in a route table. But with CIDR this can be reduced to one single entry by having the router look at the entire block as one merged, supernetted network.

CIDR also means that the "class" of an address isn't really that important (hence the name). Rather the specific number of bits being masked is what realy matters. As such, you will commonly see a different notation for subnet masks being used when dealing with CIDR. The notation simply appends a "/" and the number of masked bits to the address. Our new network above, for instance, would be 192.168.0.0/22. It's a good idea to get familiar with this notation.