It's not complicated. At its most basic level, an IP address is a 32 bit number. The first part of the number defines which network the address belongs to. The rest specifies which particular device (actually network interface) is speaking IP on that network. The network mask (255.255.255.0 aka /24, or 255.255.255.240 aka /28, for example) is what defines the boundary between the network part of the address and the host part of the address.

The only mind-bending part is that within a given larger network, you can further split a block. Say you own 172.16.10.0/16. The rest of the internet knows to send anything in that block to you because your router advertises that prefix using BGP. You can use the whole thing as one network if you really want to, but generally won't because you aren't going to attach 65,000 computers to one router port.

So you decide you want each subnet in your network to have 256 addresses (you can have some with 128, some with 256, etc, but let's keep it simple). So you number the internal interfaces on your router as 172.16.0.0/24, 172.16.1.0/24, and so on. If you need to further split one of those networks, say because you have two different offices connected to another router downstream of the core router we've talked about so far (or maybe there is too much traffic for one physical network..whatever), you can split 172.16.1.0/24 on that router, say into 172.16.1.0/25 and 172.16.1.128/25. The first network goes from 1.0 to 1.127 and the other from 1.128 to 1.255. Your core router doesn't need to know about this, because both of those subnets route belong to the same router.

To the rest of the internet, you are still just 172.16.0.0/16. Your subnetting is only visible within your internal network. Your router summarizes your internal subnets into the one big network that is advertised to the global Internet.

If your issue is more of a how do you figure out which networks are valid kind of thing, play around with an IP subnet calculator that shows you the actual bits.

Remember, the part after the slash is just telling the router how many bits are network bits and how many are host bits. It isn't a global thing, it is local to the particular network.

NB: In the very early days of the Internet, before variable length subnet masks were a thing, the length of the network part was predefined, and was fixed for a given set of addresses. That is what "class" A, B, and C are referring to. The RFC on variable length subnet masking is actually a pretty easy read if you understand basic IP networking terminology. I suggest using it to fill in the gaps in my explanation.
posted by wierdo at 6:26 PM on November 2, 2016 [4 favorites]

Try starting with packet routing in general and through that understand subnetting as a subject in that context. If you understand roughly how the decisions are made to route a packet in a network, you will implicitly understand why a subnet might be useful, and all the definitions you have been reading will make more sense...
posted by NoDef at 6:27 PM on November 2, 2016

is there no-one you can talk to? this seems like the kind of thing where sitting down with a pen + paper to chat for 10mins would probably save hours of frustrated book learning. you've probably got some weird detail mixed up that's throwing everything off and once that's clear the rest will fall into place...
posted by andrewcooke at 6:30 PM on November 2, 2016 [2 favorites]

Maybe try using the whatmask utility (web version here)to try different situations/drills out until you can predict what it's going to tell you or at least see the pattern? I still use this tool all the time to double-check my work.
posted by destructive cactus at 6:33 PM on November 2, 2016

I am hopelessly stuck and feel like I will never get it.

You haven't really given any indication as to where your difficulty in understanding is. Perhaps if you were able to summarise your current understanding, we could provide more targeted advice.

The concepts are fairly straightforward - in a similar way to how a large block of land is divided up into usefully-sized plots and fenced off into sections, a large block of network address space is divided up into usefully-sized blocks.

The implementation of subnetting is simply defining where the fences are placed, and while the mechanism and terminology may take some getting used to, as weirdo has summarised, it's not over-complex.
posted by HiroProtagonist at 6:45 PM on November 2, 2016 [2 favorites]

Have you looked on YouTube? I find that's a great place to clear up confusing stuff like this.
posted by oceanjesse at 7:10 PM on November 2, 2016

What are you stuck on? What aspects do you feel like you don't understand? It might be helpful to give you a better answer.
posted by miles at 7:55 PM on November 2, 2016 [1 favorite]

It helps to think of IP as mail delivery. Packets get delivered to PC's just like mail does. If I want to address mail to everyone on a block, I need to know how many houses are there. That's the subnet, it defines how many houses on the block behind the IP address I'm delivering mail to.

So with a subnet of 255.255.255.248, I know there are 8 addresses in the block, 256 - 248 = 8. The reason there are 256 addresses is that '0' is the 1st address and 255 the last, so that's 256 address spaces. However, in any subnet range, one address is used for the block itself, another is used as the entrance to the block, and the last one is a way to route mail to every house on the block automatically if I send mail to it. That leaves 5 usable spaces for houses/PC's in a .248 subnet.

You can also parse that as one address is the physical block, one address is the router/gateway, and one is the broadcast address. You burn three addresses in every subnet for this purpose.

If 142.156.12.20 was the first address in that range, .27 would be the last, 142.156.12.27. 8 addresses on this block. One is the cable .20, one is reserved for the gateway router, .27 is the broadcast address. Subnets really tell routers how many potential addresses are inside of a network block/interface.

As the subnet mask numbers change, get smaller, the remaining network spaces get larger. So a .240 subnet leaves 16 address spaces - 3 burned = 13 usable. To get really useful at this, you need to figure out how to translate dotted quad notation into powers of 10 notation.

It really gets cool when you use virtual address spaces on the far side of the router from the Internet. These address ranges are only legal in private address space and are not routable on the Internet. The infamous 192.168.0.0 address range belongs in this group.

I'm not really a network engineer, but I worked for an ISP for a while. It really helps to have to solve problems with a PC and a network in real time to see where things go awry. Go study Wireshark, for example, and get some real world experience in solving networking problems. And take my examples with a grain of sale. Your mileage may vary.
posted by diode at 8:28 PM on November 2, 2016 [1 favorite]

Just to nitpick, you can totally use "network" and "broadcast" addresses as normal host addresses on modern OSes. What makes them network and broadcast addresses is that the host part of the address is all zeros and all ones (bitwise), respectively.

It does confuse some 90s-early 2000s era kit, though, because their network stack is hard coded to treat all zeros and all ones host addresses as being special. Even deeper in the annals of IP history, it was actually the other way around. Network was all ones and broadcast was all zeros.
posted by wierdo at 9:45 PM on November 2, 2016

Seconding the previous questions regarding a bit more detail on which part of subnetting you're hung up on. Calculating net masks? Practical application? How things work under the covers?

If the first one ... Do you know how binary numbers work? I find this is a thing that many people with a purely practical IT education miss out on and can be a real sticking point for grokking netmasks.
posted by jferg at 5:50 AM on November 3, 2016

PS: Feel free to MeMail me if you'd prefer to work through this via a Google hangout or something.
posted by jferg at 5:54 AM on November 3, 2016

I'm sorry to pick on diode, but it might help with understanding to point out that he said something wrong - for a subnet mask of /29 , .20 can not be the first IP of a valid subnet. Why? Because one can find the network from any IP and subnet mask by doing the logical AND operation against the bits.

20 (dec) = 00010100 (binary) . Bitmask of 29 = 255.255.255.248 . Binary representation of the last octet, 248 is 11111000 . If you AND 00010100 with 11111000 you get 00010000 , 16 in decimal.

Consider just the bits that are 0 of the subnet; the one's represent the network; the 0's allow the space for the hosts within the range. In the example, think of the IP/subnet 142.156.12.20/29 as 10001110.10011100.00001100.00010XXX where the X bits are the potential IP's (noting as mentioned above; you lose one for network (the first IP (000)), one for broadcast (the last IP (111)) and one for gateway (usually the first addressable IP (001), but that's just convention, the gateway could be any IP except the first and last).

So, if someone gave you an IP/subnet designation of 142.156.12.20/29 , you would know that the network is 142.156.12.16 , the broadcast is 142.156.12.23 , and at most locations the gateway would be 142.156.12.17 .

Binary is your friend for learning about subnetting. With practice you'll remember which numbers are divisible by which powers of two and you'll do this all in your head, but I definitely needed to break it out into binary when learning the concept.
posted by nobeagle at 7:11 AM on November 3, 2016

"Seconding the previous questions regarding a bit more detail on which part of subnetting you're hung up on. Calculating net masks? Practical application? How things work under the covers?"

Yes, we need to hear more. We can try to explain subnetting from first principles in the answers here, but you've already seen lots of such explanations. It's still possible we might randomly hit on the one that works, but it's unlikely. You need someone who can listen to you, ask questions to figure out where exactly you're stuck, and give you some custom explanations and exercises to help get you out of that spot.

So I'd recommend a little one-on-one tutoring. You said you took some in-person classes. Maybe your teachers would be one starting point for referrals? Or maybe try local colleges.

Make your problem as concrete as possible for them: e.g., if you have sample test questions that have stumped you, that will give them more to work with than just "subnetting" in general. Look for someone who will watch you try to work through problems and listen to you reason things out, not someone who launches straight into lecture mode. Again, the hard part isn't finding someone who can explain what a subnet is. The hard part is figuring out exactly what *you* think a subnet is, figuring out why your thinking is wrong, and figuring out how to lead you from there to the right idea.

Be prepared to really *work* with them, not just listen: there's a small chance that a light will go on and you'll be fine, but more likely you'll need some practice to learn whichever piece you're missing.

Good luck! The fact that you have this narrowed down to a small problem area suggests to me you're not that far off. And often the greatest frustration comes right as you're getting close. Do give it another good try!
posted by floppyroofing at 8:38 AM on November 3, 2016

This thread is closed to new comments.