0

Lets say I own 207.45.222.0/24. If I subnet to create 207.45.222.0/25 and 207.45.222.128/25, have I effectively given up all those /24 addresses?

What happens to the /24 designation in terms of routing? What would be the result of pinging one such address previously assigned to a host (ex: 207.45.222.1/24)?

From a theoretical standpoint, a number like 207.45.222.0/24 and 207.45.222.0/25 are distinguishable--the first network has an address 24 bits long and the second, 25 bits. Therefore, it appears that a router should be able to distinguish between these two subnets and I should be able to use my old /24 addresses alongside my new /25 addresses. In the /24 subnet, I would have 256 addresses at my disposal, while in the two /25 subnets, I would have 128 addresses each.

I realize this is silly, but I don't know why. (One implication would be a single number 207.45.222.0 being used in many subnets /24, /25, /26, /27, ...)

So what is wrong with the above reasoning? How does the subnetting designation work?

AndJM
  • 103
  • 2
  • IP addresses and masks are really 32-bit binary numbers. The dotted decimal notation is simply to make it easier for humans to read. You need to do this in binary, then it becomes obvious. – Ron Maupin Feb 13 '17 at 14:07

3 Answers3

2

In answer to your comment on JFL's answer, the specific/closest match is known as the 'longest prefix match' and can be explained as follows.

A router can hold many routes that match the destination IP address of a received packet. For example:

  • 207.45.0.0/16
  • 207.45.222.0/24
  • 207.45.222.0/25

Each route has a different prefix length, written in decimal notation /xx, and represents the number of contiguous binary 1's in the subnet mask.

Below is the binary representation for each prefix.

  • /16 = 11111111.11111111.00000000.00000000 (255.255.0.0)
  • /24 = 11111111.11111111.11111111.00000000 (255.255.255.0)
  • /25 = 11111111.11111111.11111111.10000000 (255.255.255.128)

The router will examine the destination IP address in the IP header and run an algorithm to determine the longest prefix match against the possible routes in its routing table.

Once the longest prefix match is determined, the router will use the route information to forward the packet.

In this example, if the router receives a packet with a destination address of 207.45.222.100, the router will select 207.45.222.0/25 as the longest prefix match.

However, if the router receives a packet with a destination address of 207.45.222.200, the router will select 205.45.222.0/24 as the longest prefix match.

If you configured two networks of 207.45.222.0/24 and 207.45.222.0/25, traffic destined to hosts in the bottom half of 207.45.222.0/24 (.1 to .126) will find they are unable to receive traffic from outside of their subnet (this is quite a common problem when hosts have an incorrectly configured subnet mask).

Due to longest prefix length matching, the router will forward traffic destined to hosts 207.45.222.1 to .126 towards the 207.45.222.0/25 network.

stoney
  • 21
  • 2
  • Very helpful, thank you. If I understood correctly, divvying up 207.45.222.0/24 into 207.45.222.0/25 and 207.45.222.128/25 (by configuring them) essentially makes the 207.45.222.0/24 range unreachable due to the way routers select addresses from their table. – AndJM Feb 14 '17 at 14:14
  • In a sense Yes, if you have configured the /24 and the /25 networks within the same local routing domain, the router will prefer the route to the /25s over the /24. – stoney Feb 15 '17 at 18:44
1

You can't use both a full /24 network and in the same time some subnets of this network. (that's of course true for any network size).

First, most router will not allow to configure overlapping network, be it on different interfaces or on the same interface.

However some routers will allow it, so what happens in this case?

Let say you configure:
eth1 with ip address 207.45.222.1/24
eth2 with IP address 207.45.222.1/25

then you will have in the routing table two entries

207.45.222.0/24 via eth1
207.45.222.0/25 via eth2

when the router receive a packet for 207.45.222.17 for example, it looks in its routing table for the more specific match (this is a very important point and a fundamental basic of how IP routing works).

In this case the closest match is 207.45.222.0/25 via eth2 so the router will send the packet out of eth2 (after arp resolution, etc...)

So even if you have a host 207.45.222.17 behind eth1, the router will never send it anything. The /24 network will be unreachable from outside world.

JFL
  • 19,649
  • 1
  • 32
  • 64
  • Thank you. I see that I have some fundamental gaps in need of patching! Re router table lookup: how is the specific/closest match made? (Is there a name for this process?) – AndJM Feb 13 '17 at 11:25
  • Not sure if there's an official term for this specific behavior, in RFC1338 section 4.1 you can find "routing is done on a longest-match basis (i.e., for a given destination which matches multiple network+mask pairs, the match with the longest mask is used)" – JFL Feb 13 '17 at 12:49
  • Thanks for this answer. Adding to this, what if you setup the /25 subnet in another router? Kind of, you get assigned a /24 network (out of your reach) and then you decide in your end router you create 2 /25 networks. And someone from outside from the main router that has the /24, tries to get one of the IPs from your subnetted network? –  Jun 27 '17 at 11:31
  • Then it will heavily depend if the routes are exchanged between the routers and how. – JFL Jun 27 '17 at 12:02
  • Can ARP proxy help on that one? –  Jun 27 '17 at 13:41
  • not really, Networl Address Translation (NAT) can be used to hide a conflicting network, but if you had a practical case, you should ask a new question. Comment are not there to ask questions ;) – JFL Jun 27 '17 at 16:12
1

The easiest way to answer the question of "So what is wrong with the above reasoning?" part of your question is that you're talking about IP addresses as if they themselves include their prefix length (ex: 207.45.222.1/24), but when another endpoint communicates with you, they're just using your IP, meaning they would have no way of contacting two different "types" of 207.45.222.1.

Christian B
  • 31
  • 3
  • I thought that the whole point of having slash notation or a subnet mask was to distinguish the network address from the host identifier. Your telling me that a suffix is not included with an address in a transmission? You're right though, I ping an IP address without the slash; I can check whatsmyip returning no suffix. How does that work? – AndJM Feb 14 '17 at 14:08