One of the most confusing aspects of building an Internet/Amprnet gateway is the design of the gateway's subnets. This short article will attempt to explain the ideas behind subnets and make the subject a little less confusing.
The prime purpose of a gateway is to forward packets to/from a number of local machines. In order to forward packets, you need a route to each and every machine that you service. Now, it doesn't make sense to have routes to every individual machine. Instead, the local machines are grouped together as a range of IP addresses, and the gateway forwards packets to all machines in this range of addresses.
Gateways have to route packets as quickly as possible. One of the ways to speed the process is to express each route in the routing table as a subnet, instead of a range of addresses.
Let's take a range of IP addresses that we want to build a route for.
184.108.40.206 to 220.127.116.11
Rewriting this in binary, the range is
00101100100010000000100000000000 to 00101100100010000000111111111111
We can see that, for all addresses in the range, most of the bits are common. We call these the network bits in each address, as they represent the `network' portion of each machine's address. The remaining bits are known as the host bits, as they represent the particular host machine on the network (i.e in the range of addresses). In the range of addresses above, we can divide each address thus:
001011001000100000001 XXXXXXXXXXX network bits host bits
We can rewrite this in subnet form as 18.104.22.168/21 or 44.136.8/21. This says that the range of addresses all have the first 21 bits in common, and that these 21 bits are 44.136.8. This also says that the first address in the range is 22.214.171.124.
How does this speed up a gateway's job? When a packet arrives at a gateway for delivery, the gateway may have to check each route to see if the packet's destination is covered by the route. If the gateway expressed routes as ranges of addresses, it would have to check if the destination fell inside every route's range, which is a slow process.
If subnets are used instead, the gateway can turn off the host bits in the destination address, and match against the network bits of each route. For example, a packet arrives for 126.96.36.199:
The gateway tries each route in turn, starting with the routes that have the most network bits. When it reaches 44.136.8/21, it turns off the host bits:
001011001000100000001 00000000000 matches 001011001000100000001
which matches the network bits 44.136.8. The packet can then be successfully delivered using the matching route.
Choosing a suitable range of address can be difficult. The main thing to note here is that, because a subnet is expressed as a set of network bits, you can't represent a range of IP addresses that don't all share a common set of network bits. For example, the range 188.8.131.52 to 184.108.40.206 is the range:
00101100001111110001101100001001 to 00101100010101010110001100001100 001011000 are the shared bits
The machines in this range share the network bits 001011000, which results in the subnet 44.0/9. This has the range 220.127.116.11 to 18.104.22.168, which is a lot larger than the desired range!
The problem here is that the number of bits shared by all the machines in the range is small, which results in a subnet expression which covers many more addresses than desired. We can solve this by altering the range so that more of the network bits are shared, e.g:
The moral here is: start your range of addresses on a power of two. In other words, use components of your address that are powers of two:
To help you convert IP ranges into subnets, and let you try `what if' tweaking of your ranges, I have written a C program which converts a range of IP addresses into subnets. Email me to get a copy, or use the Range Checker web page to check your ranges via the Web. Your aim is always to minimize the number of subnets needed to express your range of addresses.
Let's take a couple of examples from the current encap.txt file. 22.214.171.124 has routes for 44.2.0/20, which is the range 126.96.36.199 to 188.8.131.52, nice and tidy. Similarly, 184.108.40.206 has routes for 44.16/16, which is the range 220.127.116.11 to 18.104.22.168; again nice and tidy.
22.214.171.124 has the problem that it wants to route for the range 126.96.36.199 to 188.8.131.52. This leads to the set of subnets 44.136.171/24, 44.136.172/22, 44.136.176/20, 44.136.192/21 and 44.136.200/22. Unless this range can be reduced, not much can be done here. I'll suggest a possible alternative in the next section.
In some instances, a gateway's set of subnets can be made smaller. From the current encap.txt file we see that 184.108.40.206 has 8 subnets covering the range 220.127.116.11 to 18.104.22.168. This range can actually be covered by the single subnet 44.134.120/21. This change would help reduce the size of the routing table in every gateway.
Remember that gateways process routes from most network bits down. This means that a 44.136.8/21 route is chosen before a 44.136/16 route, which is chosen before a 44/8 route. This allows very general routes to be specified, which are overridden by more specific routes (i.e routes to a smaller number of machines).
We can use this ordering of routes to install a subnet which covers a greater range that actually required, in the knowledge that a more specific subnet will override it where necessary. Let's reconsider the range 22.214.171.124 to 126.96.36.199 which requires 5 subnets. If the five subnets were replaces by the single subnet 44.136.128/17, this will cover a much larger range, 188.8.131.52 to 184.108.40.206. This is not a problem because more specific subnets will cover the unwanted addresses, e.g the /24 subnet 44.136.221/24 (from the encap.txt file) will override the /17 subnet for the range 220.127.116.11 - 18.104.22.168.
Here's another example from the encap.txt file. 22.214.171.124 has three separate subnets which cover three address ranges that are disjoint:
The single subnet 44.4.40/21 will cover the range 126.96.36.199 to 188.8.131.52, and the unwanted addresses in the range can be covered by more specific subnets.
Before you try this technique out, use the Range Checker to get a single subnet, and cross-check the resulting range against the routes in the encap.txt file. Make sure you document your desired and actual ranges in the gateways file, and be prepared to go back to multiple subnets if a conflict arises.
In summary, subnets are used instead of IP address ranges to improve the
speed of packet routing. There are some limitations with subnetting, and you
should be aware of them when choosing a range of addresses for a subnet.
However, with a little bit of care you can select a suitably small number of
subnets to cover the range of addresses that you have.