Support Bulletin: 6090

Sections contained in this document:

1. Structure of the IP Address
2. Networks and Hosts
3. Network Addressing and Host Addressing
4. IPAddress Classes and Related Number of Unique Addresses
5. Subnets and Subnet Masks
6. Gateways


It consists of four 8-bit bytes separated with a dot (.): xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx

Example of an actual address:
In binary, this would look like: 11001110.01000111.01011111.00100010


An internet consists of several individual Networks connected by bridges or routers. Each individual Network (also called a physical network) consists of a group of Hosts (computers, etc.) that are "directly connected" to each other via a common cable or common hub (or group of hubs).

It's important to clarify what is meant by "directly connected". This involves cable ports and hubs only. It does not include bridges, routers or the I/O bus. For example, 2 Nics in the same computer are NOT "directly connected" and therefore exist on separate networks, even though they may be bridged or routed together by the computer's operating system or other software. Similarly, Hosts whose only common connection is a bridge or router, are considered to be on separate networks. Like the 2 Nic example, each cable port of the bridge or router are not "directly connected" and therefore exist on separate networks. See illustration below:


Each Network and each Host requires its own identifying number, its IP Address.

The Network Address is a unique number, consisting of a special pattern, that is assigned to each Network (physical network). These addresses may not be used for Host addresses. Example:

network 1 above might be assigned:

network 2 above might be assigned:

network 3 above might be assigned:

(notice the trailing zeros in each example)

NOTE: If your network is connected to the outside world, you must obtain your primary Network Address from interNIC to avoid duplicating and conflicting with the IP addresses of other organizations. If your network is isolated, you may use any valid IP Network address.

The Host Address is a unique number assigned to each individual device (network card, router, etc.). It will be a sub-set of the Network Address to which it is physically connected. As mentioned before, it is important to note that Network Addresses may NOT be used for Host addresses. Example:

a host on network 1 above could be: (but not

a host on network 2 above could be: (but not

a host on network 3 above could be: (but not


There are 3 classes of IP Network Addresses:

- Class A example: (bytes 2,3,4 have a decimal value of zero)

- Class B example: (bytes 3,4 have a decimal value of zero)

- Class C example: (byte 4 has a decimal value of zero)

Compare bytes 2,3 and 4 in each class. If a byte has a decimal value of zero, it means that all 8 bits have a value of zero, i.e., 0 decimal = 00000000 binary.

A byte that has a decimal value of zero has all 8 bits available for Host addressing; however, bytes that are non-zero are using all 8 bits for the network address and cannot be altered. For example: (decimal) = 11000011.10011001.00000000.00000000 (binary)

(non zero)(non zero) (zero) (zero)

To help illustrate, let's arbitrarily use an "n" for each bit used for Network Addressing (can't be changed), and an "h" for each bit that can be used for Host Addressing. Our example above now looks like:


Each "h" byte has 256 possible combinations, i.e., 8 bits each with 2 possibilities (0 or 1) hence 2 and 8 and = 256. They range from 00000000 (0 decimal) to 11111111 ( 255 decimal). Since there are two such bytes in a class B Network Address, it has 65,536 possible addresses combinations (256x256). Class A Network addresses have 3 such bytes with over 16 million possible combinations; class C only has one such byte, hence only 256 possible addresses.

Not all of the possible combinations are a valid Host IP addresses. It's not legal to make all "h" bytes all 0 or all 255 ( bits all 0's or all 1's). All 0's is reserved for Network Addresses, all 1's is reserved for broadcasts to all Hosts on that network. Example: (11000011.10011001.00000000.00000000) Network Addresses only (11000011.10011001.11111111.11111111) Broadcast Address only (11000011.10011001.11111111.00000000) OK for Host address (11000011.10011001.00000000.11111111) OK for Host address


What do you do if you need more than one IP Network. For example, if you have 2 network cards in the same server, they're on different physical networks and therefore need to be assigned different network numbers. Without different network numbers, the server doesn't know which adapter to communicate through.

One solution would be to request another Primary Network Number from interNIC, but that's not practical or necessary. Instead, you can use some of your available Host bits to define additional networks. Recall the class B example where the "n" bits are reserved for Network addressing and the "h" bits are available for Host addressing:


We may assign some of these "h" bits to be used to make additional Network addresses. This is called SUBNETTING. Here are the rules for making a Subnetwork (Subnet):

a) You may use all of the "h" bits except the last bit in byte 4.

b) They must be the "most significant bits" (MSB), i.e., the left-most group. Example:

OK nnnnnnnn.nnnnnnn.NNNhhhhh.hhhhhhhh (3 bits used, just for fun)

NOT nnnnnnnn.nnnnnnnn.hhhhhNNN.hhhhhhh

NOT nnnnnnnn.nnnnnnnn.hhhhhhhh.NNNhhhhh

Obviously, the more bits used for Subnets, the less bits available for Host addresses, but that's OK. You'll pick the class of Primary Network address that gives you the flexibility to closely fit your needs.

Let's make some Subnets out of the Primary Network address In binary, this would look like:


Only byte 4 has a value of zero, so we only have 8 bits to play with. In order to decide how many bits we need for Network addressing, let's first think about how many Hosts and Networks we need. Let's arbitrarily pick 3 Networks each with 50 Hosts as our requirement. Let's consider some possibilities. Since bytes 1,2 & 3 can't be changed, let's only look at byte 4:

a) .nhhhhhhh gives 2 Subnets (21) each with 128 Hosts (27) not enough Subnets

b) .nnhhhhhh gives 4 Subnets (22) each with 64 Hosts (26) will work

c) .nnnhhhhh gives 8 Subnets (23) each with 32 Hosts (25) not enough Hosts

Example b is our choice. Here are the 4 possible bit patterns for the Subnet: 00, 01, 10, 11. Now, let's consider the Host bit patterns. The first available pattern for each network is 000001 (remember, can't be all 0's) and the highest bit pattern is 111110 (remember, can't be all 1's). Now, let's show all 8 bits:

Network # first Host # last Host #

network 1: 00000000 (0 decimal) 00000001 (1 decimal) 00111110 (62 decimal)

network 2: 01000000 (64 decimal) 01000001 (65 decimal) 01111110 (126 decimal)

network 3: 10000000 (128 decimal) 10000001 (129 decimal) 10111110 (191 decimal)

network 4: 11000000 (192 decimal) 11000001 (193 decimal) 11111110 (254 decimal)

Notice that when we converted the byte to decimal, we used all 8 bits, even though some bits were used for Subnets and other bits were used for Hosts. Never split the 8 bit byte when converting to decimal.

Now, let's show all 4 bytes in decimal:

Network IP# first Host IP# last Host IP#

network 1:

network 2:

network 3:

network 4:

There's one last requirement of Subnetting, called the Subnet Mask number. It will be explained a little later. All you need to know for now is that it's used to recognize the Subnets that you've created. With the Mask, all devices on your internet will be able to distinguish that the Host is on Network while the Host is on Network, despite the fact that they both share the same Primary Network numbers of 206.71.95.

Two More Rules

a) Subnets of zero are prohibited, so the first Network and all associated Host addresses ( through should not be used. These are called the all 0's Subnets.

b) Subnets of all 1's are strongly discouraged. Avoid using the value of 255 for any Subnet byte. For example, if the Primary Network address is, it is preferable to avoid the Subnet

Let's look at Subnetting a class B Network Address because it presents some interesting combinations not available with a class C address. We'll use We now have 2 bytes (16 bits) to play with.


Again, let's ignore the first 2 bytes since they can't be changed. There are several possibilities for Subnetting. For example, you could use all 8 bits of the 3rd byte for Subnetting (called even byte boundary Subnetting) which would give you all bits in the 4th byte for Host addressing. Or, you could split them up any way you want. Some other examples:

nnnnhhhh.hhhhhhhh, or nnnnnnnn.nnhhhhhh, and so on.

Let's look at even byte-boundary Subnetting (using the entire 3rd byte). This gives you 254 Subnets ranging from 00000001.00000000 (1.0 decimal) to 11111110.00000000 (254.0 decimal). Remember, we're avoiding the all 0's and all 1's Subnets. Hence, the resulting Subnet addresses ranges from to The host addressing is done in the same way as the first example, but using all 8 bits of the 4th byte.

Here's another possibility using the entire 3rd byte PLUS 2 bits of the 4th byte. This is called bit-level Subnetting. This gives you 1022 Subnets ranging from 00000000.01000000 (0.64 decimal) to 11111111.10000000 (255.192 decimal). Again, we're not using the all 0's and all 1's Subnets. Hence the resulting Subnet addresses ranges from to Again, Host addressing is done the same way, but using only 6 bits of the 4th byte. Remember, with bit-level Subnetting, when converting your bits to decimal, use all 8 bits of each byte and don't split bytes.

As you can see, your Subnetting options are very flexible if you just follow a couple of simple rules. Think about what your organization's needs are before requesting a particular class of Network Address, and before deciding how to Subnet.

The Subnet Mask, Also Known As The Mask

One final rule of Subnetting involves the Subnet Mask. Now that you've divided your Primary Network address in to Subnets, you need a way to tell the bridges, routers and hosts on your internet about your clever Subnet scheme. Without a way to do this, there's no way to tell if a particular Host address belongs to a Subnet or the Primary Network. Look at the following address:

Is this host # 160 on Network is it host # 32.160 on Network it host # 32 on Network or is it a Subnet number?

They're all possibilities, but you can't tell unless I tell you what the Primary Network address is and which Subnet scheme I used, i.e., which bits were used for Subnetting and which bits were used for Host addressing.

The answer is the Subnet Mask, which is a specially constructed number that tells you (and the computers, bridges & routers) which bits were used for Subnetting. Here are the rules for constructing the Subnet Mask:

a) The Mask consists of 4 bytes, using the Primary Network address bits, Subnet bits and Host bits to determine its final form.

b) All bits used for the Primary Network address get turned into 1's

c) All bits used for Subnetting also get turned into 1's.

d) All bits used for Host addressing get turned into 0's.

e) The resulting four 8-bit bytes get converted to a decimal value.

Now, let's apply these rules to an example. Let's choose any class C Network address like

First, we need to decide which bits will be used for Subnetting. Remembering our earlier rules, we see that the first 3 bytes (193.192.32) cannot be altered; however, all of the bits in the 4th byte are available for Subnetting and Host addressing. Let's arbitrarily choose the first 3 bits of the 4th byte to be used for Subnetting. Here's our results after applying the rules:


Now, converting to decimal, we get:

There you have it, the Subnet Mask for a class C Network address using 3 bits for Subnetting. After you tell your computers, routers and bridges this value, they'll recognize all of your Subnets and treat them as different physical networks.

Let's look at all of the Subnet value possibilities for this class of address. Ignoring the first 3 bytes since they can't be changed, we get:

00000000 (prohibited because it's all 0's)

10000000 128 (

11000000 192 (

11100000 224 ( our example

11110000 240 ( limited, only allows 14 Hosts (1111 and 0000 not allowed)

11111000 248 ( very limited, only allows 6 Hosts (111 and 000 not allowed)

11111100 252 ( dumb, only allows 2 Hosts (11 and 00 not allowed)

11111110 254 ( very dumb, no Hosts available (1 and 0 not allowed)

11111111 255 ( very dumb, no Hosts available (black holes not allowed)

These Mask values of 128, 192, 224 and so on are the only ones possible within a single byte. Learn to recognize them and their associated number of Subnets and Hosts.

Just a brief example of some class B Subnet Masks:

10000000.00000000 128.0 (

11110000.00000000 240.0 (

11111110.00000000 254.0 (

11111111.00000000 255.0 ( not recommended, but not prohibited

11111111.11100000 255.224 ( not recommended, but not prohibited

See how the byte values of 128, 240, 254, etc. have appeared again, this time in both the 3rd and 4th bytes.


In section 2 "Networks and Hosts", the terms "physical network" and "directly connected" were mentioned. Briefly, these terms indicate the existence of a physical boundary. Inside this physical boundary lies an individual network with all its computers, network adapters, printers and such. Outside this boundary exists other networks which have their own physical boundaries. Also mentioned in section 2 is the fact that each individual network within a physical boundary has its own unique IP network address.

Components residing inside different boundaries (on different physical networks with different network addresses) are not considered to be directly connected, and yet they are able to communicate with each other. Obviously, they are connected in some manner. This connection is typically accomplished by a bridge or router.

The illustration from section 2 is reproduced below. Note that for this example, within each bridge there must be 2 physical network connections (or ports), one for each of the two networks that are bridged. For example, Bridge-A is bridging network 1 to network 2, therefore Bridge-A has both a network 1 port and a network 2 port. These ports, just like any other host, each have an individual IP address. As previously discussed, a host IP address is a sub-set of the network address on which it resides. Arbitrary network and host addresses have been added to the illustration.

OK, so now we have a bridge between network 1 and network 2. However, a host on network 1 won't be able to talk to a host on network 2 until we do a very special thing... tell the hosts the path by which to reach each other. This is known as the GATEWAY.

The Gateway for a particular host is any bridge port that's on the same physical network as the host. In our example above, the Gateway for all hosts on network 1 is The Gateway for all hosts on network 2 is Network 1 and 2 hosts that need to talk to each other must both have their appropriate Gateways defined in whatever TCP/IP software they're using.

What if a host on network 1 needs to talk to a host on network 3? It is NOT enough to simply have gateways defined for the hosts on network 1, 2 and 3. In this case, the bridge ports need to have gateways defined.

The Gateway for a particular bridge port is any other bridge port that's on the same physical network as the particular bridge port. For example, the gateway for bridge port is bridge port and vice versa if 2 way communication is to happen. Let me explain the vice versa thing. If bridge port is the only one with a defined gateway, then network 3 hosts will not be able to send data to network 1 hosts although network 1 hosts will be able to send data to network 3 hosts. This is not necessarily a bad thing, in fact it can be one way to "firewall" or prevent unwanted hacking from outside sources.

Notice that there's a common rule to Gateways. A Gateway for any given device must reside on the same physical network as the device, i.e., the device and it's gateway are "directly connected".