0

I'd like some help understanding subnets (CIDR).

I'm using a tool to check if an IP is in an acceptable range given a CIDR address. When I input an IP address (12.245.105.190) and check it against the same address with a subnet mask (12.245.105.190/30), any value less than 31 shows "NOT IN SUBNET" but gives a range that would seem to include the IP address:

** NOT IN SUBNET **
IPV4 ADDRESS        12.245.105.190
IPV4 NETWORK        12.245.105.190
IPV4 CIDR PREFIX    30
IPV4 RANGE START    12.245.105.188 <-- seems smaller than my IP
IPV4 RANGE END      12.245.105.193 <-- seems larger

Can you help me understand what I'm missing?

Isaac Lubow
  • 113
  • 1
  • 5
  • 2
    The tool looks like it's broken. – Michael Hampton Feb 15 '18 at 19:52
  • 1
    See the excellent answer to [this question](https://networkengineering.stackexchange.com/q/7106/8499) for how to figure this. – Ron Maupin Feb 15 '18 at 19:56
  • That's over my head at the moment. Is the tool broken? I'm using a separate bit of code from a different source https://stackoverflow.com/a/14841828/378183 to validate an IP against a CIDR subnet and getting the same result. – Isaac Lubow Feb 15 '18 at 20:24
  • You should take the time to understand IP addressing, and be able to validate it, before you attempt to do that for a business. – Ron Maupin Feb 15 '18 at 22:01
  • I thought my understanding of the theory was sound, but I began to doubt it when seeing the result from this (broken?) tool. – Isaac Lubow Feb 15 '18 at 22:07
  • 1
    @IsaacLubow It seems to calculate the *start* and *end* addresses correctly but decide the *network* and *status* in some broken manner. Fwiw, it changes if you give it `12.245.105.188/30`. – Håkan Lindqvist Feb 15 '18 at 22:09
  • Note that a network with a /30 prefix (aka 255.255.255.252 subnet mask) only has 4 available addresses, 2 for hosts and 2 for network and broadcast. That software identified incorrect start and end ranges. So for 12.245.105.x you can have up to 62 /30 subnets (255/4) meaning: Sub A = .0 to .3 Sub B = .4 to .7 Sub C = .8 to .11 etc etc. Until you reach the IPv4 address of .190 and then you can figure out which subnet you're in. (Assuming that whole network was in /30 but I highly doubt it, /30 is usually for peer to peer like router to router serial connections). – Tmanok Feb 16 '18 at 20:02
  • 1
    See: https://www.aelius.com/njh/subnet_sheet.html and https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks – Tmanok Feb 16 '18 at 20:02

1 Answers1

4

The subnet mask is a bit mask. The appended /30 means the netmask spans the highest 30 bits (out of 32 bits):

       12 .       245 .       105 .       190 IPv4 address decimal
0000 1100 . 1111 0101 . 0110 1001 . 1011 1110 IPv4 address binary
1111 1111   1111 1111   1111 1111   1111 1100 netmask
0000 1100 . 1111 0101 . 0110 1001 . 1011 1100 network prefix

The 30 bits to the left are the network part/prefix. The final two bits at the right side comprise the host part. This means the host portion (the two lowest bits) can be

  • 0 0
  • 0 1
  • 1 0
  • 1 1

Which are, when put together with the network prefix (first 30 bits from above)

0000 1100 . 1111 0101 . 0110 1001 . 1011 1100  
       12 .       245 .       105 .       188
0000 1100 . 1111 0101 . 0110 1001 . 1011 1101
       12 .       245 .       105 .       189
0000 1100 . 1111 0101 . 0110 1001 . 1011 1110
       12 .       245 .       105 .       190
0000 1100 . 1111 0101 . 0110 1001 . 1011 1111
       12 .       245 .       105 .       191

So there are four addresses on this subnetwork, where the first 00 and last 11 are reserved for the network and broadcast respectively. This means .188, .189, .190, and .191 are part of the subnetwork, contrary to .188 - .193 claimed by the - seemingly broken - online tool.

See also Wikipedia - Subnetwork - Internet Protocol version 4 for more details on IPv4 subnetworks generally, and network prefixes particularly.

Olaf Dietsche
  • 275
  • 1
  • 7
  • So - the tool is broken! – Isaac Lubow Feb 15 '18 at 22:02
  • If you edit this answer to answer the question clearly I'll gladly accept it. – Isaac Lubow Feb 15 '18 at 22:33
  • I was on the verge of deleting the question because it turns out the tool I was using is broken - but if you assert that that is the case and that my given IP address is indeed within the range the bitmask specifies, it may be helpful to others. – Isaac Lubow Feb 16 '18 at 17:45