TechNote: 0003
Date    : 05/14/96
Cat/Sub : WANPIPE/GENERAL
Title   : Illegal subnets created in IP Tutorial
Contact : Glenn Robins

Related Files: None

------------------------------------------------------------------------------

This TechNote refers to the published document "IP/IPX Protocol Tutorial
and Configuration Guide" available in printed form and electronically on
our web site.

NOTES RELATING TO SECTION 4
---------------------------

The rules for forming an IP address include the following:
"IP addresses are not permitted to have the value 0 or -1 for any of the
<Host-number>, <Network-number>, or <Subnet-number> fields (except in the
special cases listed above [relating to broadcast or network addresses]).
This implies that each of these fields will be at least two bits long."
[RFC 1716, Almquist & Kastenholz, p.45]

If this rule must be adhered to, the netmask 255.255.255.128 cannot be used.
This is used as the primary example in the Tutorial to create two separate
logical networks for the purpose of connecting a LAN to a WAN. This netmask
cannot be used because only one bit is reserved for the <Subnet-number>, and
so it can only take on the value of 0 or -1 (being all one's). However, it
was found that most TCP/IP implementations do not SEEM to enforce this rule.
This includes Microsoft TCP/IP for Windows 95 and NT, and SCO Unix. Novell
NetWare Server's TCP/IP however does insist that the <Subnet-number> not be
-1, but it can be 0.

This rule also implies that the use of the netmask 255.255.255.192, which
creates four distinct networks, only allows for the use of two. Writing
this netmask in hex is
    FFFFFFC0
which in binary is
    11111111 11111111 11111111 11000000.
    \------------------------/ \/\----/
    <Network-number>            | <Host-number>
                                |
                                +-- <Subnet-number>
At first, it appears that four subnet numbers are available:
    00 01 10 11.
However, since the rule says that it cannot be 0 or -1, only two subnet
numbers are available: 01 10.

From the example in section 4 of the Tutorial, with a class C network
number of 210.20.30, the following ranges are available for use:
    Net#    Address Range
    ----    -------------
    01      210.20.30.65  to 210.20.30.126 --> VALID
    10      210.20.30.129 to 210.20.30.190 --> VALID

The following ranges are wasted:
    Net#    Address Range
    ----    -------------
    00      210.20.30.1   to 210.20.30.62  --> WASTED
    11      210.20.30.193 to 210.20.30.254 --> WASTED
These do not include the network and broadcast addresses.

The example in section 4.3 can be made to work using the same netmask of
255.255.255.192 if the TCP/IP implementation allows the use of the 0 subnet
number. In this case, the only change is to use Net#2 as opposed to Net#3
for the WAN connection. Node C (WAN) can have IP address 210.20.30.130, and
the gateway node can have IP address 210.20.30.190.

If the 0 subnet number cannot be used, the netmask will have to change to
FFFFFFE0, or 255.255.255.224, to give 3 subnet bits. The subnet numbers in
binary are then: 000 001 010 011 100 101 110 111. The numbers 000 and 111
are illegal, leaving 6 networks. The valid IP addresses would then be:
    Net#    Address Range
    ----    -------------
    001     210.20.30.33  to 210.20.30.62
    010     210.20.30.65  to 210.20.30.94
    011     210.20.30.97  to 210.20.30.126
    100     210.20.30.129 to 210.20.30.158
    101     210.20.30.161 to 210.20.30.190
    110     210.20.30.193 to 210.20.30.222
These do not include the network and broadcast addresses.

To implement this change in the example, map the IP addresses in each of
the three networks to those in the table above. This will leave three
networks unused. For example:
    Node     From            To
    ----     ----            --
     A       210.20.30.1     210.20.30.33  (Net# 001)
     B       210.20.30.2     210.20.30.34  (Net# 001)
     C (AB)  210.20.30.10    210.20.30.40  (Net# 001)
     C (DE)  210.20.30.70    210.20.30.65  (Net# 010)
     C (WAN) 210.20.30.200   210.20.30.97  (Net# 011)
     D       210.20.30.81    210.20.30.66  (Net# 010)
     E       210.20.30.82    210.20.30.67  (Net# 010)
     G       210.20.30.254   210.20.30.126 (Net# 011)

NOTES RELATING TO SECTION 5
---------------------------

The subnetting scheme appears to work with Windows 95/NT machines in Example
2 in section 5.2, using the netmask of 255.255.255.128. However, NetWare
Server rejects the configuration shown in this section.

In accordance with addressing rules, the following changes must be made:

1. Change the netmask from 255.255.255.128 to 255.255.255.192 everywhere.
2. Make these changes to the IP addresses used:
    Node     From            To
    ----     ----            --
     A       210.20.30.1     210.20.30.65
     B       210.20.30.2     210.20.30.66
     C       210.20.30.3     210.20.30.67
     Z Net0  210.20.30.126   210.20.30.126 (no change)
     Z Net1  210.20.30.200   210.20.30.130
     G       210.20.30.254   210.20.30.190

CONCLUSION
----------

It was found that many routers support a subnet number of 0 in the IP
address, but not -1 (all one's). Microsoft's TCP/IP stack does not seem to
care about this rule, but we have no confirmation one way or another except
for the results observed through experimentation. Novell's NetWare TCP/IP
enforces the all one's rule, but does not seem to enforce the all zero's
rule.

Depending on the operating systems or routers used, the netmask
255.255.255.128 may or may not be acceptable for this reason. If at all
possible, the 0 and -1 subnet numbers should be avoided. By following this
rule, it should be possible to interchange router equipment within the
network without having to change the addressing scheme in order to satisfy
rules that may or may not be enforced.

------------------------------------------------------------------------------
This TechNote is Copyright (c) 1996 Sangoma Technologies Inc.
All rights reserved.