Re: CIDR Explanation

[Ed Spencer <espencer () usa net>]

I'm not sure if you have a problem understanding subnetting, CIDR, or the
slash notation that's becoming more common.


CIDR or Classless Internet Domain Routing is VERY similar to subnetting and is
primarily used to simplify routing tables.

TCP/IP is built upon binary and a firm grasp of this subject is imperative to
understanding addressing, subnetting, and CIDR.  If you're not comfortable
with binary, espcially 8 bit binary, I recommend getting Binary Blitz from
http://ganns.com/Games/BinaryBlitz/ and playing.  It's the fastest way I know
that once you have the theory of binary down to getting comfortable with
binary numbers and conversions.  They also have a Binary Blitz Revenge that is
for 16 bit numbers.

Ok, back to TCP/IP addressing.  All addresses are based on a two part address.
 This two part address is built of a network address and a host address.  In
TCP/IP Classes allow for a 'default' subnet mask to identify the network from
the host portion of the address.  The class default subnet masks break evenly
within the dotted decimal notation (the typical 10.1.1.1 is dotted decimal
notation).

Subnetting allows the breaking of large networks into smaller 'chunks' of
addresses by increasing the number of bits in the network portion of the
address and reducing the number of bits in the host portion of the address.

Example:

10.1.1.1 is a class A address with a default subnet mask of 255.0.0.0 allowing
for a total of 16,777,216 addresses of which 1 is sacrificed as the broadcast
address (same network address, host address comprised of all bits set high or
to 1) and another to the network address (same network address, all host bits
set low or to 0).  This would mean the total information for the network would
be:

Network Address: 10.0.0.0
Subnet Mask: 255.0.0.0
Network Broadcast Address: 10.255.255.255
Number of Hosts: 16,777,214
Slash Notation: 10.0.0.0/8

The same would apply to a Class C address:
Network Address: 10.1.1.0
Subnet Mask: 255.255.255.0
Network Broadcast Address: 10.1.1.255
Number of Hosts: 254
Slash Notation: 10.1.1.0/24

Note that we broke the Class A address up when we used the different subnet
mask in the Class C example above.

CIDR simplifies routing tables by allowing us to break from the standard
classes and group network together.  For example, suppose the class C networks
of 209.1.1.0/24, 209.1.2.0/24, 209.1.3.0/24, and 209.1.0.0/24 were all owned
by the same ISP (not unusual).  Instead of a routing statement for each
network, they can be 'grouped' on the router into 10.1.0.0/22.  Or in standard
notation, a network address of 10.1.0.0 with a subnet mask of 22 bits or
255.255.252.0.  So all that CIDR has done is allow more flexibility in the
defining of the subnet by taking a bigger block of addresses.

If you don't have a firm grasp of how the network address differs from the
host address and how the subnet mask is used to identify the differences there
are a number of tutorials on the subject to be found.

http://www.techtutorials.info/nettcpip.html
http://www.learntosubnet.com/
http://techrepublic.com.com/5100-6265-5034563.html
http://www.itprc.com/tcp_ip.htm
http://www.krkeegan.com/subnet/

If you need the nitty gritty details on why and how look at information on
ARP, RARP, DHCP, BOOTP, and routing information to get an understanding of the
hows and whys of subnetting, network vs. host address, etc.

Don't know if this will help or not, but I wish you luck!

Ed Spencer
MCSE/MCT/CNA/A+/Network+/Security+
Network Administrator
Denali Parks and Resorts, Aramark Corporation.



------ Original Message ------
Received: Tue, 21 Sep 2004 01:37:12 AM AKDT
From: ka55ad <ka55ad () gmail com>
To: security-basics () securityfocus com
Subject: CIDR Explanation

> Hi List,
>
>      I am hoping that somebody might be able to help me out or point
> me in the right direction. For the life of me I can't seem to get a
> good grasp on CIDR notation. I see a lot of CIDR addresses every day,
> but I have trouble figuring out the IP addresses on the fly. I am not
> a complete newbie - I am quite familiar with the OSI model, TCP
> handshakes, etc but this one area stumps me.
>
>      I am particularly interested in it because I am going to be
> setting up a snort box soon as well as an IP chains firewall to
> segregate parts of the network. I would much rather use CIDR since it
> can be much quicker at times, but I don't want to use it right now due
> to my lack of knowledge which can cause security issues. Can anybody
> offer advice/help? Thanks.
>
> ---------------------------------------------------------------------------
> Computer Forensics Training at the InfoSec Institute. All of our class
sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand skills
of
> a certified computer examiner, learn to recover trace data left behind by
> fraud, theft, and cybercrime perpetrators. Discover the source of computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
>




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------