Welcome

The networking tools on this site are intended to help you become a more effective network engineer. They provide quick and easy insights into the subnet data structures engineers work with every day. Common tasks such as identifying overlapping address space, determing what prefix is common between two subnets, or how many possible routes a prefix-list could potentially permit from a BGP neighbor are simplified. We hope you find the tools useful and invite your feedback.
Check back often. New tools are in the works, and the existing ones are constantly improved.

Subnet Like a Champ

Check out our new How to Subnet page to take you from zero to hero

IP Subnet Tools

Graphic Calculator

A graphical subnet calculator that displays information such as size, mask and wildcards. The tool plots the subnet's relationship to other subnets, including summary networks, adjacent networks that share the same mask, and child subnets. Each subnet is clickable, allowing users to navigate through subnet relationships. The tool answers questions like, "What are all the possible summary routes this subnet could have?" or "What are all of the subnets that belong to this CIDR block?" The calculator supports both IPv4 and IPv6 subnets.

A bit map is also included, with the mask presented as a bar over the subnet bits. Host bits are shown in grey. Users may select "clasful" information that will provide additional information such as the class bits, borrowed bits.

Prefix-List Tool with Subnet Optimizer

List of subnets and prefixes show up frequently in networking. This tool helps manage these lists by providing four useful features.

IPv4 and IPv6 Subnet Planner

Many networks attempt to standardize the number of unique branch topologies, or models. This tool imagines three possible branch models; small, medium and large. Although the naming is a convience and arbritary since the tool doesn't check that a small branch actually holds less address space than a large branch. Define how many of each branch type there are, and create a model that declares the amount of address space that each type of branch requires. The model describes how many point to point links need address space. For IPv4, cross-link subnets are allocated with a /30 which provides 2 usable IP addresses. Although it is possible to assign /31 subnets, the initial release of the tool prefers /30s. For IPv6, all assignments are /64. VLANs are then defined for each branch model. You can add as many VLANs as required to each model. Typical VLAN examples might be Data, Voice, IoT, or Guest. Each VLAN will be of a specific size based on the expect host count for that model. The tool will determine the correct subnet to cover that size for IPv4. Again, a /64 is used for all IPv6 assignments.

Although three different profiles are provided, you don't have to use all three. You can leave unused templates blank.

You must also provide an IPv4 or IPv6 anchor block that can be used as a pool for address assignments. For dual stack networks, both can be defined. The allocation will include aggregate addresses for each branch, and each branch will also have an aggregate address for the /30 subnets. This can help keep infrastructure address space distinguishable from service assigned address space.

There is also a pattern tool that provide greater flexibility in distributing address space

Allocate Subnets

Subnets are sized to cover a number of IP addresses. Because subnets are on bit boundaries, their sizes are oriented around powers of 2. Common sizes are 64, 128, 256, 512. Sizing subnets can be a bit of an art. It's easy enough if you need about 250 addresses. But what about if you need 260 addresses. The next bit boundary results in an allocation of 510 useable addresses. This tool will give you an exact breakdown of the subnets needed to cover a specific number of addresses. Another common question is "what mask would I need to cover 42 addresses?" To answer this question set the largest subnet to a mask of 1. Then adjust the mask of the smallest mask until the efficiency exceeds 50% without creating two allocations.

The subnet allocation can be given in either CIDR to dotted mask notation depending on the required format.

This tool can also generate subnets and populated configuration templates. This can be useful if you need to quickly create a configuration with many static routes, or loopback interfaces. For the static route example, using Cisco command syntax, the template would be:

ip route ${subnet} null0

Then as an example, you could create 10 static routes by setting the ip count at 2560 and setting both the min an max mask size to 24 and selecting both the Mask and use template options. If you wanted 20 routes, set the min and max mask to 25.

You can also create interface templates, for example:

interface loopback ${index}
ip address ${host}
!

To keep things interesting, the min and max mask are set to 27 to give subnets of 32 IPs each since 2^(32-27) = 32, and we will allocate for 160 IPs in total giving us 5 loopback interfaces.

interface loopback 0
ip address 10.64.128.1 255.255.255.224
!
interface loopback 1
ip address 10.64.128.33 255.255.255.224
!
interface loopback 2
ip address 10.64.128.65 255.255.255.224
!
interface loopback 3
ip address 10.64.128.97 255.255.255.224
!
interface loopback 4
ip address 10.64.128.129 255.255.255.224
!

NAT64 Enconder Decoder

Its not uncommon to use NAT as a go-between for IPv4 and IPv6 domains. For example, if an IPv6 only device needs to reach an IPv4 only server. RFC6052 recommends a standard way to embed the IPv4 address inside an IPv6 address from various bit positions, and offers a well-known IPv6 prefix 64:ff9b::/96. Network administrators may also use assigned IPv6 space. This tools supports either.

Another novel use includes creating a mapping schema between IPv4 and IPv6 subnets to help maintain alignement between L3 defined policy such as ACLs or prefix-filters. Because IPv6 is 128 bits, and IPv4 is 32 bits, it is possible to create an address scheme where some portion of the address plan is directly mapped by imbedding the relevant IPv4 bits into the IPv6 address. It's not necessary a complete mapping. But it can make sense on user segments where there is an applied security. Mapping, along with some automation, can allow an IPv4 and IPv6 ACL to be compared. The embedding tool makes it easy to look at this bit mapping. For example, you may want to explore only mapping /24 bits into the IPv6 address, starting at an offset of 40.

Use the IPv6 subnet imbedder tool

Patterns

When designing networks, there are common patterns that show up in the topology. For example, a small branch might have a single WAN router that services one or two vlans. A large branch might have two wan gateways, a service aggregation layer, and many vlans. These are design patterns that are repeated through the network. The address plan likely allocates address space around these patterns. There are campus patterns, datacenter patterns, etc. These patterns are stitched together to form the complete network. An ansible playbook could be leveraged. This tool allows a yaml data model to describe a specific pattern, and then allocates address space over this pattern.

Diffs

There are occasions where one list of subnets needs to be compared to another list of subnets. For example, comparing a routes in a route table against the aggregate assigned in the IPAM. This tool allows that comparison to be made and will identify missing unique and conflicting space. The top row will include subnets as they were provided to the tool. The second row will include subnets that are the result of subtracting one subnet from another. For example, 10.20.30.0/24 minus 10.20.30.0/25 results in a difference of 10.20.30.128/25

Tree

This tool attempts to place subnets into folders that could serve as summaries. It can then list the other subnets in the folder that are currently unassigned. It can be useful for understanding data structures that live within the address space.
As a simple example, Any two subnets can be placed into a common summary that shares the same network bits. If no bits are common, then the summary is effectively the 0.0.0.0/0 subnet. The process can repeat over a list of subnets, where subnets are placed into existing summaries or new summaries are created. The end result is a folder tree structure organized around subnet bit boundaries. This should roughly align to the topology of the network, or the services if running fabrics.

Routing

The route table can reveal a lot about the condition of the network. This early-release tool is still in development but already provides some insight into summaries that leak specific routes, network path dependencies where metrics tend to update synchronously, or opportunities for better summarization.
Currently there are four distinct functions:

Subnet Challenge

Practice your subnetting skills with the subnet challege. Hook together subnets shown in a trace route such that the sum of the subnet's size along the path equals the goal. You may need to divide subnets, or join subnets to get the right size for that hop.

Some miscellaneous notes
Subnetting Overview

Subnets are used in networking to group together IP addresses. There are two components, the address portion and a bit mask that is used for grouping. The address is a 32 or 128 bit number. The mask is a sequence of bits that define a boundary within the address and are used to distinguish between the subnet and host values. Typically hosts that are grouped together onto a network can communicate with each other directly. Consider this example, 192.168.30.44 255.255.255.224. The IP address and mask are converted to binary and stacked, these values are:

=====----------network-bits---------|-host-
mask: 11111111.11111111.11111111.111|00000
addr: 11000000.10101000.00011110.001|01100

In this case, 192.168.30.44 is the 12th host (01100) on the network 192.168.30.32 /27. The 27 indicates the number of sequential 1 bits in the mask and is an alternate way to describe the mask. This is referred to as CIDR notation

Creating Summary Networks

You can create a summary network if two subnets are on the same bit boundary. But what does this mean? Lets consider again 192.168.30.32/27

mask: 11111111.11111111.11111111.111|00000
addr: 11000000.10101000.00011110.001|00000

We can create summary by sliding the mask bits one place to the left, so now the /27 becomes a /26

mask: 11111111.11111111.11111111.11|0 00000
addr: 11000000.10101000.00011110.00|X 00000

In the position marked with an X, the summarized subnet could have either a 1 or 0 in that position. When we write the summary address, bits not covered by the summary mask are zero'ed. Therefore the summary address is 192.168.30.0/26 which 'covers' both 192.168.30.0/27 and 192.168.30.32/27. Note however, that 192.168.30.32/27 can not be combined with 192.168.30.64/27 because they do not share the same bits under they summary mask. This is the limitation placed by the bit boundary. In fact, we need to move the mask one more place to catch the .64/27, ie 192.168.30.0/25. This is where this tool can help avoid summary mistakes

You can determine how many subnets fit under a summary by raising 2 to the power of the difference between the subnet mask by the summary mask. For example, 192.168.30.0/24 can hold (8) /27 networks because 2^(27-24) = 8

mask: 11111111.11111111.11111111.|111 00000
addr: 11000000.10101000.00011110.|XXX 00000

Lets look at this subnet with the calculator tool:

display illustration

IPv6 has the same behavior, although the large address size of 128 bits makes them more difficult to chart without a tool. Note that the tool allows the address to be entered in short or long form and displays both in the output. This allows easy conversions. Short form IPv6 replaces any consecutive 0 bits with a :: notation. For example:

2000:120:1:43A0:0:0:0:8000/120 (long)
2000:120:1:43A0::8000/120 (short)
There are some rules such that the :: may not appear twice although the RFC is ambiguous on which :: would be retained. The tool chooses to use the lower summary position. Note that the trailing 0 in 43A0 is not included

A common convention is to use the top 64 bits as the network number and the lower 64 bits as the host number. So it's not uncommon to route this subnet via a summary: 2000:120:1:43A0::/64

Allocating IPv6 address space

Its not uncommon for network administrators to focus only on the 2nd set of 32 bits of the IPv6 address space within the enterprise. The first 32 bits are typically fixed by the assignment. Even if the full the assignment wasn't a clean /32, things are simplified by design the address space around the bits shown with Y's below:

xxxx:xxxx:YYYY:YYYY::/64
          ^^^^ ^^^^
These 32 bits are the same size as the entire IPv4 address space.
IPv6 Compression

IPv6 addresses are 128 bits wide, represented by 32 hex characters. The address is organized into 8 groups, each 4 hex characters seperated by a colon. For example

2000:0000:0000:0000:0000:0000:0000:00001

There are some rules to shorten how address is writen. Within a group, any leading zeros can be ommited.

2000:0:0:0:0:0:0:1

Only the leading zeros are ommited. Trailing zeros are not.

1000:0100:0010:0001:0000:0000:0000:0002
1000:100:10:1:0:0:0:2

The next rule allows two or more consecutive groups of 0's to be replaced by ::

1000:100:10:1:0:0:0:2
1000:100:10:1::2

The :: replacement can ony happen once. If it were to occur twice, the address would become amiguous. 2000::34::56 is invalid because it could mean 2000:0:0:34:0:0:0:56 or 2000:0:0:0:34:0:0:56. Its not possible to know where the 34 is located, exactly.

The rfc is not explict about what to do in this situation. However, this tool will replace the first occurance and follows the IPv6 compression guidance set out in RFC5952. You can enter subnets in either compressed or expanded format and the tool will report both formats in the response.

The beauty of the bit boundary

There are some conditions to keep in mind. Subnets under summaries are organized by bit boundaries, and one subnet can never extend beyond the summary. A bit is a boolean meaning it can have a true, or false condition. All subnets on a summary share this same bit pattern. As you move up the bit pattern, you have a hierarchy of boolean conditions. In a properly summarized route table, this is used to explain the topology. The first so many bits are the region, then a hub, then an aggregation point. But as networks move into overlays common with public clouds, the bits can take on new meaning because they are not constrained to the underlying physical aggregation layer. Subnets are mapped into a mix of topology and services.