Powers of Two

This page contains mathematical information about how to calculate IP address ranges for use with the campus firewall groups.

This page takes a traditional, mathematical approach to explaining the binary system, powers of two, and netmasks. If you are a visual learner, you may be interested in the Network Tree approach as well.

Introduction

2^x is the general form for 2 raised to the power of x. X can be any number from 0 to infinity. 2^x means 2 multiplied by itself x times. For example, 2^3 means 2*2*2 or 8.
For most computer and networking issues, we only need to work with the powers of 2 from 0 to 8.

2^0 = 1
2^1 = 2
2^2 = 4
2^3 = 8
2^4 = 16
2^5 = 32
2^6 = 64
2^7 = 128
2^8 = 256

Powers of two and netmasks

Netmasks are most commonly seen in the form of 255.255.255.0 or 255.255.254.0 or 255.255.255.224. Netmasks are 4 groups of 8 bits each, representing a total of 32 bits.

Netmasks must have 1s in a continuous string. Once you have a 0 in a netmask, all of the positions to the right of that 0 must also be 0s. This leads to a limited number of valid netmasks.

In order to understand which netmasks are valid, we need to convert the base 10 form (255.255.etc) into the binary form (0s and 1s).

To convert 255 to binary, we need to add up powers of 2 until we reach 255.

Base 10: 128 + 64 + 32 + 16 + 8 + 4 + 2+ 1 = 255
Powers of 2: 2^7 + 2^6 + 2^5 + 2^4 + 2^3 + 2^2 + 2^1 + 2^0  
Binary: 1 1 1 1 1 1 1 1  

1 1 1 1 1 1 1 1 would represent 255 in binary. This is a valid netmask component, since it contains an unbroken string of 1s. Therefore, a netmask of 255.255.255.0 in binary is written as: 11111111.11111111.11111111.00000000.

Let's try another number: 160.

Base 10: 128 +   32 +           = 160
Powers of 2: 2^7 +   2^5 +            
Binary: 1 0 1 0 0 0 0 0  

So in binary 160 would be 10100000. This means that 160 is NOT a valid netmask component, because there is a 1 after the first 0.

More netmask examples :
11111111.11111111.11111111.10000000 is valid.

11111111.11111111.11111111.11110000 is valid.

11111111.11111111.11111111.11110001 is not valid.

10111111.11111111.00000000.00000000 is not valid.

(Netmasks must also make sense in relation to the class of the network address, but for our purposes that shouldn't be an issue.)

CIDR ( / ) notation and netmasks

From the discussion above you will note that the 1s must be in a continuous string. When using the CIDR notation (/#), the # refers to the number of bits in the netmask that are set to 1. For example, if you see /32 that means that there are 32 bits of 1s, or 11111111.11111111.11111111.11111111, or 255.255.255.255.

A /24 would mean 24 bits of 1s, or 11111111.11111111.11111111.00000000 or 255.255.255.0.

Netmasks from /24 (including 256 hosts) to /31 (including 2 hosts) will give you the best granularity levels for arranging your groups:

Binary Decimal CIDR Number of hosts included
11111111.11111111.11111111.00000000 255.255.255.0 /24 256
11111111.11111111.11111111.10000000 255.255.255.128 /25 128
11111111.11111111.11111111.11000000 255.255.255.192 /26 64
11111111.11111111.11111111.11100000 255.255.255.224 /27 32
11111111.11111111.11111111.11110000 255.255.255.240 /28 16
11111111.11111111.11111111.11111000 255.255.255.248 /29 8
11111111.11111111.11111111.11111100 255.255.255.252 /30 4
11111111.11111111.11111111.11111110 255.255.255.254 /31 2

For more information about CIDR notation, see
http://public.pacbell.net/dedicated/cidr.html

Powers of two and the firewalls

The hosts in the various firewall groups must be representable by a network number and netmask. Each department will be able to create up to six IP ranges for placing hosts on the firewalls.

Each block of hosts:

Back to Calculating Network Ranges or on to the Firewall Worksheet