Last Update By Kim - June 21, 2020
To understand subnetting, you should first be familiar with the decimal and binary structure of
an IP address. Therefore It’s vital that you’ve read the previous article about IPv4 before you
continue to read further. You can find the IPv4 article by following this link.
The concept of subnetting was developed out of necessity during the early stages of the internet.
Back then, the organizations who managed the IP addresses were handing them out left and right, until
we nearly ran out of IP space. That was not because of stupidity but rather because of the limitation
of IP scopes back in the day. They assigned IP addresses using “Classful Addressing”, which is very
strict and inflexible.
Let’s say you’ve established a company with 300 employees. They all need computers
with access to the internet to do their work. You fill in some paperwork and send in a request for 300 IP
addresses for your employees. The organization who manages the handout of IP addresses are then in a pickle.
The way classful addressing works is by using a fixed scope of IP addresses according to these three classes:
So what do you do? Either you assign the company with a Class C range, and tell them they must manage.
Or you assign a Class B range and waste 65.236 IP addresses in the process. That’s a tough choice to make.
You could say, why not just assign two Class C blocks and provide 512 IP addresses to the company instead?
And that was exactly what was done, but that's not without its own issues.
Let's say you needed 30.000 addresses for a large campus. You would then need to assign 117 Class C blocks,
which is far from ideal. Instead they would have assigned a Class B block which meant that 35.536 IP addresses
would be wasted. It was clear something had to be done with this method of Classful Addressing to prevent
total IPv4 exhaustion. And thus the technique of subnetting was invented.
Important to note: The words subnet and network are used interchangeably in this article, they refer to
the same thing.
Subnetting is the practice of dividing a network into smaller networks. Besides the obvious point of preserving IP addresses on a global scale, what use is it for a local network?
By dividing a network into smaller subnets you gain much more control of the traffic flow.
This opens up doors for creating Access Control Lists (ACLs) or Route-Maps within your network
to control who gets access to what. As an example you could restrict the Engineering department
from gaining access to a file server that stores sensitive employee information that only HR
should have access to.
External threats are also mitigated using subnets. Let’s say a hacker has compromised a host
computer. If your entire network is one big subnet, then the hacker would have full visibility of
all hosts connected. That would give the hacker free rein to scan the entire network and choose what
to exploit next. By dividing the network into smaller subnets, you can in theory lock the hacker
out and limit the potential damage.
You might be thinking that having one large network would be easier to manage, but that couldn't be further from the truth. Subnetting provides an effective way to keep track of all the hosts when it’s divided into smaller parts. This also makes it easier to determine which hosts are causing issues. Overall subnetted networks are much more straightforward when it comes to management and troubleshooting within your network.
Single large networks have one major problem which is broadcast packets. Hosts send out broadcast packets
quite often to request certain pieces of information. That could be a request for an IP address or maybe
the host is missing a MAC address in its ARP table.
Whatever the reason a network device such as a router or switch must do the work and send the packet to
every other host in the network. A single broadcast packet spams all devices within the network, even the
ones that aren’t relevant to the information at hand. This spamming has the potential to reach your network's
maximum capacity and in the end cause a collapse.
Subnetting enables you to divide your network into smaller broadcast domains and thereby limiting broadcast
traffic. This gives you more control over the traffic flow and increases the network's performance.
It’s beneficial to keep traffic on a single subnet as much as possible, and not let unnecessary traffic
flow from one subnet to another. That would defeat the purpose. To achieve the highest speeds on your
network you must control the flow of traffic between the subnets. Smart planning of your subnets can reduce
network load and route traffic more efficiently and thereby reducing congestion.
It’s rare that a network stays the same size for a long period of time. The overall size of a network might
increase drastically all of sudden. Subnetting gives you the power to control the growth of your network.
You can divide it into smaller subnets with fewer hosts to reduce congestion. Or you can expand your existing
network with more hosts and adjust the size of the subnets accordingly as the growth continues. There are
advantages to each option, but it all comes down to your specific network needs and expectations.
Every IP address has a subnet mask linked to it. The subnet mask defines the network portion and the
host portion of an IPv4 address. A common metaphor is to see an IPv4 address as a regular house.
What details do you need to find that specific house? The network portion can be compared to the city
and zip code, while the host portion is the house and street number.
A subnet mask has 32 bits, just like an IPv4 address. Let’s take a look at the default subnet masks:
Classes | Subnet Masks | Binary |
---|---|---|
Class A | 255.0.0.0 | 11111111.00000000.00000000.00000000 |
Class B | 255.255.0.0 | 11111111.11111111.00000000.00000000 |
Class C | 255.255.255.0 | 11111111.11111111.11111111.00000000 |
All the binary bits that are 1’s always represent the network portion of the IP address (yellow color).
All the binary bits that are 0’s always represent the host portion of the IP address. (white color).
As you can see from the above table the classes are determined by the octets. For instance in a
Class C network the default subnet mask is 255.255.255.0. Thus, by default, the first three octets
define the network, and the last octet defines the host portion. A network using its default subnet mask
is referred to as a classful network.
The subnet mask is required to provide the distinction between the network and the host portion of
the IP address. As an example, let’s choose a random IPv4 address and subnet mask:
What part of the above IP address is the network and host portion? To figure that out, we must firstly convert the subnet mask to binary:
Now we can count the bits of the subnet mask. There are 16 bits which are set to 1’s, which means the first
two octets of the IP address is the network portion (172.16). The last 16 bits of the subnet mask are set to 0.
Thus, the last 16 bits of the address (58.4) identify the unique host on that network.
It’s important to note that the network portion of a subnet mask must be contiguous. For example a subnet
mask of 255.255.0.255 is not valid.
Hosts on the same network must share an identical network address for them to communicate freely. In other words they must belong in the same subnet. How can we quickly identify the network address? Take a look at this example:
Looking at the subnet mask we can conclude that the first three octets is the network portion of the IP address (192.168.11). Thus, the following two hosts are on the same network. Host A and B have their own unique address in the host portion “.1” and “.2” respectively. Let’s take a look at another example:
Both of these hosts share the same subnet mask, so do they belong in the same network? The answer is no because the network address is different. This time the subnet mask is 255.255.0.0, which means that “172.25” and “172.31” is the network addresses. The hosts do not belong in the same network for that reason. A router is required to pass traffic between the different networks if the two hosts want to communicate with each other.
A Class C network does not have many bits of 0’s assigned to hosts. How many hosts can a Class C subnet
mask hold with only 1 octet dedicated to it?
From the image below you can see that we use the same base 2 number system as shown in the IPv4 article.
Notice that there is a difference with the values. The value starts at 2 instead of 1 and goes to 256
instead of 128. This gives room for more hosts.
Each bit starting from right to left, multiplies by 2 until we reach the maximum number of hosts a Class C
subnet can provide. A Class C subnet can handle up to 256 hosts then? Not quite, there is a little important
detail, which goes for every subnet, not only Class C networks. You must subtract two addresses from the host
number, because those are reserved and cannot be assigned to any device in the subnet. The reserved addresses
will be explained later in this article.
Now we know how to count the hosts, but what about the amount of subnets? Luckily it’s the same principle of
counting bits, but this time at the opposite end of the subnet mask. To better illustrate, a Class A subnet
mask is used in the example below. Here only 1 octet is dedicated to subnets/networks. Remember that the 1’s
always represent the network portion, so we can just start counting from left to right. From a Class A subnet
mask, you can create 256 networks.
How many hosts can you fit inside one of these Class A networks? Glad you asked. Class A has 3 octets dedicated to hosts compared to only 1 octet in a Class C network. Remember that binary is a base 2 system. So if we take 1 extra bit where we left off in the Class C network and multiply 256 by 2 and we get 512. Then we continue:
To utilize all three octets in a Class A network we need to do this 24 times (8 + 8 + 8 bits). This gives a total of 16.777.214 host addresses, which is the max hosts a Class A network can provide. That should be enough for a private network.
On each subnet there are two addresses reserved for special use:
Neither of these addresses can be assigned to a host machine.
The first address in every subnet is the network address (also called the subnet number). This address is used to identify the network itself. A router uses the network address to identify each network in its routing table, so it can forward the packet to the correct destination. Lets figure out the network address from this example:
Convert to binary:
Network addresses is the first address in the host portion of the IP address. In this example we know from the subnet mask that the host portion is the last octet. That means if we set all the bits in the last octet of the IP address to 0, we would get the first address, the network address:
This is the last address in the network/subnet, and it is used to identify all hosts in the network. When a device on the network is seeking an IP address or other kind of information, then this address is used to reach everybody on the network. Lets figure out the broadcast address from the same example address:
Convert to binary:
Broadcast addresses are the last address in the host portion of the IP address. Again in this example we know that the host portion is the last octet. That means if we set all the bits in the last octet of the IP address to 1, we would get the last address, the broadcast address:
IP addresses also have classes associated with them. There are five classes in total, but only three are applicable to subnetting. Here are the IP address ranges by each class:
Here are the largest subnet IP addresses in these ranges:
Classes | IP Address | Binary |
---|---|---|
Class A | 127.0.0.0 | 01111110.00000000.00000000.00000000 |
Class B | 191.255.0.0 | 10111111.11111111.00000000.00000000 |
Class C | 223.255.255.0 | 11011111.11111111.11111111.00000000 |
Notice the similarity with the default subnet mask in binary form (compare with the subnet table).
It’s the same octets used for the classes. In classful networks a Class A IP address is paired with a
Class A subnet mask, because the network and host bits match up with each other. They can contain
the same number of subnets and hosts.
All the classes combined cover all available IPv4 addresses in the world, which is approximately 4.3 billion
addresses. When we design and plan local networks, we cannot use all of the addresses because the majority
of them must be unique. Organizations manages these addresses and hand them out according to specific policies.
Luckily there are private IP ranges reserved for local networks within the A, B, C classes:
Classes | Private Address range | Use Cases |
---|---|---|
Class A | 10.0.0.0 - 10.255.255.255 | Large networks with many hosts |
Class B | 172.16.0.0 - 172.31.255.255 | Medium-sized networks |
Class C | 192.168.0.0 - 192.168.255.255 | Small networks (home users) |
Anybody can use these IP’s within their own local network. If you want you can create Class A networks within your home, it might be pointless, but you definitely are able to! However these IP's are not unique and therefore not routable on the public internet.
What we’ve covered so far in this article has been classful subnetting.
The idea behind classful subnetting is that the IP address and subnet must belong in the same class range.
You either have a class A, B og C network, there is no inbetween. It’s important to understand classful
subnetting to get a grip of the fundamentals of subnetting. Also it gives a great historical perspective
of the development of the modern internet. Today nobody in the world deploys a classful network because
it’s an incredible old standard with lots of limitations.
All examples in this article have been based on these default subnet masks used in classful networks:
In classful networks all 8 bits in the octets must either be the network or host portion.
Some of the 8 bits in an octet can not represent the other.
However it all changed when Classless Inter-Domain Routing (CIDR) got introduced.
CIDR makes it possible to create any size of network utilizing the bits as you please.
The whole concept of IP and subnet classes is completely gone. But how does that work?
Before we get into that we must first be familiar with the CIDR Notation. The CIDR Notation is a
simplified method of representing a subnet mask. CIDR identifies the number of binary bits set
to a 1 in a subnet mask, preceded by a slash. Let’s use the same default subnets above as an example:
Default Subnet Masks | Subnet Binary | CIDR Notation |
---|---|---|
255.0.0.0 | 11111111.00000000.00000000.00000000 | /8 |
255.255.0.0 | 11111111.11111111.00000000.00000000 | /16 |
255.255.255.0 | 11111111.11111111.11111111.00000000 | /24 |
It’s just a matter of counting the bits marked as 1. The notation makes it much easier to represent subnet masks. The CIDR notation is often appended to an IP address. For example a Class C network would be represented like this in CIDR: 192.168.1.0 /24.
Variable Length Subnet Mask (VLSM) is based on the classless method of CIDR.
The modern standard that's used in every network designed today is most likely VLSM.
It gives you the ability to create subnets in different sizes according to your network's specific needs.
Lets create a scenario where you need to design a network for a medium sized company.
A new hip company called Feat Heat has invented socks that automatically adjust the warmness of your socks
according to your feet temperature. This revolutionary idea has been a massive success and Feat Heat has
quickly moved to Silicon Valley to expand its business.
The new building needs room for a total of 6 departments. The sizes of each department are quite different.
For instance the development department needs to be much larger than the graphic designer department.
After a talk with Feat Heat they have listed all the departments needed of the network with the associated hosts:
With the information in place we can start subnetting the network according to their needs with VLSM.
How do we create the right subnet for each department with VLSM? It's all about counting the bits!
As a starting point let's choose the default subnet mask for a Class C network (/24), and adjust for
the amount of hosts needed from there. The last octet of this subnet mask is dedicated to hosts.
But instead of using all the 8 bits, we’re only gonna pick the ones needed. Let's take a look at this
image again:
For the Development department we need 110 IP addresses for all the hosts.
Remember to count from left to right and multiply each bit by 2 according to the base 2 system
(as you can see from the illustration).
It looks like 7 bits will be sufficient and gives us 128 available IP addresses.
That means the 7 bits will remain 0’s and become the host portion and the last bit in the octet
will become the network portion. Here’s how the subnet mask looks in different forms:
The next subnet is for the Sales Department which requires 15 hosts. Counting the bits we can come by with 4 bits to remain 0’s which gives us 16 hosts in total, great! But that would be the wrong subnet size for this particular network. If you remember the first and last bits are reserved for the network and broadcast addresses respectively. That means we’re 1 bit short if we choose that subnet mask. For that reason we must steal one extra 1 bit, so we have 5 bits in total which gives us 32 hosts.
For practice I suggest that you use the same method and figure out the correct subnet for each department.
It would be cool if you list the binary, CIDR notation and the “old school” subnet mask representation.
Bonus point if you can list the network and broadcast addresses as well for each subnet.
Topology for Feat Heat:
It’s important to note that it’s never a good idea to design a network where the subnet barely has enough
room for the required hosts. Always give space for extra hosts in case new users join later.
Also please promise me you will never design a network like this in real life.
No redundancy, single point of failure, terrible scaling and performance, I could go on. For exercise purpose only! ;)
Thanks for reading so far in the article and I hope you’ve learned something!
If you want to become the master of subnets then I highly recommend these PDF’s:
These workbooks taught me how to subnet for my CCNA exam back in the day. It’s terrific learning material. I suggest that you print it out for the best effect.