We create IP networks which are made up of a group of consecutive IP addresses allocated to devices on that network. The division of addresses is called subnetting. A single group, or subnet, could contain just a couple of IP addresses or thousands depending on what devices will be a part of it. Routers separate different subnets.

Why do we use subnets

Subnets allow us to group together logically distinct parts of the network. For example:

  • Different sites

  • Different security domains

  • Different companies

  • Different organizations / customers

Planning subnets for a network.

  1. What is our address space?

  2. How many subnets do we need?

  3. How many hosts will be on each subnet?

Here we focus on subnets which are all the same size. This can make life easier but it can also waste address space if you have different numbers of hosts on each subnet.

How many subnets

The number of subnets you require will be a combination of business needs (security, physical location, organization structure) and network design.

Business Needs

There can be business reasons for how you define subnets. From a security perspective you may want to have finance and human resources hosts on different subnets from the rest of your users. This provides layer 3 separation as part of a ‘defense in depth’ strategy making it harder for bad actors to reach important information on the network. If you have a network which is spread across different locations, they should probably have distinct subnets to help manage routing between the sites. Finally, if you’re a large technical organization then different teams may want their own IP space so that they can manage their own infrastructure without worrying about interfering with other parts of the company.

Network Design

Subnets are separated by routers so your subnet implementation will depend on where you have routers in the network. For a small network, you may just have a few subnets connected to a single router which also allows traffic to and from the internet. Each different VLAN you have will also need to be assigned a subnet.

If you have multiple sites or large sites then you will probably have multiple routers which may have point to point (P2P) links configured between them. Each P2P link will also need its own subnet. Different types of WAN link may or may not need individual subnets between each site depending on your setup.

This can result in some subnets having many hosts whilst others (such as P2P links) may just have a couple.

IP Addresses and Binary

Although it is often easiest to represent IP addresses in dotted decimal (e.g. 127.0.0.1), sometimes we must consider their binary representation. To do this, we represent each octet as 8 bits in binary and then combine them to make a single 32 bit number.

127.0.0.1 Example

127

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     1    1    1   1   1   1   1

64 + 32 + 16 + 8 + 4 + 2 + 1 = 127

0

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   0

0

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   0

1

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   1

Then we combine them, starting with the most significant number which is the first octet:

01111111 00000000 00000000 00000001
01111111000000000000000000000001

Defining a Subnet

With subnetting, we can imagine splitting any IP address into two parts: network, subnet and host.

For example, the bits could be allocated as follows:

nnnnnnnnsssssssshhhhhhhhhhhhhhhh
n = network bits
s = subnet bits
h = host bits

The number of bits allocated for each part will vary according to requirements and limitations as discussed below.

In some contexts, we just treat the address as two parts: network (or subnet) and host. For example:

nnnnnnnnnnnnnnnnhhhhhhhhhhhhhhhh
n = network/subnet bits
h = host bits

Network Portion of an IP Address

The Network portion of the address is fixed by the address space you have available – either allocated by your service provider or the private network which you are using internally. For example if you are using the 10.0.0.0/24 private address range, the network portion is the ‘10’ which is the first 8 bits of the address.

Subnet Portion of an IP Address

As the network architect, you get to decide the length of the next part of the address. This will depend on how many subnets you need. Here we’re assuming that each subnet is the same size. We must allocate enough bits of the address to the subnet portion to support the number of different subnets which we need. We can work this out as follows

2 ^ n >= x
n is the number of bits allocated
x is the number of subnets required

For example, if we need eight subnets (x = 8) then we could allocate 3 bits (n = 3):

2 ^ 3 = 8

The quickest way to work out the number of bits required is just to remember the powers of two (and you’ll have to round up).

Hosts of a Subnet

The final bits of the address form the host portion. The more host bits you have, the more hosts can be on the subnet.

Network and Broadcast Addresses

In each subnet there are two addresses which are reserved: the network address and the broadcast address. These addresses cannot be assigned to hosts.

The network address is the first address in the subnet range. It is given by setting all of the host bits to zero.

The broadcast address is the last address in the subnet range. It is given by setting all of the host bits to one.

Network Address Example

nnnnnnnnssssssss0000000000000000

Broadcast Address Example

nnnnnnnnssssssss1111111111111111

Number of Hosts on a Subnet

Because we must account for the fact that we can’t use the first and last addresses in a subnet range, the total number of hosts supported by a subnet is calculated as

(2 ^ m) – 2 = y
m is the number or host bits
y is the number of IP addresses available for hosts

Subnet masks.

When we are configuring a router or assigning IP addresses to other people, we need an easy way of describing how many bits are available for hosts and how many are fixed (the network/subnet portion). We do this with subnet masks. A subnet mask is another binary number which uses ones to represent fixed parts of the address (network / subnet bits) and zeros to represent the host bits.

Subnet Mask Example

If we have been allocated a 16 bit fixed network address and then define a subnet with a further 8 bits then our subnet mask would be as follows:

nnnnnnnnnnnnnnnnsssssssshhhhhhhh
11111111111111111111111100000000

We typically convert this back to dotted decimal notation:

11111111 11111111 11111111 00000000
   255      255     255        0

Therefore, our subnet mask is 255.255.255.0. If we were assigning the first subnet (0) with a network address of 10.10 then we could specify the subnet as follows:

10.10.0.0 255.255.255.0

The network address will be at 10.10.0.0. The broadcast address is 10.10.0.255. All hosts will be assigned addresses in the range of 10.10.0.1 to 10.10.0.254.

CIDR Notation

Specifying a full, dotted decimal subnet mask is not always the best way of describing a subnet. Classless Interdomain Routing (CIDR) is a term to describe the allocation of subnets using the network prefix and host bits – the system we discussed above. This replaced the historic policy of having classful networks with rigid allocations. CIDR notation describes a subnet by using a decimal number to specify the number of bits which define the network prefix of the address. This is given as a prefix indicated with a slash appended to the network address of the subnet. For example 192.168.0.0/16 would define the subnet from 192.168.0.0 to 192.168.255.255.

CIDR Example

10.10.1.0 255.255.255.0

Subnet Mask (255.255.255.0) in Binary

11111111 11111111 11111111 00000000
Network Bits = 24
CIDR Notation: 10.10.1.0/24

Calculating a Subnet Based on Hosts

Sometimes we start with the number of hosts required rather than with the number of subnets. In this case, we must work out how many host bits we need to support the number of hosts. We can start with the equation used above. Then rearrange to account for the 2 hosts we lose due to the broadcast and network addresses. Finally work out what power of two is required to have sufficient hosts.

(2 ^ m) – 2 = y
m is the number or host bits
y is the number of IP addresses available for hosts
2 ^ m = y + 2

For example, if we needed to support 50 hosts, y = 50 and we need to be in the 10.0.0.0 private address space.

2 ^ m - 2 = y
m is the number or host bits
y is the number of IP addresses available for hosts

2 ^ m - 2= 50

Now we can try a few values of m, based on the powers of two that we know:

(2 ^ 5) - 2 = 32 – 2 = 30 which is too small
(2 ^ 6) - 2 = 64 – 2 = 62 which will support the 50 hosts we need

Now that we know the number host bits required (y) is 6, we can find the number of network bits by subtracting y from 32.

Network Bits = 32 – Host Bits = 32 – 6 = 26

Therefore in CIDR notation we could allocate the following subnet: 10.0.0.0/26

We can then use the network bits to calculate the full subnet mask:

    8       8        8     2
11111111 11111111 11111111 1100000000
   255     255       255      192

So we could specify the subnet as 10.0.0.0 255.255.255.192

Finally, for this subnet we can calculate the network and broadcast addresses for this subnet:

   10       0         0        0
nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh 
00001010 00000000 00000000 00000000

The network address simply has all the host bits set to zero so it will be 10.0.0.0.

For the broadcast address, we must ‘flip’ the host bits to be all ones. We don’t touch the network bits.

nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh
00001010 00000000 00000000 00111111
   10       0        0        63

Therefore the first subnet range will be 10.0.0.0 to 10.0.0.63 with hosts from 10.0.0.1 to 10.0.0.62.

We could then choose to allocate the next range as 10.0.0.64/26 which would be from 10.0.0.64 to 10.0.0.127.

Other Related Skills

RIP was one of the first routing protocols to be implemented. RIPv2 later added a number of improvements.
NAT is the mapping of one address to another. It is a useful tool for conserving IP address space.
To let devices on one VLAN talk to the devices on another, we need to be able to route between them.
VLSM lets us make more efficient use of our IP addresses.