The Complete Guide to IPv4 Subnetting

IP networks are made up of groups of IP addresses which get allocated to devices. The division of addresses is called subnetting. A single group, or subnet, could contain just a couple of IP addresses or thousands depending on what devices will be a part of it. Routers separate different subnets.

Why do we use subnets?

Subnets allow us to group logically distinct parts of the network. For example:

  • Different sites
  • Different security domains
  • Different companies
  • Different organizations/customers

Planning subnets for a network.

  1. What is our address space?
  2. How many subnets do we need?
  3. How many hosts will be on each subnet?

Here we focus on subnets which are all the same size. Making subnets the same size can make life easier, but it can also waste address space if you actually have different numbers of hosts on each subnet.

How many subnets

The number of subnets you require will be a combination of business needs (security, physical location, organization structure) and network design.

Business Needs

There can be business reasons for how you define subnets. From a security perspective, you may want to have finance and human resources hosts on different subnets from the rest of your users. This architecture provides layer three separation as part of a ‘defense in depth’ strategy making it harder for bad actors to reach important information on the network. If you have a network which is spread across different locations, they should probably have distinct subnets to help manage routing between the sites. Finally, if you’re a large technical organization, then different teams may want their own IP space. Then they can manage their own infrastructure without worrying about interfering with other parts of the company.

Network Design

Routers separate subnets so your subnet implementation will depend on where you have routers in the network. For a small network, you may have a few subnets connected to a single router which also allows traffic to and from the internet. Each different VLAN you have will also need to be assigned a subnet.

If you have multiple sites or large sites, then you will probably have multiple routers which may have point-to-point (P2P) links configured between them. Each P2P link will also need its own subnet. Different types of WAN link may or may not need individual subnets between each site depending on your setup.

This approach can result in some subnets having many hosts whilst others (such as P2P links) only have a couple.

IP Addresses and Binary

Although it is often easiest to represent IP addresses in dotted-decimal (e.g. 127.0.0.1), sometimes we must consider their binary representation. To do this, we represent each octet as 8 bits in binary and then combine them to make a single 32-bit number.

127.0.0.1 Example

127

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     1    1    1   1   1   1   1

64 + 32 + 16 + 8 + 4 + 2 + 1 = 127

0

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   0

0

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   0

1

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
   0     0    0    0   0   0   0   1

Then we combine them, starting with the most significant number which is the first octet:

01111111 00000000 00000000 00000001
01111111000000000000000000000001

Defining a Subnet

With subnetting, we can imagine splitting any IP address into two parts: network, subnet and host.

For example, the bits could be allocated as follows:

nnnnnnnnsssssssshhhhhhhhhhhhhhhh
n = network bits
s = subnet bits
h = host bits

The number of bits allocated for each part will vary according to requirements and limitations as discussed below.

In some contexts, we treat the address as two parts: network (or subnet) and host. For example:

nnnnnnnnnnnnnnnnhhhhhhhhhhhhhhhh
n = network/subnet bits
h = host bits

Network Portion of an IP Address

The Network portion of the address is fixed by the address space you have available – either allocated by your service provider or the private network which you are using internally. For example, if you are using the 10.0.0.0/24 private address range, the network portion is the ‘10’ which is the first 8 bits of the address.

Subnet Portion of an IP Address

As the network architect, you get to decide the length of the next part of the address. You will need to consider how many subnets you need. Here we’re assuming that each subnet is the same size. We must allocate enough bits of the address to the subnet portion to support the number of different subnets which we need. We can work this out as follows

2 ^ n >= x
n is the number of bits allocated
x is the number of subnets required

For example, if we need eight subnets (x = 8) then we could allocate 3 bits (n = 3):

2 ^ 3 = 8

The quickest way to work out the number of bits required is to remember the powers of two (and you’ll have to round up).

Hosts of a Subnet

The final bits of the address form the host portion. The more host bits you have, the more hosts can be on the subnet.

Network and Broadcast Addresses

In each subnet, there are two addresses which are reserved: the network address and the broadcast address. These addresses cannot be assigned to hosts.

The network address is the first address in the subnet range. It is given by setting all of the host bits to zero.

The broadcast address is the last address in the subnet range. It is given by setting all of the host bits to one.

Network Address Example

nnnnnnnnssssssss0000000000000000

Broadcast Address Example

nnnnnnnnssssssss1111111111111111

Number of Hosts on a Subnet

Because we must account for the fact that we can’t use the first and last addresses in a subnet range, the total number of hosts supported by a subnet is calculated as

(2 ^ m) – 2 = y
m is the number of host bits
y is the number of IP addresses available for hosts

Subnet masks

When we are configuring a router or assigning IP addresses to other people, we need an easy way of describing how many bits are available for hosts and how many are fixed (the network/subnet portion). We do this with subnet masks. A subnet mask is another binary number which uses ones to represent fixed parts of the address (network/subnet bits) and zeros to represent the host bits.

Subnet Mask Example

If we have been allocated a 16 bit fixed network address and then define a subnet with a further 8 bits then our subnet mask would be as follows:

nnnnnnnnnnnnnnnnsssssssshhhhhhhh
11111111111111111111111100000000

We typically convert this back to dotted decimal notation:

11111111 11111111 11111111 00000000
   255      255     255        0

Therefore, our subnet mask is 255.255.255.0. If we were assigning the first subnet (0) with a network address of 10.10, then we could specify the subnet as follows:

10.10.0.0 255.255.255.0

The network address will be at 10.10.0.0. The broadcast address is 10.10.0.255. All hosts will be assigned addresses in the range of 10.10.0.1 to 10.10.0.254.

CIDR Notation

Specifying a full, dotted decimal subnet mask is not always the best way of describing a subnet. Classless Interdomain Routing (CIDR) is a term to describe the allocation of subnets using the network prefix and host bits – the system we discussed above. This approach replaced the historic policy of having classful networks with rigid assignments. CIDR notation describes a subnet by using a decimal number to specify the number of bits which define the network prefix of the address. The prefix length is indicated with a slash appended to the network address of the subnet. For example, 192.168.0.0/16 has a prefix of 16 and defines the subnet from 192.168.0.0 to 192.168.255.255.

CIDR Example

10.10.1.0 255.255.255.0

Subnet Mask (255.255.255.0) in Binary

11111111 11111111 11111111 00000000
Network Bits = 24
CIDR Notation: 10.10.1.0/24

Calculating a Subnet Based on Hosts

Sometimes we start with the number of hosts required rather than with the number of subnets. In this case, we must work out how many host bits we need to support the number of hosts. We can start with the equation used above. Then rearrange to account for the two hosts we lose due to the broadcast and network addresses. Finally, work out what power of two is required to have sufficient hosts.

(2 ^ m) – 2 = y
m is the number of host bits
y is the number of IP addresses available for hosts
2 ^ m = y + 2

For example, if we needed to support 50 hosts, y = 50, and we need to be in the 10.0.0.0 private address space.

2 ^ m - 2 = y
m is the number of host bits
y is the number of IP addresses available for hosts

2 ^ m - 2= 50

Now we can try a few values of m, based on the powers of two that we know:

(2 ^ 5) - 2 = 32 – 2 = 30 which is too small
(2 ^ 6) - 2 = 64 – 2 = 62 which will support the 50 hosts we need

Now that we know the number of host bits required (y) is 6, we can find the number of network bits by subtracting y from 32.

Network Bits = 32 – Host Bits = 32 – 6 = 26

Therefore in CIDR notation, we could allocate the following subnet: 10.0.0.0/26

We can then use the network bits to calculate the full subnet mask:

    8       8        8     2
11111111 11111111 11111111 1100000000
   255     255       255      192

So we could specify the subnet as 10.0.0.0 255.255.255.192

Finally, we can calculate the network and broadcast addresses for this subnet:

   10       0         0        0
nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh
00001010 00000000 00000000 00000000

The network address has all the host bits set to zero so it will be 10.0.0.0.

For the broadcast address, we must ‘flip’ the host bits to be all ones. We don’t touch the network bits.

nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh
00001010 00000000 00000000 00111111
   10       0        0        63

Therefore the first subnet range will be 10.0.0.0 to 10.0.0.63 with hosts from 10.0.0.1 to 10.0.0.62.

We could then choose to allocate the next range as 10.0.0.64/26, which would be from 10.0.0.64 to 10.0.0.127.

Prerequisite Skills

lesson

How does IPv4 work?

IPv4 Functions IPv4 (Internet Protocol version 4) operates at the Internet layer in the TCP stack (or layer 3 in the OSI model). It has two…

lesson

A Beginner's Guide to Binary

Binary is the expression of numbers in the base-2 system – in contrast to the base-10 (decimal) system that we are familiar with. Whereas…

Follow On Cyber Learning

lesson

NAT: Network Address Translation

NAT is the mapping of one address to another. It is a useful tool for conserving IP address space.

lesson

RIP and RIPv2, The Routing Information Protocol

RIP was one of the first routing protocols to be implemented. RIPv2 later added a number of improvements.

lesson

Routing Between VLANs

To let devices on one VLAN talk to the devices on another, we need to be able to route between them.

lesson

VLSM Subnetting in Networks

VLSM helps make more efficient use of available IP address space.

Related Training Courses

course

Computer Networking Foundations

Understand how modern computer networks work.