The Complete Guide to IPv4 Subnetting
IP networks are made up of groups of IP addresses which get allocated to devices. The division of addresses is called subnetting. A single group, or subnet, could contain just a couple of IP addresses or thousands depending on what devices will be a part of it. Routers separate different subnets.
Why do we use subnets?
Subnets allow us to group logically distinct parts of the network. For example:
- Different sites
- Different security domains
- Different companies
- Different organizations/customers
Planning subnets for a network.
- What is our address space?
- How many subnets do we need?
- How many hosts will be on each subnet?
Here we focus on subnets which are all the same size. Making subnets the same size can make life easier, but it can also waste address space if you actually have different numbers of hosts on each subnet.
How many subnets
The number of subnets you require will be a combination of business needs (security, physical location, organization structure) and network design.
There can be business reasons for how you define subnets. From a security perspective, you may want to have finance and human resources hosts on different subnets from the rest of your users. This architecture provides layer three separation as part of a ‘defense in depth’ strategy making it harder for bad actors to reach important information on the network. If you have a network which is spread across different locations, they should probably have distinct subnets to help manage routing between the sites. Finally, if you’re a large technical organization, then different teams may want their own IP space. Then they can manage their own infrastructure without worrying about interfering with other parts of the company.
Routers separate subnets so your subnet implementation will depend on where you have routers in the network. For a small network, you may have a few subnets connected to a single router which also allows traffic to and from the internet. Each different VLAN you have will also need to be assigned a subnet.
If you have multiple sites or large sites, then you will probably have multiple routers which may have point-to-point (P2P) links configured between them. Each P2P link will also need its own subnet. Different types of WAN link may or may not need individual subnets between each site depending on your setup.
This approach can result in some subnets having many hosts whilst others (such as P2P links) only have a couple.
IP Addresses and Binary
Although it is often easiest to represent IP addresses in dotted-decimal (e.g. 127.0.0.1), sometimes we must consider their binary representation. To do this, we represent each octet as 8 bits in binary and then combine them to make a single 32-bit number.
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | 0 1 1 1 1 1 1 1
64 + 32 + 16 + 8 + 4 + 2 + 1 = 127
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | 0 0 0 0 0 0 0 0
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | 0 0 0 0 0 0 0 0
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | 0 0 0 0 0 0 0 1
Then we combine them, starting with the most significant number which is the first octet:
01111111 00000000 00000000 00000001 01111111000000000000000000000001
Defining a Subnet
With subnetting, we can imagine splitting any IP address into two parts: network, subnet and host.
For example, the bits could be allocated as follows:
nnnnnnnnsssssssshhhhhhhhhhhhhhhh n = network bits s = subnet bits h = host bits
The number of bits allocated for each part will vary according to requirements and limitations as discussed below.
In some contexts, we treat the address as two parts: network (or subnet) and host. For example:
nnnnnnnnnnnnnnnnhhhhhhhhhhhhhhhh n = network/subnet bits h = host bits
Network Portion of an IP Address
The Network portion of the address is fixed by the address space you have available – either allocated by your service provider or the private network which you are using internally. For example, if you are using the 10.0.0.0/24 private address range, the network portion is the ‘10’ which is the first 8 bits of the address.
Subnet Portion of an IP Address
As the network architect, you get to decide the length of the next part of the address. You will need to consider how many subnets you need. Here we’re assuming that each subnet is the same size. We must allocate enough bits of the address to the subnet portion to support the number of different subnets which we need. We can work this out as follows
2 ^ n >= x n is the number of bits allocated x is the number of subnets required
For example, if we need eight subnets (x = 8) then we could allocate 3 bits (n = 3):
2 ^ 3 = 8
The quickest way to work out the number of bits required is to remember the powers of two (and you’ll have to round up).
Hosts of a Subnet
The final bits of the address form the host portion. The more host bits you have, the more hosts can be on the subnet.
Network and Broadcast Addresses
In each subnet, there are two addresses which are reserved: the network address and the broadcast address. These addresses cannot be assigned to hosts.
The network address is the first address in the subnet range. It is given by setting all of the host bits to zero.
The broadcast address is the last address in the subnet range. It is given by setting all of the host bits to one.
Network Address Example
Broadcast Address Example
Number of Hosts on a Subnet
Because we must account for the fact that we can’t use the first and last addresses in a subnet range, the total number of hosts supported by a subnet is calculated as
(2 ^ m) – 2 = y m is the number of host bits y is the number of IP addresses available for hosts
When we are configuring a router or assigning IP addresses to other people, we need an easy way of describing how many bits are available for hosts and how many are fixed (the network/subnet portion). We do this with subnet masks. A subnet mask is another binary number which uses ones to represent fixed parts of the address (network/subnet bits) and zeros to represent the host bits.
Subnet Mask Example
If we have been allocated a 16 bit fixed network address and then define a subnet with a further 8 bits then our subnet mask would be as follows:
We typically convert this back to dotted decimal notation:
11111111 11111111 11111111 00000000 255 255 255 0
Therefore, our subnet mask is 255.255.255.0. If we were assigning the first subnet
(0) with a network address of
10.10, then we could specify the subnet as follows:
The network address will be at 10.10.0.0. The broadcast address is 10.10.0.255. All hosts will be assigned addresses in the range of 10.10.0.1 to 10.10.0.254.
Specifying a full, dotted decimal subnet mask is not always the best way of describing a subnet. Classless Interdomain Routing (CIDR) is a term to describe the allocation of subnets using the network prefix and host bits – the system we discussed above. This approach replaced the historic policy of having classful networks with rigid assignments. CIDR notation describes a subnet by using a decimal number to specify the number of bits which define the network prefix of the address. The prefix length is indicated with a slash appended to the network address of the subnet. For example, 192.168.0.0/16 has a prefix of 16 and defines the subnet from 192.168.0.0 to 192.168.255.255.
Subnet Mask (255.255.255.0) in Binary
11111111 11111111 11111111 00000000 Network Bits = 24 CIDR Notation: 10.10.1.0/24
Calculating a Subnet Based on Hosts
Sometimes we start with the number of hosts required rather than with the number of subnets. In this case, we must work out how many host bits we need to support the number of hosts. We can start with the equation used above. Then rearrange to account for the two hosts we lose due to the broadcast and network addresses. Finally, work out what power of two is required to have sufficient hosts.
(2 ^ m) – 2 = y m is the number of host bits y is the number of IP addresses available for hosts 2 ^ m = y + 2
For example, if we needed to support 50 hosts, y = 50, and we need to be in the 10.0.0.0 private address space.
2 ^ m - 2 = y m is the number of host bits y is the number of IP addresses available for hosts 2 ^ m - 2= 50
Now we can try a few values of m, based on the powers of two that we know:
(2 ^ 5) - 2 = 32 – 2 = 30 which is too small (2 ^ 6) - 2 = 64 – 2 = 62 which will support the 50 hosts we need
Now that we know the number of host bits required (y) is 6, we can find the number of network bits by subtracting y from 32.
Network Bits = 32 – Host Bits = 32 – 6 = 26
Therefore in CIDR notation, we could allocate the following subnet: 10.0.0.0/26
We can then use the network bits to calculate the full subnet mask:
8 8 8 2 11111111 11111111 11111111 1100000000 255 255 255 192
So we could specify the subnet as 10.0.0.0 255.255.255.192
Finally, we can calculate the network and broadcast addresses for this subnet:
10 0 0 0 nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh 00001010 00000000 00000000 00000000
The network address has all the host bits set to zero so it will be 10.0.0.0.
For the broadcast address, we must ‘flip’ the host bits to be all ones. We don’t touch the network bits.
nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh 00001010 00000000 00000000 00111111 10 0 0 63
Therefore the first subnet range will be 10.0.0.0 to 10.0.0.63 with hosts from 10.0.0.1 to 10.0.0.62.
We could then choose to allocate the next range as 10.0.0.64/26, which would be from 10.0.0.64 to 10.0.0.127.