What is Subnetting
As the name implies, subnetting/subnets are networks created from other networks. This is achieved using network masks, which tell the device an IP is assigned to which network it belongs on. To fully understand the concept of network masks, you need a solid understanding of IP addresses and how they work, you can read my article on IP addresses for more information.
Structure of a Network Mask
A network mask is typically represented by a number that looks just like an IP address. The one most people would be familiar with is 255.255.255.0, which is a class C network, the most common home network configuration. A class C network has 255 IP addresses, 1 – 254 of which can be used, while 0 is the Network ID, and 255 is the broadcast address. A broadcast address is simply the address a packet is sent to if it is meant for everyone on the network capable of receiving it.
The network mask, just like an IP, is actually a 32 bit binary string. However, in a mask, the 1 or 0 has a significant meaning. If a bit is set to 1, the corresponding bit in the IP address will be seen as a “network bit”, if on the other hand it is a 0, the corresponding IP bit is a “host bit”.
192 . 168 . 1 . 1 IP: 1100 0000.1010 1000.0000 0001.0000 0001 255 . 255 . 255 . 0 Mask: 1111 1111.1111 1111.1111 1111.0000 0000 H or N: nnnn nnnn.nnnn nnnn.nnnn nnnn.hhhh hhhh Net ID: 192 . 168 . 1 . 0
So the network mask does two things. First, it gives us the network ID as seen in the IP addresses article. In this example the Net ID is 192.168.1.0, and it tells us how many of the 32 bits are for hosts (devices on the network), and how many are for network. There’s an easy way to write this down, instead of having 32 H’s or N’s all the time. It is called “CIDR notation”.
H or N: nnnn nnnn.nnnn nnnn.nnnn nnnn.hhhh hhhh CIDR: 192 . 168 . 1 . 0 /24
What 192.168.1.0/24 means is that 24 of the bits in the 192.168.1.0 network are network bits. The remaining 8 (32 – 24) bits are host bits. This means that there are 254 valid IP addresses out of 256, or 192.168.1.1 to 192.168.1.254
IP Addresing in a Network
Before learning how to subnet, there’s still a few basics to understand. Let’s look at the layout of IP addresses within a network using the above example of 192.168.1.0/24.
There are 8 bits remaining for hosts. One might assume that this means there are 256 IP addresses to be used by devices, 0 to 255. This is wrong. There are always two IP addresses in a network that can not be used by any device. These two addresses correspond to the Network ID, and the Broadcast Address.
The Network ID as you might have guessed by now, is the first IP in the range. If networks were apartment buildings, the network ID would be the building’s address, and the devices on the network would be the apartments inside the building, each with their own door number. Odd example, but it’s helped me explain the concept to a lot of people. The network ID is very important in routing, it’s how routers know where packets need to go to reach their destination.
The broadcast address is the last address in an IP range, in the above example it would be 192.168.1.255. Messages sent to this address by a device on the network will be received by every other device on the same network. This address can only be used within a network, devices on another network can not broadcast on another network in this manner. Constant broadcasting can slow down network traffic, this is one reason why subnetting is great, the broadcast will stay within its subnet. The addresses in a network that can receive a broadcast is referred to as a broadcast domain.
How to Create Subnets
Now that you have a good understanding of IP Addresses, Network Masks, and how IPs are used on a network, you’re all set to learn how to set up a basic subnet. This will deal with theoretical examples only, and will not explain how to configure routing to enable communications between subnets. Most people would not be able to even try this anyways, as the required equipment is not commonly found in the average home.
When creating a subnet, you normally have a goal in mind. Typically, this is to segment your overall network into manageable pieces, reduce broadcast domain size, and of course security. You also need to decide how many hosts and how many subnetworks you want.
You would normally start off with with one of the three private networking IP ranges, as discussed in the IP addresses article. So let’s go with 192.168.0.0/16. Let’s say we want 500 hosts per network.
There’s a formula for finding out how many host bits you need to ‘steal’ to place onto network bits, or the other way around, depending on what you require. In this case, we want to ensure a minimum of 500 hosts per network, so we would need 9 bits for hosts.
((2^x)-2) = Host or Network bits Where X = number of bits
This works because we’re dealing with binary. So 2^9 = 512, we know that the first and last address are unusable, so that’s why we substract 2, which leaves us with 510 hosts per network. The fact that we have 10 more addresses than needed does not matter. In many cases you can either have more addresses than needed, or not enough, if we had gone with 8 bits instead of 9, we would have half of what we needed. So now how many networks will we have? We started off with 16 useable bits for host, with the /16 network. We need 9 bits to achieve our desired 500 hosts, which means there are 7 bits left for networks.
((2^7)-2) = 126 networks
We will have 126 networks of 510 hosts each. Before we figure out the addreses in each network, we should figure out the network mask. This is very easy once you figured out how many bits you will have for networks. We originally had 16 network bits, and 16 host bits on 192.168.0.0/16. We then used up 9 of those host bits for hosts, and left 7 of them for network. So we add those 7 network bits to the original 16, and that gives us a total of 23 network bits. So the mask will be 192.168.0.0/23, or 255.255.254.0, or in binary:
1111 1111.1111 1111.1111 1110.0000 0000 nnnn nnnn.nnnn nnnn.nnnn nnnh.hhhh.hhhh
So now let’s find out the Network ID, Broadcast Address and range of valid IPs for a few of those 126 networks. We will do this using binary, so you can see exactly what is going on.
Subnet #1 on 192.168.0.0/23 nnnn nnnn.nnnn nnnn.nnnn nnnh.hhhh.hhhh 1100 0000.1010 1000.0000 0010.0000 0000 Network ID 1100 0000.1010 1000.0000 0011.1111 1111 Broadcast
So what exactly did we do here? First, we can totally ignore the first 16 bits. Those are the ‘192.168’ portion of the address, and it will never change. So starting from the third octet, we replace all the Network bits with the equivalent of 1 in decimal, and all the host bits with 0’s. This gives us the network ID for the first valid subnet, with ID of 1. Next, we leave the network bits as they were, since we are still in subnet number 1, and replace all the host bits with 1’s, this gives us the broadcast address. This means that the valid IPs for hosts are everything in between Network ID and Broadcast. So let’s translate those into decimal first:
Subnet #1 on 192.168.0.0/23 Network ID: 192.168.2.0 Bradcast: 192.168.3.255 Valid Hosts: 192.168.2.1 - 192.168.3.254
That’s all there is to creating subnets. Now let’s say you wanted to find out the information for the 5th subnet. All you need to do is replace the 3rd octet network bits with the binary equivalent of 5.
Subnet #5 on 192.168.0.0/23 nnnn nnnn.nnnn nnnn.nnnn nnnh.hhhh.hhhh 1100 0000.1010 1000.0000 1010.0000 0000 Network ID 1100 0000.1010 1000.0000 1011.1111 1111 Broadcast Network ID: 192.168.10.0 Bradcast: 192.168.11.255 Valid Hosts: 192.168.10.1 - 192.168.11.254
Subnet #99 on 192.168.0.0/23
nnnn nnnn.nnnn nnnn.nnnn nnnh.hhhh.hhhh 1100 0000.1010 1000.1100 0110.0000 0000 Network ID 1100 0000.1010 1000.1100 0111.1111 1111 Broadcast Network ID: 192.168.198.0 Bradcast: 192.168.199.255 Valid Hosts: 192.168.198.1 - 192.168.199.254
That’s all there is to subnetting. If you understand what’s going on with the binary and the host/network bits and the masks, subnetting becomes as simple as regular math work you might have to do at school. Once you get used to it, there’s lots of tricks and shortcuts you can use to avoid the binary entirely, those all depend on how your mind works with mathematics. There’s also subnet calculators out there, but it’s nice to at least know what’s going on instead of just blindly using the calculator.