What is IP Subnetting?
Every device on an IP network must have a unique IP address associated with it in order to communicate with others. Within enterprise networks, not only are IP addresses used, groups of IP addresses are commonly grouped into individual subnets that achieve a number of performance, scalability, and security benefits.
IP subnetting works to logically segment a larger network into smaller, more manageable subnetworks. This requires not only a unique IP address but also subnet masks and default gateways to achieve proper connectivity. In this document, we'll explain the purpose of IP subnets, how to read them, along with best practices for creating and deploying multiple subnets within your organization.
Why do you need to subnet IP Networks?
There are a number of reasons why a network would require multiple IP subnets. Here are a few of the top benefits:
1. To create smaller networks within a large network
From an organizational standpoint, network administrators can create IP subnets that group similar devices together for improved management and visibility. For example, an organization may create an IP subnet that is for wired end devices with a separate subnet for application servers that reside in a data center. This helps to keep track of devices when managing IP space while helping to quickly identify the type of device while troubleshooting.
2. To increase the number of available IP addresses
In many cases, businesses use what’s known as “private IP address” space for their internal devices. These addresses are unique in the fact that they are non-internet routable and can be used by anyone. There are three types of private IP address ranges that are commonly used and can be subnetted as needed. When the number of private IP addresses within a subnet becomes fully consumed, administrators can create a new subnet within this private IP space with which to deploy additional endpoints.
3. To improve network security
For a device that's located within one subnet to talk to another, it uses a default gateway to route traffic from one subnet to another. In many cases, the gateway IP address is a router, layer 3 switch, or firewall. It's common practice for network administrators to create firewall or access control rules that restrict specific IP subnets or individual IP addresses from communicating. This provides security controls to prevent unauthorized access to sensitive endpoints or servers.
4. To increase network reliability and decrease latency
IP endpoints that wish to communicate with others but don't know the destination device's unique IP address send out what's known as a broadcast address. This broadcast message is sent out to every device on the subnet. In very large IP subnets, broadcast traffic can consume that amount of available network throughput, slowing or even halting other traffic as it traverses the network. By creating smaller IP subnets, the amount of network devices receiving individual broadcasts is reduced, resulting in improved reliability and performance.
5. To accommodate network expansion
It’s important to note that IP subnets can expand or contract as needed, provided they don't overlap with other existing subnets that are currently in use. This is accomplished by adjusting the subnet mask, which dictates the total number of usable IP addresses within a particular subnet.
6. To accommodate network growth
Enterprises that plan for substantial expansion within a LAN can be designed in such a way that plenty of IP subnet space is available. As the network expands to accommodate more LAN-connected devices, these IP spaces that were allocated to the LAN yet are sitting idle can be easily configured and put to use.
7. To increase network scalability
Those seeing to scale their networks outside the corporate LAN to remote data centers, clouds, and remote sites can allocate IP subnet space for those locations.
How to identify the number of subnets and hosts for a given network?
Before administrators begin designing an IP address scheme that will last the lifespan of a production network, it's important to be able to understand and identify the types of IP address space that will be required to accommodate existing endpoints (hosts) and the potential for future growth.
1. Identify the class of the IP address.
Technically speaking, there are five different classes for IPv4. They are labeled Class A through Class E. However, Class E addresses are not used within enterprise networks and thus can be ignored. Additionally, Class D addresses are used for multicasting purposes and are not assigned to endpoints. These classes are known as Classless Inter-Domain Routing (CIDR) and were initially created as a way to reduce the number of routes that internet routers had to keep track of. Classes A to D ranges are as follows:
- Class A: 18.104.22.168 to 127.0.0.0
- Class B: 22.214.171.124 to 126.96.36.199
- Class C: 192.0.0.0 to 188.8.131.52
- Class D: 184.108.40.206 to 220.127.116.11
So, for example, a device that has a 192.168.10.100 IP address is a private IP address in the Class C space.
2. Calculate the number of bits in the subnet mask.
An IP subnet mask is a 32-bit address that designates which portion of an IP address is the network address and which is part of the pool of individual endpoint addresses. When input into an endpoint, the subnet mask is broken into four 8-bit octets represented by the numbers 0 to 255.
3. Identify the number of network bits and host bits.
Building off the 32-bit subnet allocation that’s broken into 8-bit octets, we can quickly identify the number of network bits vs. the number of host bits for a particular IP subnet. For example, if we have a subnet mask of 255.0.0.0 assigned to an endpoint, that indicates that the first 8-bits of the 32-bit subnet mask are allocated to the network and remain static while the remaining 24-bits can be used for individual IP address allocation.
4. Calculate the number of subnets and the number of hosts per subnet.
Say you want an IP subnet that can accommodate up to 254 hosts. To do this, we must figure out which IP subnet is the right fit, leaving the remaining subnet to be allocated for the network. As you recall, subnets are broken into 8-bit octets that range from 0 to 255. However, we can also break this down further into binary.
Doing so creates a series of 8 numbers labeled 0 or one. Thus, for example, we are using a class B network (172.16.0.0, for example) and a subnet mask of 255.255.0.0 – that translates to a binary format of: 11111111.11111111.00000000.00000000. The 1’s on the left-hand side designate the network address while the 0’s on the right can be allocated to hosts.
This particular mask would result in a network that can accommodate a single class B subnet with 65,024 addresses available for hosts. However, if we want to break networks into smaller subnets that hold up to 254 hosts, we can change the subnet mask to 255.255.255.0 – or 11111111.11111111.11111111.00000000 in binary. Doing so allows us to create 254 unique IP subnets – each of which can seat up to 254 host addresses.
5. Identify the number of valid addresses per subnet.
Let’s say we have an endpoint with a Class C IP address of 192.168.0.100 and a subnet mask of 255.255.255.128. In binary, this would be written 11111111.11111111.11111111.10000000. As we learned, the 1's to the right are network address space, while the 0's are for hosts. If we go left to right on those 0's, the number of available hosts doubles each time. That means that the 7 0's can be written as follows:
If we add these numbers up, we get 127 available addresses for hosts. However, we also have to consider the broadcast address, which is required for each IP subnet. The broadcast address is always the highest IP address in the subnet and would be 192.168.0.127. Thus, in this example, we have 126 available host addresses in this subnet that can be broken into two different IP subnets.
6. Use the results to create a table with each subnet, subnet address, network address, broadcast address, number of hosts, and valid addresses.
If you wish to manually build a series of IP subnets that fit the number of networks and hosts you expect to run on your network, a table can be created that lists each network and host ranges. For example, let's say we want to create and use the class C network space of 192.168.0.0, and we wish to break this network into eight subnetworks – each of which can contain up to 30 hosts. This is known as a variable-length subnet mask using a class C network.
The result of this subnetworking task would use a 255.255.255.224 mask and would support the following hosts per subnet:
Network space: 192.168.0.0 – usable host range: 192.168.0.1-30 broadcast address: 192.168.0.31
Network space: 192.168.0.32 – usable host range: 192.168.0.33-62 broadcast address: 192.168.0.63
Network space: 192.168.0.64 – usable host range: 192.168.0.64-94 broadcast address: 192.168.0.95
Network space: 192.168.0.96 – usable host range: 192.168.0.97-126 broadcast address: 192.168.0.127
Network space: 192.168.0.128 – usable host range: 192.168.0.129-158 broadcast address: 192.168.0.159
Network space: 192.168.0.160 – usable host range: 192.168.0.161-190 broadcast address: 192.168.0.191
Network space: 192.168.0.192 – usable host range: 192.168.0.193-222 broadcast address: 192.168.0.223
Network space: 192.168.0.224 – usable host range: 192.168.0.225-254 broadcast address: 192.168.0.255
7. Try using an IP address calculator to make the process easier.
For those that are just starting to learn IP subnetting, manually creating subnet tables can be a daunting task. Fortunately, there are several IP subnet calculators that are freely available online. Try this IP subnetting calculator or this IP subnetting calculator to create your own tables.
How to design an IP subnetting scheme?
When creating an IP subnetting address scheme for your organization, the following steps should be taken to ensure optimal performance, security, and scalability.
Step 1: Understand the need for subnets
Determine the number of hosts and network subnets your organization will need both now and into the future.
Step 2: Familiarize yourself with binary numbers
Practice breaking the four 8-bit octet IP addresses and subnet masks into their binary format.
Step 3: Calculate your subnet mask
Based on the number of networks and hosts required, break the IP space you wish to use into individual subnetworks, as shown above.
Step 4: Learn about CIDR IP addressing
Be sure to understand the different CIDR classes and which private IP addresses belong to each class.
Step 5: Get familiar with variable length subnet masking
A variable-length subnet mask is the process of segmenting a larger network into smaller subnets.
Step 6: Understand IPv6 and its transition plan
IPv6 is a more modern approach to IP addressing that uses 128-bit addresses as opposed to 32-bit addresses that are used in IPv4. Addressing and subnetting of IPv6 is vastly different from IPv4 and is out of the scope of this document.
Step 7: Practice subnetting IPv4 before going further
Be sure that your subnetting skills are adequate prior to creating a network schema that will be used in a production environment. Failing to do so could result in overlapping subnets that conflict with each other.
Step 8: Familiarize yourself with IPv4 subnet calculators
It’s highly recommended that an IP subnet calculator be used to check network schemas prior to use. They're easy to use, and results can be had in seconds.
IP Subnetting FAQ
What is a subnet address?
A subnet address is a way to distinguish between the network address and host address space of IP addresses.
How do you calculate the number of subnets in a network?
Take the number of host bits borrowed for subnets and multiply it by two. For example, if we borrow four host bits, we multiply it by two and see that we have eight subnetworks to work with.
What are the different classes of IP addresses?
A, B, and C classes are used for addressing hosts. Class D is used for multicast addressing. Class E addresses are considered "experimental" and should not be used on most networks.
How do you identify the subnet mask of a network?
An example IPv4 subnet mask might look like this: 255.0.0.0. The first octet (255) is the network portion of the mask, and thus the corresponding IP address space remains static. The remaining three octets (0.0.0) are for host address space.
How do you calculate the subnet broadcast address?
It’s always the highest IP address that’s possible within a subnet.
What is the difference between classful and classless IP addressing?
Classful addresses always adhere to CIDR classes – class A, B, C, D, and E. Classless addresses use variable-length subnet addressing that allows administrators to further subnet CIDR classes into smaller subnetworks.
How do you determine the network prefix length?
The network prefix in binary is on the left side of the subnet mask. If the bit is flipped to a 1, it is part of the network prefix.
What is the purpose of subnetting a network?
To allow for variable length network sizes.