If there’s one topic that trips people up (both new and experienced) in the networking industry, it is that of Subnetting.
One of the reasons this happens is that one has to perform (mental) calculations in decimal and also binary. Another reason is that many people have not had enough practice with subnetting.
In this article, we will discuss what Subnetting is, why it came about, its usefulness, and how to do subnetting the proper way. To make this article as practical as possible, we will go through many examples.
Note: While subnetting applies to both IPv4 and IPv6, this article will only focus on IPv4. The same concepts explained here can be applied to IPv6. Moreover, subnetting in IPv6 is more of a want rather than a necessity because of the large address space.
Overview of IPv4 Addressing
Subnetting deals with IP addresses and so, it is natural to start any discussion on subnetting with IP addresses. Just like a house number uniquely identifies a house on a street, an IP address uniquely identifies a device on a network.
For example, any traffic with a destination IP address of 192.168.1.101 will be delivered to PC1, while traffic addressed to 192.168.1.250 will be delivered to SERVER.
Note: This is an oversimplification of things just for understanding sake and refers to Unicast (one-to-one) IPv4 addresses. Traffic sent to Multicast (one-to-many) and Broadcast (one-to-all) IP addresses can be delivered to multiple devices. Also, features like Network Address Translation (NAT) allow one IP address to be shared by multiple devices.
To help your understanding of IP addresses and subnetting, you need to resolve the following fact in your head: Computers think in binary, that is, 0s and 1s. Therefore, even though we see an IP address represented like 192.168.1.250, it is actually just a string of bits – 32 bits in total for IPv4 addresses.
To make them more readable for humans, IPv4 addresses are represented in dotted decimal notation where the 32 bits are divided into 4 blocks of 8 bits (also known as an octet), and each block is converted to a decimal number.
For example, 01110100 in binary is 116 in decimal:
Therefore, to a computer, the IPv4 address 192.168.1.250 is actually “11000000 10101000 00000001 11111010” (I only put the spaces to make it readable; the computer doesn’t see spaces):
Back to 1983: IPv4 Address Classes
A unicast IPv4 address such as 192.168.1.250 can be divided into two parts: Network portion and Host ID. So what does this mean? Well, IPv4 addresses were originally designed based on classes: Class A to Class E. Multicast addresses are assigned from the Class D range while Class E is reserved for experimental use, leaving us with Class A to C:
- Class A: Uses the first 8 bits for the Network portion leaving 24 bits for host IDs. The leftmost bit is set to “0”.
- Class B: Uses the first 16 bits for the Network portion leaving 16 bits for host IDs. The two leftmost bits are set to “10”.
- Class C: Uses the first 24 bits for the Network portion leaving 8 bits for host IDs. The three leftmost bits are set to “110”.
|Class||Network Portion (Start)||Network Portion (End)||Network Portion (Range)|
Note: The range of Class A is actually 1-126 because 0.x.x.x and 127.x.x.x are reserved.
With these classes, a computer/device can look at the first three bits of any IP address and determine what class it belongs to. For example, the 192.168.1.250 IP address clearly falls into the Class C range.
Looking at the Host ID portion of the classes, we can determine how many hosts (or number of individual IP addresses) a network in each class will support. For example, a Class C network will ideally support up to 256 host IDs i.e. from 00000000 (decimal 0) to 11111111 (decimal 255). However, two of these addresses cannot be assigned to hosts because the first (all 0s) represents the network address while the last (all 1s) represents the broadcast address. This leaves us with 254 host IDs. A simple formula to calculate the number of hosts supported by a network is:
So in those days, anyone who needed a network that supports up to 254 hosts can use a Class C network. What if you only need 10 IP addresses? You still get a Class C network. This wastage of IP addresses is even worse for Class B (65,534 usable IP addresses per network) and Class A (16,777,214 usable IP addresses per network)!
What is Subnetting?
That issue of IP address wastage brings us to the topic at hand – Subnetting. Subnetting allows you to create smaller network (sub networks; subnets) inside a large network by borrowing bits from the Host ID portion of the address. We can use those borrowed bits to create additional networks, resulting in smaller-sized networks.
Imagine I want to build a network that will support up to 30 devices in different segments. Without subnetting, I will need four (4) Class C networks to support this design. For example:
- Network #1: 192.168.1.0
- Network #2: 192.168.2.0
- Network #3: 192.168.3.0
- Network #4: 192.168.4.0
Each of these networks will support 254 IP addresses leading to a wastage of (254 * 4) – (30 * 4) IP addresses i.e. 896 IP addresses!
If you look at the design requirement of 30 hosts per network, you will discover that I only need 5 bits in the host ID portion of a Class C network to satisfy my requirement.
This means I still have 3 bits unused and with subnetting, I can use those three bits to create smaller networks. For this example, let’s take the 192.168.1.0 network:
By borrowing 3 bits, I can create 8 subnets:
These subnet addresses probably look weird to you – they look like normal IP addresses. However, looking at them in their binary form makes things clearer:
With subnetting, not only have we used only one Class C network, we have created 8 subnets from that network, each one supporting up to 30 hosts! We can use 4 of these subnets for our network and reserve the remaining 4 subnets for future expansion. This results in great waste reduction – from 896 wasted IP addresses to 120 reserved IP addresses.
With what we have done, we have created a problem for computers and other networking devices: how are they supposed to differentiate between a subnet 192.168.1.32 and an IP address 192.168.1.32? This is where subnet masks (also called network masks) come in. A subnet mask is the representation of the network portion of an address. It is also made up of 32 bits with all the bits that represent the network portion being marked as 1s and the other parts marked as 0s.
For example, the subnet masks of the IP address classes are:
- Class A: 255.0.0.0
- Class B: 255.255.0.0
- Class C: 255.255.255.0
Therefore, a Class C network of 192.168.1.0 can be represented as 192.168.1.0 255.255.255.0.
Note: It can also be represented using prefix length (CIDR) notation where only the 1s that make up the network portion are counted and represented with a slash e.g. 192.168.1.0/24.
With subnetting, the borrowed bits from the host ID are counted as part of the network bits. So if we revisit our example above again, the 192.168.1.32 subnet can be represented as 192.168.1.32 255.255.255.224 (or 192.168.1.32/27)
By comparing the “turned on” bits (i.e. 1s) in the subnet mask to an IP address, a network device can determine what network a particular IP address belongs to. For example, the 172.17.250.145 IP address with a subnet mask of 255.255.248.0 belongs to the 172.17.248.0 255.255.248.0 subnet:
A Note about CIDR
So far, we have talked about subnetting in terms of IPv4 address classes. This was just to help with understanding – most networks today are classless. In a bid to slow down the exhaustion of IPv4 addresses and also reduce the size of the Internet routing table, the IETF introduced Classless Inter-Domain Routing (CIDR) in 1993 which basically did away with classes. So with CIDR, we just have a network represented by a network address and a prefix length e.g. 18.104.22.168/22.
Note: In the CIDR example I used above (22.214.171.124/22), this address block will be seen as Class C in a classful network.
Why do we need subnetting?
Now that we have seen what subnetting is, let us consider some of the reasons we create subnets:
- Reduce wastage: As we have already seen, subnetting (and CIDR on a larger scale) helps us conserve IP addresses. While this is very important on the Internet (conserving public IP addresses), it is also useful on local area networks (LANs) where private IP addresses are used.
- Improve Network Performance: Subnetting improves the overall performance of a network. The larger a network is, the busier (more congested) it is. Consider the example of broadcasts – every host within an individual network will receive a broadcast even when it is not meant for them. This can affect performance especially during issues like broadcast storms. Therefore, the smaller the network, the more you can contain such issues within the subnet.
- Isolation: With smaller networks, you are able to isolate effectively as faults inside one subnet will not necessarily spread into other subnets. This is also important during security incidents so that even if one subnet is affected, the entire network is not brought down.
- Easier administration: Subnetting, when done properly, can make network administration more effective. For example, a multinational organization can design their network in such a way that each region is assigned an IP address block from a larger address block and subnetting is used within regions to further divide the blocks among networks. This kind of design also improves routing as the routers in one region only need to know the “summarized” IP address block for other regions rather than all the smaller IP address blocks. This reduces the size of the routing table and ensures that fluctuations in one region do not affect the entire network.
To help our understanding of subnetting, let us take a couple of examples.
Minimum subnet size to accommodate a number of hosts
You need to be able to design networks in such a way that there will be enough IP addresses for the devices that will be used on the network. Of course, you can always go for a large address block (e.g. /8) but like we already established, using smaller-sized subnets is more efficient. As such, you must be able to determine the minimum subnet size that will support a number of hosts on that subnet.
To do this, all you need is to determine the number of host bits to support the number of hosts and this means counting in the order of 2. You should also remember to account for the two (2) unusable IP addresses in a block which are used for the network address and broadcast address.
The table below shows the number of usable IP addresses for /31 to /22 (i.e. 1 to 10 host bits). You can do the same calculation for other prefix lengths.
|No. of Host Bits||Equivalent prefix length||Subnet Mask||Number of usable IP addresses|
|1||/31||255.255.255.254||21-2 = 0*|
|2||/30||255.255.255.252||22-2 = 2|
|3||/29||255.255.255.248||23-2 = 6|
|4||/28||255.255.255.240||24-2 = 14|
|5||/27||255.255.255.224||25-2 = 30|
|6||/26||255.255.255.192||26-2 = 62|
|7||/25||255.255.255.128||27-2 = 126|
|8||/24||255.255.255.0||28-2 = 254|
|9||/23||255.255.254.0||29-2 = 510|
|10||/22||255.255.252.0||210-2 = 1022|
* To conserve IP addresses, /31 subnets can be used in cases where there is no need for a network or broadcast address (e.g. point-to-point links). In effect, you can have 2 IP addresses in a /31 subnet if you use the network and broadcast addresses as IP addresses. This is explained in RFC 3021 and supported by many vendors including Cisco.
Using this table, we can determine that we need a minimum subnet size of /27 to support 25 hosts, /29 to support 4 hosts, /25 to support 120 hosts, and so on.
Tip: When designing subnets, think about the future expansion of the network. Using a /27 to support a network that needs 30 hosts does not allow for expansion. In such a case, it may be better to use the next block size e.g. /26. Alternatively, you can reserve the next /27 subnet in the sequence for future expansion.
Number of Subnets in an Address Block
Given an address block (network/prefix length), you can determine the number of subnets that can be gotten from that address block as long as you know the subnet size requirements. The formula for this is:
For example, we can get sixteen (16) /28 subnets from a /24 reference address block:
List of Subnets in an Address block
In the previous example, we determined the number of subnets that can be gotten from a particular address block. Now, we need to determine what those subnets actually are. To do this, we need to know the following things:
- The octet in which a subnet exists
- 1st octet: /1 to /8
- 2nd octet: /9 to /16
- 3rd octet: /17 to /24
- 4th octet: /25 to /32
- The maximum number of bits in the boundary (octet) in which the subnet belongs
- 1st octet: 8
- 2nd octet: 16
- 3rd octet: 24
- 4th octet: 32
- The block size of the subnet
For example, a /28 subnet exists in the 4th octet. The maximum number of bits in that octet is 32. Therefore, the block size is:
Here’s another example. A /18 subnet exists in the 3rd octet. The maximum number of bits in that octet is 24. Therefore, the block size is:
We can now use this knowledge to list the subnets in a particular address block. For example, what are the /27 subnets that exist in the 126.96.36.199/24 address block?
First, we know that there are eight (8) /27 subnets in a /24 address block (i.e. 227-24 = 23 = 8). Next, we can see that the /27 subnet exists in the 4th octet. The maximum number of bits in that octet is 32. Therefore, the block size is:
Knowing this, we can now list the subnets by starting at first network of the given block and incrementing by the block size in the 4th octet:
Let’s take another example. List the /23 subnets that exist in the 188.8.131.52/21 address block.
First, we know that there are four (4) /23 subnets in a /21 address block. Next, we can see that the /23 subnet exists in the 3rd octet. The maximum number of bits in that octet is 24. Therefore, the block size is:
Knowing this, we can now list the subnets by starting at first network of the given block and incrementing by the block size in the 3rd octet:
Warning: You need to be careful about the “first network of the given block”. It must be a multiple of the block size. For example, 128 is a multiple of 2. If you are not sure, start at 0 and increase by the block size. For example, 184.108.40.206, 220.127.116.11, 18.104.22.168, …, 22.214.171.124, 126.96.36.199, and so on.
Exercise #1: List the /13 subnets that exist in the 188.8.131.52/12 address block. (The answer is at the end of the article.)
Address Range of Subnet
When you know the size of a subnet, it becomes easy to determine the valid addresses in that subnet. We just need to add one (1) IP address to the subnet address and subtract two (2) IP addresses from the next subnet address. We add 1 because the first address is the network address and we subtract 2 instead of 1 because the last address in a subnet is the broadcast address.
Note: The next subnet address is just the subnet plus the block size. Keep in mind that this “next subnet address” may not be a valid address block.
For example, what is the valid address range of the 184.108.40.206/23 above? Since the block size is 2, we know that the next subnet is 220.127.116.11/23. Therefore, the valid address range is:
- Start address: 18.104.22.168 + 1 = 22.214.171.124
- End address: 126.96.36.199 – 2 = 188.8.131.52
- Broadcast address: 184.108.40.206 – 1 = 220.127.116.11
Here’s another example. What is the valid address range of the 10.192.0.0/10 subnet? Since the block size is 64, we know that the next subnet will be 10.256.0.0/10. Therefore, the valid address range is:
- Start address: 10.192.0.0 + 1 = 10.192.0.1
- End address: 10.256.0.0 – 2 = 10.255.255.254
- Broadcast address: 10.256.0.0 – 1 = 10.255.255.255
Note: In this example, the next subnet is 10.256.0.0 which is not a valid address block. However, it helps with our calculation.
Exercise #2: What is the valid address range of the 192.168.58.0/28 subnet? (The answer is at the end of the article.)
Variable Length Subnet Masks (VLSM)
So far, we have used subnetting to create fixed-size subnets e.g. four (4) /26 subnets from one /24 block. However, the use of subnet masks and prefix lengths provide more flexibility – we can create subnets of varying sizes from the same address block i.e. VLSM.
Let us consider the following example. We are given a block of 172.16.1.0/24 and we need to split it such that the following requirements are met:
- A subnet that can accommodate 100 hosts
- A subnet that can accommodate up to 55 hosts
- Two subnets that can accommodate up to 12 hosts each
To solve this problem, start with the biggest block and keep going down. For example, we need a minimum subnet of /25 to accommodate 100 hosts. Therefore, we can split the 172.16.1.0/24 block into two subnets:
We can use the first subnet 172.16.1.0/25 for the 100 hosts leaving us with the other subnet, 172.16.1.128/25.
The next largest subnet needs 55 hosts which can be accommodated with a /26 subnet. This means we can split the 172.16.1.128/25 subnet into two smaller subnets:
We can use the 172.16.1.128/26 subnet for the network requiring 55 hosts leaving us with the 172.16.1.192/26 subnet to further break down.
The two other networks require 12 hosts meaning we need a minimum of /28 subnets. Therefore, we can split the 172.16.1.192/26 subnet into 4 smaller subnets:
Therefore, our subnets are:
- 172.16.1.0/25 for the network with 100 hosts
- 172.16.1.128/26 for the network with 55 hosts
- 172.16.1.192/28 for the first network with 12 hosts
- 172.16.1.208/28 for the second network with 12 hosts
This means we still have two subnets (172.16.1.224/28 and 172.16.1.240/28) to use in the future.
This brings us to the end of this article where we have looked at subnetting in detail. We began with an understanding of IPv4 addresses which led to one of the reasons we use subnetting – to curb waste.
As we have seen, subnetting is really about maths (binary, addition, subtraction, orders) and to excel in it, you must be able to quickly do these calculations in your head (mental maths). We discussed how subnet masks and prefix lengths help move networks to a classless nature. We then considered several subnetting examples that you will encounter in your everyday networking life, including VLSM.
Keep in mind that, especially in certification exams, questions about subnetting are not always as straightforward as we have looked at in this article. In many cases, you are not given the subnet itself but an IP address on that subnet which means that you will first need to determine the subnet on which the address sits.
Here are some tools to further your subnetting practice:
Answer to Exercises
List the /13 subnets that exist in the 18.104.22.168/12 address block.
Two (2) /13 subnets can be gotten from a /12 address block. /13 sits in the 2nd octet which has a maximum number of bits of 16. Therefore, the block size is 8. As such, the /13 subnets from the 22.214.171.124/12 block are:
What is the valid address range of the 192.168.58.0/28 subnet?
The block size is 16. Therefore, the next subnet will be 192.168.58.16/28. As such, the valid address range is:
- Start address: 192.168.58.0 + 1 = 192.168.58.1
- End address: 192.168.58.16 – 2 = 192.168.58.14
- Broadcast address: 192.168.58.16 – 1 = 192.168.58.15