The process of subnetting is both a mathematical process and a network design process. Mathematics drives how subnets are calculated, identified, and assigned. The network design and requirements of the organization drive how many subnets are needed and how many hosts an individual subnet needs to support. Binary basics and IPv4 address structure were covered in part one of this two-part paper.
This paper focuses on the process rules and helpful hints for learning to subnet an IPv4 address. It covers the following topics:
1) Need for subnets
2) Process for subnetting
3) Formulas for subnet calculation
4) Examples for putting everything together
5) Variable Length Subnet Mask (VLSM)
6) Determine the subnet, usable range of host addresses, and broadcast address for a given host
7) Helpful tables
NOTE: Throughout this document, the term IP address refers to an IPv4 address. This document does not include IPv6.
IP Address Construct and Representation
An IP address is a thirty-two-bit binary number. The thirty-two bits are separated into four groups of eight bits called octets. However, an IP address is represented as a dotted decimal number (for example: 126.96.36.199).
The Need for Subnets
What exactly is subnetting? Subnetting is taking an IP network and subdividing it into smaller IP networks called subnetworks, or subnets. Every IP network, or subnet, is a broadcast domain. A broadcast domain is a collection of devices that can receive broadcast traffic from each other. Broadcast traffic is traffic that is delivered to every device on the network.
Having a single broadcast domain, or a "flat network," presents two main problems.
1) In a single large broadcast domain, there is a large amount of broadcast traffic. Broadcast traffic is very inefficient and consumes large amounts of resources, such as bandwidth, processor cycles, and memory. In fact, enough broadcast traffic on a network can cause other applications, such as email, word processors, and spreadsheets, to be negatively impacted.
2) When all devices are part of the same broadcast domain, there are no protocol boundaries between devices, so implementing security policies is difficult. In other words, there is no easy way to protect one device from another device without using host-based mechanisms, such as host-based firewalls, permissions, rights, and anti-virus. These methods serve a valuable purpose, but they are not very efficient, and they can degrade performance of the host.
The solution to these problems is to break the single large broadcast domain into several smaller broadcast domains. By doing this, the number of devices connected to each broadcast domain is smaller. This reduces the amount of broadcast traffic, improving the performance of all devices on the network. Additionally, a boundary between devices is created, which greatly improves and simplifies the implementation of security policies.
As an analogy, imagine a single room, and in this room are five different groups of people; one group in each corner and one group in the center. Each group of people has a microphone and is discussing a different topic. If you were a member of one of the groups, picture how difficult it would be to hear people in your group, concentrate on your topic, and share confidential information.
Now imagine the single room being separated into five smaller rooms. Each group now has its own room with a door and can communicate without competing with the other groups. Each person can hear and concentrate better and more easily keep confidential information within the group.
The concept of dividing a large room into smaller rooms is the same as the concept of dividing a large broadcast domain (IP network) into smaller broadcast domains (subnets).