In the IT world, specifically in networking, there aren’t many aspects that are as much of an enigma as subnetting—the act of creating subnetworks.
Subnets are logical divisions of an existing network that are defined by both class of IP address and the subnet mask. Often, consultants provide network design services to budding businesses to help establish a network that fits their needs at the time. But as the business grows or its needs change there may come a time when the initial network structure no longer works.
I’m currently working on a project that fits that description to a tee. The network was conceived by consultants when there were not as many devices and users to accommodate. As the needs of the business grew, it became painfully obvious that a single /24 subnet that accommodates up to 254 hosts wasn’t enough anymore. So I’m building out a new network structure that can accommodate all of the devices we currently have, separated by types of devices, and with room for growth.
This means a separate subnet and corresponding VLAN for each group of devices such as printers, servers, workstations, APs, etc. This allows for each group to have as much room as we could possibly need going forward while still keeping the network logically organized.
As funny as it may seem, many seasoned IT professionals are still a bit intimidated by subnetting simply because they don’t want to bother with the work it takes to implement it. How many addresses do we need? What IP scheme are we going to use? How many addresses will be given with DHCP and how many assigned statically? Will we separate out the types of devices or simply place them in a certain section of the range (such as putting all servers in the first 50 addresses of a range)?
As a result, once a network is made, usually it doesn’t get recreated or changed drastically. But there’s no other choice with our network, and because I am a glutton for punishment, I decided to take on this task myself and not go the consultant route. To do that, I had to blow the dust off the subnetting knowledge that I haven’t had to use in some time and reacquaint myself with the calculation of hosts. Here are the basics of subnetting as I understand them plus a few things to consider sprinkled in at the end.
To subnet properly there are topics you need a basic understanding of: binary (base-2) numbers, and classful networks. The idea with classful networks is essentially that IPv4 addresses are broken up into four octets (eight binary bit sections) that are then categorized in classes based on the number of hosts they are intended to accommodate. Although the classful network concept is not used anymore in today’s public internet, which uses classless inter-domain routing instead, the concept of splitting an IP address into a network portion and a host portion to section off the network is still used with subnetting. There are three main private IP ranges that are used in the majority of internal networks, Class A, Class B, and Class C. Each of these classes uses a certain number of bits as the network portion of the address and the rest for the host portion as shown in this chart:Network World / IDG
The breakdown of network bits and host bits shows which parts of the IP address will not change in a given network. In the example of a class A range of 10.0.0.0, the last three octets of the IP address will change sequentially as they are given out via DHCPor assigned but the first octet will never change. That’s because those are the network bits that define that network, which makes the very last address in that range 10.255.255.255.
When subnetting you are using a subnet mask to steal bits from the host portion of an address and adding them to the network portion to tailor the number of hosts you can accommodate. A subnet mask is a 32-bit number like an IP address, but instead of being used for host addressing, its purpose is to communicate the portions of a network address that are network/subnet bits and the portions that are host bits. Subnet masks are constructed by setting all of the host bits to 0 and all of the network/subnet bits to 1.
Because there are 32 total bits in an IPv4 address (eight in each of four octets), to find the number of host addresses accommodated by a particular mask you subtract the number of network bits and subnet bits from 32 and raise 2 to the power of the difference. For example, for a /22 network the number of host addresses would be 32 – 22 = 10, 210 = 1024 addresses. This chart shows the number of host addresses associated with different masks:Network World / IDG
Once you have decided how many host addresses you need, add up the binary bits from both the network portion and the subnet portion for each octet separately, and you will have your subnet mask.
When subnetting a network it is easy to think that because you have x devices on your network you just need to pick an IP range and subnet that has enough addresses to account for all devices, but that would be leaving out some key considerations. By creating a mega subnet, like say a /8 with 16,777,216 addresses, you begin to run into network congestion issues. Because each subnet is its own broadcast domain, whenever a switch sends an ARP broadcast or a machine is broadcasting something else, every device in the broadcast domain will get it. As a result, broadcast packets on your network can drown out actual non-broadcast traffic.
Broadcast traffic can be manageable when you are talking about 256-1024 or fewer addresses, but any bigger, and you are in serious trouble depending on how noisy your devices are. Best practice is usually to separate some of the main categories of devices on your network into their own subnets or broadcast domains with VLANs. By doing this with some kind of Layer 3 device to route traffic between subnets you can still have as many addresses as you need, but the network noise is manageable.
Implementing a new subnet scheme will vary greatly depending on your environment, but its best to go gradually. Grab the low-hanging fruit first to test the concept, get the routes working properly, and get some breathing room in that crowded /24 your escaping. A lot of the same principles apply when dealing with IPv6 addressing as well, although there are some significant differences. It uses hexadecimal notation made up of 16 characters instead of binary notation made up of just two, and every internal address is also an external address. But that’s a topic for another day.Join the Network World communities on Facebookand LinkedIn to comment on topics that are top of mind.
Michael Flowers is a seasoned Systems Engineer with over a decade in the field designing, administering, and securing enterprise environments. He has experience with the complex infrastructure in use in various industries.
Copyright © 2021 IDG Communications, Inc.