What is a subnet and subnetting?
Subnet definition
A subnet (also known as a subnetwork) is a small network within a large one. Large networks are generally difficult to maintain. Furthermore, traffic must travel a longer distance and pass through unnecessary routers to reach its destination. Subnetting –– or dividing the network into smaller pieces –– is used to make the network easier to maintain. While it has many benefits, subnetting requires additional hardware (e.g., routers), potentially costing extra to implement.
Subnetting the process of splitting a larger IP network into subdivisions, known as subnets. When subnetting a network, you borrow bits from the host portion of an IP address to create a subnet identifier. This allows for the more efficient use of IP addresses and better network management overall.
Each network has a network gateway, or router, that interfaces with the wider internet. Your gateway is assigned an IP address, identifying the network as a whole. This system works perfectly well for small home networks, but if you run a larger ecosystem of devices (perhaps in an office or on a university campus) you may want to create subnets, segmenting the network into distinct subsections.
How does subnetting work?
Subnetting works by using subnet masks to divide up a single network into multiple smaller units. To understand how subnetting works in practice, we need to cover five key areas. These are not specific steps, but rather the various components of the process you should be aware of to understand it as a whole:
1. Understanding IP addresses
When data is sent to your device, it can only find it thanks to an IP address. An IP address is a unique identifier, made up of numbers and periods. It’s composed of two sections, one representing your device (also known as a host), and the other the network your device is a part of. The network address is needed for data to be able to find your network, but without the host information, the router wouldn’t know where to send the data packets meant for you.
Variations exist between IPv4 and IPv6 IP addresses, but we’ll focus on IPv4 addresses, which are the most commonly used. IPv4 IP addresses are constructed from 32 binary bits (a long string of ones and zeros, with each number referred to as a bit) but to make them easier for us to interface with, we use a shorter dot-decimal system.
Let’s take the 32-bit binary address 11000000.10101000.01111011.10000100 as our example. This translates to the more human-friendly 192.168.123.132 IP address (you can use a free online calculator to translate IP addresses in and out of their binary format). In the IP address 192.168.123.132, the first three numerical groupings (192.168.123) represent the network as a whole. The last grouping (132) indicates the host, a specific device on the network.
Different types of IP addresses are divided into specific classes, represented by letters (Class A, Class B, and Class C). Some IP addresses fall into Class D and Class E as well, but these two classifications are not relevant to most users. Different IP address classes use different submasks, and submasks are essential for subnetting.
2. Subnet masks
Like an IP address, a subnet mask is a 32-bit number binary string that can be converted into a dot-decimal format (255.255.255.0, for example).
The subnet mask’s role is to help a device determine which part of an IP address represents the network and which part is the host identifier, or device, on that network. A subnet can be combined with an IP address to give routers and devices the information they need to move a data packet to its intended destination.
When you apply a subnet mask to an IP address, you define how many addresses are available for hosts. To understand this, let’s take the subnet mask 255.255.255.0. In binary, the last numerical grouping of this subnet mask is 00000000.
Since there are eight bits in that grouping, and since each bit in binary can be one of two options (1 or 0), this gives you a total of 2^8 (two to the power of eight) possible combinations (256 combinations). Consequently, a subnet mask of 255.255.255.0 allows for 256 individual addresses in a subnet.
3. Calculating subnets
When setting up your subnet, you need to calculate the subnet’s range (the number of hosts you can connect to it). To do this, follow these steps:
- 1.Write down your network’s IP address and convert that IP address into a binary string.
- 2.Write down the subnet mask you’ll be using and convert it into a binary string.
- 3.Wherever you see 1 in the binary subnet mask, keep the corresponding bit in the IP address. Wherever you see 0, you can vary it for different subnets.
- 4.Exclude the first and last addresses from your calculations. All possible variations between those two addresses are available for hosts to use.
4. CIDR notation
Another key part of the subnetting process is the addition of classless inter-domain routing (CIDR) notation. Classless inter-domain routing notation is a way of representing IP addresses and their routing prefixes (the numbers used to identify the network). A CIDR notation consists of a forward slash symbol followed by the subnet mask length in bits. For example, the CIDR notation for 255.255.255.0 is /24, indicating that the first 24 bits are used for the network prefix.
CIDR eliminates reliance on the rigid boundaries of the IP address class system (A, B, C, and so on) by allowing the use of subnet masks with variable lengths (a process referred to as variable-length subnet masking, or VLSM). Instead of being confined to fixed class boundaries, CIDR allows for a granular division of IP addresses, so you can tailor a subnet’s size to the precise needs of a network.
Let’s put CIDR into practice to demonstrate how it works. Let’s say you have the IP address range 192.168.1.0 to 192.168.1.255 and you want to divide it into smaller subnets. If you use a subnet mask of 255.255.255.128 (or /25 in CIDR), you’ll create two subnets — 192.168.1.0 to 192.168.1.127 and 192.168.1.128 to 192.168.1.255 — each with 128 addresses.
What are subnets used for?
Subnets have a range of use cases, from boosting speed and performance to connecting larger groups of networks like WANs.
Improve network performance
If data is being sent to a specific subnet, it can bypass unnecessary routers and go more efficiently to its endpoint, avoiding congestion. Instead of the network as a whole having to handle all data moving within it, some traffic can remain contained in specific silos. For example, if all guest Wi-Fi users are on one subnet and all employees within an organization are on another, a surge in guest traffic won’t slow down communication between employee devices.
Enhanced network security
One of the biggest benefits of subnetting is its effect on network security. If one subnet is compromised or exposed to cyber threats, the chance of it spreading to other subnets is lower. Having divided your network up, you can give users access to specific subnets, rather than to your network as a whole, making users on other subnets safe. All your subnets may be iterated from a single larger network, but threats can be effectively isolated within the subnet where they first manifest.
Facilitate traffic management
By isolating and controlling the flow of data across multiple subnets, rather than routing all traffic across one undivided network, traffic can be more effectively managed. Data congestion within one subnet, perhaps as the result of a defective router, won’t impact users in other subnets. This partitioning also makes troubleshooting easier because problems appear within individual subnets and can be identified faster as a result.
Supporting different network types
Different subnets can cater to different devices or services within an organization. For example, one subnet might be dedicated to IoT devices like printers and speakers, another to guest users, and a third to employee PCs. Each subnet can be set up for one specific purpose, rather than a single network having to provide connectivity for a diverse range of devices and different traffic types.
WAN connectivity and routing
You can combine multiple local area networks (LANs) into a bigger ecosystem of interlinked networks, known as a wide area network (WAN). Subnetting helps to organize WANs, routing traffic efficiently and minimizing risks. For example, you might choose to create a subnet within a WAN that includes the devices of one specific team, with members dispersed across several geographical locations. Now, despite working across multiple LANs within the WAN, the team’s devices can communicate as if they were all sharing one localized network. Subnetting also makes WANs safer, lowering the chances of a threat in one section of the WAN spreading to the entire network.
Growth and scalability
While businesses and organizations of any size will benefit from using subnets within their networks, subnetting is particularly useful for enterprises that expect to grow over time. Subnets can be expanded, new divisions created, and new hardware onboarded, all without a major overhaul of the core network infrastructure.
Challenges and common mistakes in subnetting
Though subnetting is useful in many respects, it does have some drawbacks:
- Incorrect subnetting. One common mistake made when setting up a subnet is choosing inappropriate subnet masks for the scale and traffic types you plan to run on the network. Miscalculating subnet ranges is also a possibility, and can cause problems further down the line. Both of these mistakes may lead to inefficient use of IP addresses and, eventually, IP address exhaustion.
- IP address exhaustion. If you made mistakes during setup, you could end up running out of IP addresses. This is a possibility even in a well-implemented subnet and, if unaddressed, will cause problems when you try to scale your networks and bring in more hosts.
- Overlapping subnets. Sometimes, if deployment has been suboptimal, the IP address ranges of multiple subnets can overlap. Routers may be confused about where to send data, resulting in traffic being routed to the wrong locations, or not at all. In a well-designed network, subnets are configured to have distinct and non-overlapping address ranges.
- High levels of complexity. Perhaps the biggest drawback of subnetting is its complexity. Administrators will have more work to do when overseeing numerous subnets, as opposed to a single network. This is offset somewhat by the fact that troubleshooting should be easier, as bugs and other problems will be isolated within specific subnets when they arise.
Though these problems and challenges should be considered before subnetting, creating subnets still yields many benefits. When properly deployed, subnets boost security and improve network stability for large organizations, especially those with dispersed teams and members.
Like what you’re reading?
Get the latest stories and announcements from NordVPN
We won’t spam and you will always have the choice to unsubscribe