Modern networks are built to be subdivided into sub-networks known as subnets. This article describes the concepts and calculations involved in managing subnets.
To understand subnets, it is essential to have an understanding of Internet Protocol addresses (IP addresses) and IP address-based networks.
An IP address is the network address of a device. A network device can be a server, a piece of network equipment, a client computer, a mobile phone, or something else. Any device capable of communicating on an IP network needs an IP address to participate on the network.
Consider the following network diagram:
Suppose you have two computers, MyComputer and YourComputer. The computers need to be able to communicate with each other, so they are given IP addresses (MyComputer is given 192.168.1.5 and YourComputer is given 192.168.1.22). The two computers have unique IP addresses on the network, but no way of sending and receiving data. A switch is a network device that connects devices by relaying packets they send to other devices on the network. MyComputer and YourComputer are both connected to the switch via a network cable. This allows MyComputer to send data to YourComputer by sending a packet across the network cable. The switch will intercept the packet and forward it to other devices connected to it.
Now suppose this network needs a server to host a website that MyComputer and YourComputer can access:
Following the same network principle as before, MyComputer, YourComputer, and ServerA are all connected by a network cable to a switch. Any communications between devices in this network are handled by the switch and relayed to the appropriate host or hosts.
Routing and Switching
Let's add one more detail to this - a requirement to separate workstation traffic from server traffic:
Switches relay data packets to directly connected devices. To allow for the separation of communications between devices, a router is used. A router is a network device that selects the network path for communications to follow based on a defined set of rules. In the diagram above, the router would be responsible for routing data to path A or path B based on a set of rules. Examples of rules the router would follow are:
- Allow web traffic from YourComputer to ServerB.
- Deny any SSH traffic from path A to path B.
The general rule to take away for routers and switches is the following:
A switch allows network communications to occur between connected hosts.
A router allows network communications to occur across segments of a network, subject to routing rules.
On each side of the router in this network is a subdivision of the network, or a subnet. All of the workstations can communicate directly with each other, all of the servers can communicate directly with each other, but traffic across subnets must traverse the router and be subjected to the router's ruleset. We will describe the mechanics of subdividing a network into subnets below.
From this perspective, a network is a system of interconnected devices, each of which having an IP address, whose communications are mediated by network equipment such as routers and switches.
A subnet is a logical subdivision of a larger network. It is desirable to subdivided a network for many reasons. The primary reasons for subdividing a network are:
- To improve routing efficiency by reducing the number of devices that communicate directly with each other.
- To create isolation between logically related devices, such as workstations and servers.
Every IP address on a network has at least two components: the IP address and a subnet mask. A subnet mask is a 32-bit number that specifies how a network should be subdivided into subnets.
Let's look at an example:
- The network address of a network is
This network has a network address (the first address in the network) of 10.0.1.0. The "/24" is a part of CIDR notation that indicates 24 bits are to be used for the subnet mask. Given the subnet mask of 24, we can conclude that the first 24 out of 32 bits in the address are used to distinguish different subnets, while the remaining 8 bits are used to distinguish hosts within a subnet. We refer to bits, since IP addresses and subnet masks can be represented in binary notation:
10.0.1.0 00001010 00000000 00000001 00000000
/24 255.255.255.0 11111111 11111111 11111111 00000000
When subdividing networks, each additional bit that is used for the subnet mask results in twice as many subnets, each half the size. A /24 (read: "slash twenty four") subnet can be subdivided by adding one bit to the subnet mask, making it a /25 subnet. When doing so, the 256 addresses in 1 subnet become 128 addresses in two subnets. Subdividing a /25 into a /26 likewise doubles the number of subnets and halves the number of addresses in each subnet. The following table illustrates this subdivision process:
The general rule to take away from this is the following:
To subdivide a network into subnets, increase the number of bits by 1. The resulting address space will have twice as many subnets and half as many addresses in each subnet as the original.
We first convert the IP address from dotted decimal notation to binary:
10.0.1.0 00001010 00000000 00000001 00000000
Next, we convert the subnet mask into binary by listing 24 ones followed by 8 zeroes:
/24 11111111 11111111 11111111 00000000
Now if we put the network address and subnet mask together, we can see that all the IP address bits that correspond to a one in the subnet mask are used to define the subnet. The remaining bits correspond to a specific IP address within the subnet:
00001010 00000000 00000001 00000000 11111111 11111111 11111111 00000000
This entire process is made easier by using the online subnet calculator.