Author: Robert McMillen
Want a guide to help you in the fine art of subnetting IPv4 address space and give you the ability to bend it to your will? You’ve come to the right place.
IPv4 had its humble beginnings several decades ago when it was first deployed for use in the still experimental ARPANET. A 32-bit address space made sense back then in the development cycle, as it was very forward thinking with the understanding that the internet would be used primarily by large universities, government and big businesses. By the mid 90s, it had become apparent that this whole “internet” thing was going to be slightly more popular than first anticipated, and thus IPv6 was born. So, why aren’t we using IPv6 exclusively?
IPv4 is still here
And you’re probably wondering why.
- It’s readable and workable by humans without the need for a subnet calculator.
- Legacy networks require it.
- Proper IP management and etiquette keep it functional.
With IPv4, we have 4,294,967,296 addresses available to us, which sounds like a lot until you consider the number of devices that communicate over the internet. If you had asked me in 1996 if my refrigerator would be sending me an email to let me know that my lettuce was about to expire, I would have laughed at you. Yet, here we are.
We currently have a world population of almost 8 billion people. If each person had only one device and each device required a single IP address, we’d all be sharing a cell phone with at least one other person with no IP addresses left for them to connect to their carriers. So, how do we get around this?
Fortunately, the powers that be had the forethought to section off some private IP space for us to use on our internal networks. These are, you guessed it, subnets.
Specifically, subnets that are not able to be routed over the backbone internet. CIDR (classless inter-domain routing) gives us the ability to have classless routing, and subsequently we can break those down into smaller subnets. Some of these should be familiar to you already.
- 10.0.0.0/8 - Class A Subnet, 16,777,216 Addresses.
- 172.16.0.0/12 - Class B Subnet, 1,048,576 Addresses.
- 192.168.0.0/16 - Class B Subnet, 65,536 Addresses.
And the often neglected.
- 127.0.0.0/8 – Loopbacks! - Also a Class A Subnet, but unusable for routing.
Globally, these are still a mere pittance, but when you stop to consider just how much weight these subnets carry, you’ll see just how much slack they pull off of the global routing tables. All of the above are in the “private” IP space, which means that they are not allowed to be routed outside of your internal network. Breaking your own IP space into even smaller subnets has a host of other benefits.
- Demarcation of network boundaries.
- Reduction of broadcast traffic within your LAN.
- Conservation of IP addresses.
Subnetting applies equally whether you happen to be working with either private or public addresses. It becomes even MORE important when you’re working with globally routed IP space, as this is the space that is in short supply. And, as your business expands, so too will your demand for it.
if you’re new to binary, try looking at this quick binary tutorial to get you started
Public vs. private addresses
Private IP space was set aside for us to use on our internal networks. Your home router has a public IP, which faces the world and then uses NAT (network address translation) to move traffic to and from the private IP space on the inside of your network.
Anything outside of these ranges is considered public IP space, a block of which will be assigned to you by your ISP based on your needs. For larger blocks of IP space, you’ll likely be asked for a network diagram in order to prove that you need as many as you’re requesting. This will vary from ISP to ISP. If you can save on public IP space by using NAT and port forwarding, your ISP will be most appreciative, and it will keep IPv4 alive a bit longer. Wait, maybe that’s not such a great thing.
A 0.0.0.0 0.0.0.0 entry in your routing table can often be found as a default route to the outside world. This is fine. It just says that all of your traffic goes out to the entire internet and you’re letting your ISP figure out the rest.
Anatomy of an IP and its subnet
Let’s take a look at a standard /24 Class C Subnet mask.
The Class C /24 is generally what you see on your typical home router with an IP range starting with 192.168.1.0/24 or 10.0.0.0/24. Having 8 bits available in the mask gives us (2^8) or 256 addresses that we can use for our hosts. The average home user doesn’t need this many but your business likely does. Let’s say we want to have a different subnet for sales, support, marketing, HR and so forth. We can break up that last octet even further, creating a series of /28s.
We’ve been given the entire /24 to work with. If we then ignore the first 24 bits of the subnet, we’re left with the two sets of 4 bits denoted in yellow and red above. Now, instead of treating the octet like this:
We treat it like this:
Using binary, this gives us 2^4—or—six subnets, each with 16 addresses, for a total of 256. We can take it a step further and break the /24 in to 32 /29s like this:
This gives us 32 subnets (2^5), each with eight addresses.
You can’t have them all
Realize, of course, that you don’t have access to all the addresses in a range. No matter how large or small your subnet, you will always lose two addresses: one for the network address and one for the broadcast address. Generally speaking, these are the first and the last address in your subnet range. If we have 192.168.0.0/29, then 192.168.0.0 would be the network address and 192.168.0.7 winds up being the broadcast address, giving you only six addresses you can use (1-6) for your hosts.
Back when ethernet first came about, we didn’t have smart switches to help us manage traffic. I know everyone wants to be PC these days, but I’m just going to come out and say it: hubs are dumb. Here’s why.
Unlike switches, the only job a hub had was to repeat and amplify the signals traveling over the wires. Since there was no intelligent switching, there had to be a means to communicate to an entire subnet. Enter broadcasting. Every device on the subnet has this broadcast address. When a packet leaves, it is sent to this address and everyone on the same subnet gets it. The information in the packet that was sent gives information as to who the intended recipient was. Everyone else discards the packet.
Calculating the broadcast is also simple. Take the binary value of the subnet mask and invert it. 1s become 0s and 0s become 1s, like so: /29
Now, we do a bit-wise OR with the network address.
Some devices allow you to change the broadcast address, if you choose, but this is rarely done. This falls under the aforementioned etiquette standards. The guy who has to work on the network after you’ve moved on will thank you for leaving it in a way that makes sense.
You won’t find many uses for subnets smaller than a /30, which ends up giving you only two usable addresses mainly for point-to-point applications. You can, however, use a /31 for some point-to-point configurations if your device supports it, as there is no need in these cases for a broadcast address.
A word on routing
When you begin to delve into the more advanced routing protocols, subnetting will be your daily bread and butter, ESPECIALLY if you wind up working for an ISP. For a typical small business, you’ll be handed a small number of public IP addresses that you won’t have to worry too much about routing. The ISP will handle this for you. More advanced routing scenarios using BGP, OSPF, EIGRP and others will require you to be critically accurate in your distribution and IP block announcements. Large routing tables can quickly eat up a router’s memory and bad announcements can lead to heavy CPU usage and worse: routing loops, update storms and IP traffic being sent off to who knows where. These things can happen in large LAN environments too, so it’s important to be on the ball. Don’t be daunted; be determined.
How do you get to Carnegie Hall?
Practice! Practice! Practice! It’s an old joke, but it’s no less true today. Take some time to practice your subnetting. Use the 10.0.0.0 and 192.168.0.0 ranges to form blocks of IP space that work in some mock network environments. Give yourself a number of “workers” per department and then make multiple departments. Then, find blocks of IP space that fit those numbers with room for expansion.