Introduction
Expanding upon our previous post about IPv4 Addresses (IP Address Basics) today we learn how to subnet existing networks. This is a crucial skill to understand not only from a network administration perspective but it is essential to Security professionals as well. We are going recap some of the basics covered in the previous article and then dive into subnetting for IPv4. First let’s recap!
Basics
IPv4 addresses are 32-bit binary numbers often represented using the dotted decimal format (10.23.221.0). In our previous article we talked about IPv4 classes let’s look at one of those classes and learn how subnetting can provide Network Administrators with the flexibility to divide a large network into some smaller networks. Let’s take a look at a Class C network for our example.
Let’s take the Class C network address 192.168.1.0 with a network mask of 255.255.255.0. Breaking this down we have a network address that consists of 192.168.1.X with the X representing the host address space. Another way to write this network address is to use CIDR notation, or Classless Inter-Domain Routing notation, which in this case would look like 192.168.1.0/24. The /24 refers to how many bits are allocated for the Network address. Often network addresses are written using this notation because it is easier to represent and understand how much of this IP address space should be allocated to the network portion of the IP address and how much should be dedicated to the host portion of the address. Let’s look at this concept more closely.
Network vs Host Address Space
When we have a network such as 192.168.1.0/24 this means that the first 24 bits of the IP address are dedicated to defining the network address while the last 8 bits of the IP address are used to define the host address portion. This means that 192.168.1.X defines the network address (recall each octet is 8 bits, so 8*3=24) and that the last octet is reserved for the host addresses. This means that we can have any number, 1-254, in the last octet to represent a host on the network. In a class C network technically there are 256 addresses but the first address and the last address are reserved for defining the network and broadcast addresses respectively and are not used for host allocation. If we are working with a network that doesn’t require 254 hosts we can subnet that network to more efficiently use all 254 addresses.
Subnetting requires that we borrow bits from the host portion and re-allocate them to be part of the network portion thus creating additional subnets. We can take the 192.168.1.0/24 subnet and split it in half by taking one bit from the host portion and using it for the network address making the new subnets 192.168.1.0/25 and 192.168.1.128/25. Now each network can host 126 IP addresses instead of 254. This might make sense if you had two spaces where each network might require about 125 hosts each. If you needed more subnets with smaller host spaces then you could steal additional bits from the host address space and re-allocate it to the network address space. Stealing one more bit would create 4 networks with 62 hosts each 192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26, and 192.168.1.192/26. As you can see each bit we steal doubles the amount of networks and halves the number of hosts in each subnetwork.
A quick formula can be used to determine how many hosts are in a network address it is 2^(number of bits in the host space). So for our /26 subnets we could 32 bits and subtract 26 to get a total of 6 bits. We then raise 2 to the power of 6 to get 64 and then subtract two from that (because the first and last address are reserved and not used for hosts) to get 62 hosts that we would be able to allocate to those networks.
Wrap Up
The benefits of subnetting include efficient address allocation, improved network management, enhanced security, and routing optimization. It’s important to understand why subnetting works the way it does but in practice professionals typically use subnet calculators to assist with network planning. These calculators can provide a network professional with validation that their subnet address plan is correct and optimized for their network.