Subnets are a way of dividing networks into smaller blocks. This makes it much easier to manage and route a large network, clean up ARP traffic, and can be used to break up a network into private, containerized subnets.
What is a subnet?
For example, let̵
Instead, a smarter solution would be to divide each floor into its own network. The easiest way to do this is to split the IP address into two blocks, the first to identify the subnet (i.e. the floor of the building) and the second to identify the host ID (the name of the computer in this floor) is used):
In this example
192.168.1.4 represents the fourth computer on the first floor,
192.168.5.2 is the second computer on the fifth floor and so on. Technically, this is “
192.168Part is the network ID, not the subnet ID, as it is the same in all private subnets, but effectively represents the same thing.
Under the hood, this is done with a so-called bit mask, which is often referred to as the “subnet mask”. The subnet mask determines which parts of the IP address are the subnet ID and which are the host ID. Everything a “
1“Is the subnet ID and everything a”
0”Is the host ID.
The bit mask shown above can also be represented as
188.8.131.52which would denote the first three bytes of the subnet ID. The subnet mask does not have to be interrupted during this period, although this is easier in this example. You can create subnets of any size, although you are limited to a maximum of 16 million addresses on a private subnet (
10.255.255.255), which is probably sufficient for your application.
Setting the last byte for the host ID allows 256 hosts on the subnet, except
192.168.1.255 (the sending address) and
192.168.1.0 (used to represent the network itself). These are the addresses “All ones” and “All zeros”.
Why do you need subnets?
Subnets are used to manage address blocks. If your network is big enough, having all of your devices on one network will slow you down. When you separate them at the hardware level, subnets come into play.
This is how the entire internet works, so it’s easier to visualize that way. Take your average home router, for example. The ISP is assigned a public IP that is unique to this device. You can access your home router from anywhere in the world by accessing this IP in your browser.
However, if you tried to assign a public IP address to the computers behind the router, you would quickly run out of addresses. Instead, they are assigned private IP addresses that do not uniquely identify the computers worldwide, but only apply to this private network. If Computer A wants to communicate with Computer B on the same network, you don’t want to go over the Internet when the connection is local. In this way, traffic is isolated and allowed at the same time
This is exactly why you need to port forward routers to open devices to the Internet. Your router doesn’t know you’re running a Minecraft server on port 25565 until you tell it it’s you and that it should forward all connections on that port to you instead of managing it itself.
The Internet is a special case in that the number of addresses is limited and you have to use this public-private address arrangement. The private addresses are actually reserved for public use. The following addresses are only used for private devices:
192.168.0.0/16, a 16-bit block with 65,536 addresses
172.16.0.0/12, a 20-bit block with 1,048,576 addresses
10.0.0.0/8, a 24-bit block with 16,777,216 addresses
This way you can have two different devices with the same private IP address, which is why each is a home router
With a different level of subnets, you no longer have devices behind the gateway as each device needs a unique private IP. However, they still separate devices at the hardware level. in this example, if the computer below (
192.168.1.2) want to talk to the computer above (
192.168.2.3) in another subnet, it must leave the standard gateway for its own subnet and go through the gateway for the destination subnet.
This is the kind of subnet you can do, and while you don’t get the benefits of private IP addresses, you still have over 16 million addresses to work with. With that, you could create 65,536 subnets, each with 254 hosts, that would fill a truck full of routers.
What are CIDR blocks?
Instead of including the entire subnet mask when writing out, you can use a short form called CIDR notation. In this notation, you put a slash after the IP, followed by the number of bits used for the subnet mask (since it’s always a series of bits from left to right). For example the subnet mask
255.255.255.0 uses 24 bits of ones, so that would be:
That way, you can easily see what numbers are the subnet ID and how big the subnet is. Larger CIDR blocks have lower numbers. A full list can be found here on Wikipedia.
The CIDR block
0.0.0.0/0 is a special subnet that represents the pool of all available addresses. This is used as a placeholder for each address. Example: Specifying a firewall port to be opened for
0.0.0.0/0 would open it to anyone.
Subnets can be used for private and public networks. In the previous example, the public IP address can be assigned to the office building
184.108.40.206 from the internet service provider. This is resolved at the outbound end of the building’s default gateway, which routes traffic outside the building. This IP address is completely unique and has been assigned by an ISP who has been assigned a CIDR block for assignment to its customers. In this way, the entire Internet is divided up, using blocks of different sizes for routing between countries, states, cities, and so on.
However, inside the building, devices can communicate with each other using their private IP address, usually in the area
192.168.0.0/16 (65,536 addresses) or
10.0.0.0/8 (over 16 million addresses). These can be divided into smaller subnets if necessary.
How does this affect my network configuration?
When using cables for a large office building, you definitely need to consider the subnet. Please note that two addresses must be reserved for the broadcast address and the network address. For example, if your client wants ten subnets with 20 computers each, you actually need to assign 22 subnets. However, unless you do a public subnet assignment, you probably have a lot of leeway with private IP addresses.
If you rent cloud servers, your servers will likely operate on a subnet. This is commonly referred to as a “virtual private cloud” because your servers can all communicate with each other using their private IP addresses, but cannot access private servers in other VPCs. The actual segmentation takes place via subnets and is usually managed for you. However, you can also use services such as AWS VPC, which allow you to provision your own subnets on the AWS platform. You probably don’t need to manage the network yourself, although it is helpful to be familiar with CIDR notation to understand subnet sizes.