What are Subnets, and How Do They Affect My Network?

Shutterstock / David Jancik

Subnets are a way to partition networks into smaller pieces. This makes managing and routing a large network much easier, clarifies ARP traffic, and can be used to divide a network into private and containerized subnets.

What is a subnet?

Suppose you have a multi-story office building, with many devices on each floor. Having them all on one network can clog pipes, especially with ARP traffic to establish the physical connection between devices.

Instead, a smarter solution would be to divide each floor onto its own network. The easiest way to do this is to divide the IP address into two pieces, the first used to identify the subnet (i.e. the floor of the building) and the second used to identify the Host ID (the name of the computer on this floor):

In this example, represents the fourth computer on the first floor, is the second computer on the fifth floor, and so on. Technically, the “192.168” part is the network ID, not the subnet ID, as it is the same on all private subnets, but they effectively represent the same thing.

Under the hood, this is done with what is called a bitmask, often referred to as a “subnet mask”. The subnet mask determines which parts of the IP address are the subnet ID and which are the host ID. Anything that is a “1” is the subnet ID, and anything that is a “0” is the host ID.

The bitmask shown above could also be represented as, which would denote the first three bytes of the subnet ID. The subnet mask doesn’t need to break over the period, although that makes it easier in this example. You can create subnets of any size, although you are limited to a maximum of 16 million addresses in total on a private subnet ( to, which is probably sufficient for your use case.

Designating the last octet of the Host ID allows 256 hosts on the subnet, excluding (the broadcast address) and (used to represent the network itself) . These are the “all ones” and “all zeros” addresses.

Why do you need subnets?

Subnets are used to manage address segments. If your network is large enough, it will slow you down to have all your devices on one network. Subnets come into play by separating them at the hardware level.

This is actually how the whole internet works, so it’s easier to view it that way. Take your average home router for example. It has a public IP address assigned to it by the ISP, which is unique to this device. You can access your home router from anywhere in the world by accessing this IP address in your browser.

But you would quickly run out of addresses if you tried to give the computers behind the router a public IP address, so that they were instead assigned private IP addresses that don’t uniquely identify the computers across the board. world, but which are unique to this private network. . Also, if Computer A wanted to talk to Computer B on the same network, you wouldn’t want to go through the Internet if the connection is local. This helps keep traffic isolated while still allowing

This is exactly why you need to transfer routers to open devices on the internet. Your router doesn’t know you’re running a Minecraft server on port 25565 until you tell it you are, and it should forward all connections to you on that port rather than managing it itself .

The Internet is a special case as the number of addresses is limited and you must use this public-private address arrangement. Private addresses are in fact reserved for public use; the following addresses are only used for private devices:, a 16-bit block of 65536 addresses, a 20-bit block of 1048576 addresses, a 24-bit block of 16,777,216 addresses

With this you can have two different devices with the same private IP address hence the reason everyone’s home router is or

With another subnet layer, you cannot have more devices behind the gateway because each device needs a unique private IP address. But you still separate the devices at the hardware level; in this example, if the bottom computer ( wants to talk to the top computer ( on a different subnet, it must leave the default gateway for its own subnet and switch to through the gateway for the destination subnet.

This is the type of subnet you can do, and even if you don’t get the benefits of private IPs, you still have over 16 million addresses to work with. With that, you could create 65,536 subnets with 254 hosts each, which would fill a truckload of routers.

What are CIDR blocks?

Rather than including the entire subnet mask when writing it, you can use a shortcut called CIDR rating. In this notation, you place a forward slash after the IP address, followed by the number of bits used for the subnet mask (because it’s always a line of 1s from left to right). For example, the subnet mask uses 24 bits of ones, which would be:

This allows you to easily know which numbers are the subnet ID and the size of the subnet. Larger CIDR blocks have lower numbers. You can see a full list of them here on Wikipedia.

CIDR block is a special subnet, used to represent the pool of all available addresses. This is used as a wildcard to match any address; for example, setting an open firewall port to would open it to anyone.

Subnets can be used for private and public networks. In the previous example, the office building can be assigned the public IP address by the Internet service provider. This issue is resolved at the outgoing end of the building Default Gateway, which it uses to route traffic outside the building. This IP address is completely unique and has been assigned by an ISP, which has received a CIDR block to assign to its customers. The whole internet is divided this way, with blocks of different sizes used for routing between countries, states, cities, etc.

But inside the building, devices can communicate with each other using their private IP addresses, typically in the range (65,536 addresses) or (over 16 million addresses) . These can be divided into smaller subnets if necessary.

How does this affect my network configuration?

If you are using cable for a large office building, you may need to consider the subnet. One thing to note is that two addresses must be reserved for the broadcast address and the network address. For example, if your customer wanted ten subnets with 20 computers each, you would actually need to allocate size 22 subnets. But unless you made a public subnet allocation, you would probably have a ton of wiggle room with the private IP address. addresses.

If you are renting cloud servers, your servers will likely be operating in a subnet. This is commonly referred to as “virtual private cloudBecause your servers can all talk to each other using their private IP addresses, but cannot access private servers in other VPCs. The actual segmentation is done through subnets and is usually handled for you, but you can familiarize yourself with services such as AWS VPC that allow you to provision your own subnets on the AWS platform. You probably won’t have to handle the networking yourself, but it will be helpful to familiarize yourself with CIDR notation to understand subnet sizes.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.