Subnetting explained
Subnetting is the practice of dividing a network into two or more smaller networks. It
increases routing efficiency, enhances the security of the network and reduces the size of
the broadcast domain.
Consider the following example:
In the picture above we have one huge network: 10.0.0.0/24. All hosts on the network are
in the same subnet, which has following disadvantages:
a single broadcast domain – all hosts are in the same broadcast domain. A
broadcast sent by any device on the network will be processed by all hosts, creating
lots of unnecessary traffic.
network security – each device can reach any other device on the network, which
can present security problems. For example, a server containing sensitive
information shouldn’t be in the same network as an user workstation.
organizational problems – in a large networks, different departments are usually
grouped into different subnets. For example, you can group all devices from the
Accounting department in the same subnet and then give access to sensitive
financial data only to hosts from that subnet.
The network above could be subnetted like this:
Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting and
10.1.0.0/24 for Marketing. Devices in each subnet are now in a different broadcast
domain. This will reduce the amount of traffic flowing on the network and allow us to
implement packet filtering on the router.
Subnet mask
An IP address is divided into two parts: network and host parts. For example, an IP class A address
consists of 8 bits identifying the network and 24 bits identifying the host. This is because the default
subnet mask for a class A IP address is 8 bits long. (or, written in dotted decimal notation, 255.0.0.0).
What does it mean? Well, like an IP address, a subnet mask also consists of 32 bits. Computers use it
to determine the network part and the host part of an address. The 1s in the subnet mask represent
a network part, the 0s a host part.
Computers works only with bits. The math used to determine a network range is binary AND.
Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8 bits (255.0.0.0).
First, we need to convert the IP address to binary:
IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001
Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000
Computers then use the AND operation to determine the network number:
The computer can then determine the size of the network. Only IP addresses that begins with 10
will be in the same network. So, in this case, the range of addresses in this network is 10.0.0.0 –
10.255.255.255.
NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.