Subnets are a way to partition networks into smaller chunks. This makes managing and routing a large network much easier, clears up ARP traffic, and can be used to divide a network into private, containerized subnetworks.
What Is A Subnet?
Say you have a multi-floor office building, with lots of devices on each floor. Having them all on one network can clog up the pipes, especially with constant ARP traffic to make the physical connection between devices.
Instead, a smarter solution would be to divide up each floor onto its own network. The easiest way to do this is by splitting the IP address into two chunks, the first used to identify the subnet (i.e. the floor of the building), and the second used to identify the host ID (the name of the computer on that floor):
In this example,
192.168.1.4 represents the fourth computer on the first floor,
192.168.5.2 is the second computer on the fifth floor, and so on. Technically, the “
192.168” part is the network ID, not the subnet ID, since it’s the same across all private subnets, but they effectively represent the same thing.
Under the hood, this is done with something called a bitmask, often called a “subnet mask.” The subnet mask determines which parts of the IP address are the subnet ID and which are the host ID. Anything that’s a “
1” is the subnet ID, and anything that’s a “
0” is the host ID.
The bitmask shown above can also be represented as
18.104.22.168, which would designate the first three bytes to the subnet ID. The subnet mask doesn’t have to break on the period, though it makes it easier in this example. You can create subnets of any size, though you’ll be limited to a maximum of 16 million total addresses on a private subnet (
10.255.255.255), which is probably enough for your use case.
Designating the last byte to the host ID allows for 256 hosts on the subnet, excluding
192.168.1.255 (the broadcast address) and
192.168.1.0 (used to represent the network itself). These are the “all ones” and “all zeros” addresses.
Why Do You Need Subnets?
Subnets are used for managing chunks of addresses. If your network is big enough, it will slow you down having all your devices on one network. Separating them at the hardware level is where subnets come in.
This is actually how the entire Internet works, so it’s easier to visualize it this way. Take your average home router for instance. It has a public IP assigned to it by the ISP, which is unique to that device. You can access your home router from anywhere in the world by going to this IP in your browser.
But you’d quickly run out of addresses if you tried to give the computers behind the router a public IP, so they instead are assigned private IP addresses that don’t identify the computers uniquely across the world, but are unique to that private network. Also, if computer A wanted to talk to computer B on the same network, you wouldn’t want to go over the Internet if the connection is local. Doing it this way keeps traffic isolated while still allowing
This is exactly why you need to port forward routers to open devices to the Internet. Your router doesn’t know that you’re running a Minecraft server on port 25565 until you tell it that you are, and that it should forward all connections on that port over to you rather than handling it itself.
The Internet is a special case in that the number of addresses are limited and you must use this public-private address arrangement. The private addresses are actually reserved from public use; the following addresses are used only for private devices:
192.168.0.0/16, a 16 bit block of 65,536 addresses
172.16.0.0/12, a 20 bit block of 1,048,576 addresses
10.0.0.0/8, a 24 bit block of 16,777,216 addresses
With this, you can have two different devices with the same private IP, hence why everyone’s home router is
With another layer of subnetting, you don’t get to have more devices behind the gateway, as each device needs a unique private IP. But you still separate devices at the hardware level; in this example, if the computer at the bottom (
192.168.1.2) wants to talk to the computer at the top (
192.168.2.3) on a different subnet, it has to exit the default gateway for its own subnet and go through the gateway for the destination subnet.
This is the kind of subnetting that you can do, and while you don’t have the benefits of private IP addresses, you still have over 16 million addresses to work with. With that, you could create 65,536 subnets with 254 hosts each, which would fill up a truck full of routers.
What Are CIDR Blocks?
Rather than including the entire subnet mask when writing it out, you can use a shorthand called CIDR notation. In this notation, you place a forward slash after the IP, followed by the number of bits used for the subnet mask (since it’s always a row of ones from left to right). For example, the subnet mask
255.255.255.0 uses 24 bits of ones, so that would be:
This lets you easily know which numbers are the subnet ID, and how big the subnet is. Larger CIDR blocks have lower numbers. You can view a full list of them here on Wikipedia.
The CIDR block
0.0.0.0/0 is a special subnet, used to represent the pool of all available addresses. This is used as a wildcard to match any address; for example, setting a firewall port to be open to
0.0.0.0/0 would open it to anyone.
Subnets can be used for private and public networks. In the previous example, the office building may be assigned the public IP address
22.214.171.124 by the Internet Service Provider. This is addressed on the outgoing end of the building’s default gateway, which it uses to route traffic outside the building. This IP address is entirely unique, and has been assigned by an ISP, which was given a CIDR block to allocate to its customers. The entire internet is divided this way, with different sized blocks used for routing between countries, states, cities, and so on.
But inside the building, devices can communicate to each other using their private IP address, usually in the range
192.168.0.0/16 (65,536 addresses) or
10.0.0.0/8 (over 16 million addresses). These can be split into smaller subnetworks as necessary.
How Does This Affect My Network Configuration?
If you’re running cable for a large office building, you’ll definitely need to take subnetting into account. One thing to note is that two address need to be reserved for the broadcast address and the network address. For example, if your client wanted ten subnets with 20 computers each, you’d actually need to allocate subnets of size 22. But unless you’re doing public subnet allocation, you’ll likely have a ton of wiggle room with the private IP addresses.
If you’re renting cloud servers, your servers will likely be operating in a subnet. This is commonly referred to as a “virtual private cloud,” as your servers can all talk to each other using their private IP addresses, but can’t access private servers in other VPCs. The actual segmentation is done through subnets, and is usually managed for you, but you can get hands-on with services like AWS VPC which let you provision your own subnets on the AWS platform. You probably won’t have to handle the networking yourself, though it will help to be familiar with CIDR notation to understand the subnet sizes.