Subnets are a way of dividing networks into smaller chunks. This makes managing and routing a large network much easier, cleans up ARP traffic and can be used to divide a network into private, containerized subnetworks.
What is a subnet?
Suppose you have a multi-storey office building with many units on each floor. Having them all in one network can clog the pipes, especially with constant ARP traffic to make the physical connection between devices.
Instead, a smarter solution would be to divide each floor into its own network. The easiest way to do this is to divide the IP address into two pieces, the first is used to identify the subnet (ie the floor of the building) and the second is used to identify the host ID (the name of the computer on that floor) :
In this example,
192.168.1.4 represents the fourth computer on the first floor,
192.168.5.2 is the second computer on the fifth floor and so on. Technically, ”
192.168Part is network ID, not subnet ID, because it’s the same across all private subnets, but they actually represent the same thing.
Under the hood, this is done with something called a bitmask, often called a “subnet mask.” The subnet mask determines which parts of the IP address are subnet IDs and which are host IDs. Everything that is a “
1“Is subnet ID and all that is”
0“Is the host ID.
The bitmask shown above can also be represented as
188.8.131.52, which would denote the first three switches to subnet ID. The subnet mask does not need to be broken during the period, but it does make it easier in this example. You can create subnets of any size, but you are limited to a maximum of 16 million addresses in total in a private subnet (
10.255.255.255), which is probably enough for your use case.
Entering the last change to host ID allows 256 hosts on the subnet, excluding
192.168.1.255 (shipping address) and
192.168.1.0 (used to represent the network itself). These are the “all” and “all zeros” addresses.
Why do you need subnets?
Subnets are used to handle bits of addresses. If your network is large enough, it will slow down having all your devices on one network. Separating them at the hardware level is where subnets come in.
This is how the whole Internet works so it is easier to visualize it in this way. Take, for example, your average home router. It has a public IP assigned to it by the ISP, which is unique to that device. You can access your home router anywhere in the world by going to this IP in your browser.
But you would quickly run out of addresses if you tried to give the computers behind the router a public IP, so they are instead assigned private IP addresses that do not uniquely identify the computers worldwide, but are unique to the private network. Also, if computer A wanted to talk to computer B on the same network, you would not want to go over the Internet if the connection is local. Doing it this way keeps the traffic isolated while still allowing
This is exactly why you need to port routers to open devices to the Internet. Your router does not know that you are running a Minecraft server on port 25565 until you say that you are and that it should forward all connections on that port to you rather than managing it yourself.
The Internet is a special case in that the number of addresses is limited and you must use this public-private address arrangement. The private addresses are in fact reserved for public use; the following addresses are used for private devices only:
192.168.0.0/16, a 16-bit block with 65,536 addresses
172.16.0.0/12, a 20-bit block with 1,048,576 addresses
10.0.0.0/8, a 24-bit block with 16,777,216 addresses
With this you can have two different devices with the same private IP, which is why everyone’s home router is
With a different layer of subnet, you may not have more devices behind the gateway, as each device needs a unique private IP. But you still distinguish hardware-level devices; in this example, if the computer is at the bottom (
192.168.1.2) wants to talk to the computer at the top (
192.168.2.3) on another subnet, it must leave the default gateway for its own subnet and go through the destination subnet gateway.
This is the kind of subnet you can do, and even if you do not have the benefits of private IP addresses, you still have over 16 million addresses to work with. With it, you can create 65,536 subnets with 254 hosts each, which would fill a truck full of routers.
What are CIDR blocks?
Instead of including the entire subnet mask when you print it, you can use a shorthand called CIDR notation. In this notation, you place a slash after the IP, followed by the number of bits used for the subnet mask (because there is always a line with from left to right). For example, the subnet mask
255.255.255.0 uses 24 bits of such, so it would be:
This lets you easily know which numbers are subnet ID and how big the subnet is. Larger CIDR blocks have lower numbers. You can see a complete list of them here on Wikipedia.
The CIDR block
0.0.0.0/0 is a special subnet used to represent the pool with all available addresses. This is used as a wildcard to match all addresses. for example, set up a firewall sport that should be open to
0.0.0.0/0 would open it to anyone.
Subnets can be used for private and public networks. In the previous example, the office building can be assigned the public IP address
184.108.40.206 by your ISP. This is addressed at the outgoing end of the building’s standard gateway, which it uses to direct traffic outside the building. This IP address is completely unique and has been assigned by an ISP, which got a CIDR block to assign to its customers. The entire internet is divided in this way, with different sized blocks used for routing between countries, states, cities and so on.
But inside the building, devices can communicate with each other using their private IP address, usually within the range
192.168.0.0/16 (65,536 addresses) or
10.0.0.0/8 (over 16 million addresses). These can be divided into smaller subnets as needed.
How does this affect my network configuration?
If you use cable for a large office building, you definitely need to consider the subnet. One thing to note is that two addresses must be reserved for the shipping address and the network address. For example, if your client wanted ten subnets with 20 computers each, you would actually need to allocate size 22 subnets, but if you do not allocate public subnets, you will likely have plenty of leeway with the private IP address. .
If you rent cloud servers, your servers are likely to operate in a subnet. This is usually called a “virtual private cloud”, because your servers can all talk to each other using their private IP addresses, but can not access private servers in other VPCs. The actual segmentation takes place via subnets and is usually handled for you, but you can get practical information with services such as AWS VPC which allows you to provide your own subnets on the AWS platform. You will probably not need to manage the network yourself, but it will help you know the CIDR notation to understand the subnet sizes.