A router forwards packets based on the network portion of an IP address; once the network is located, the host portion of the address allows for identification of the destination device.
All devices in the organization were assigned an IP address with a matching network ID. This type of configuration is known as a flat network design. In a small network, with a limited number of devices, a flat network design is not problematic.
Subnetting - the process of segmenting a network, by dividing it into multiple smaller network spaces. These sub-networks are called subnets.
Network administrators can group devices and services into subnets that are determined by geographic location (perhaps the 3rd floor of a building), by organizational unit (perhaps the sales department), by device type (printers, servers, WAN), or any other division that makes sense for the network. Subnetting can reduce overall network traffic and improve network performance.
Note: A subnet is equivalent to a network and these terms can be used interchangeably. Most networks are a subnet of some larger address block.
A router is necessary for devices on different networks to communicate. Devices on a network use the router interface attached to their LAN as their default gateway.
Traffic cannot be forwarded between subnets without the use of a router. Every interface on the router must have an IPv4 host address that belongs to the network or subnet to which the router interface is connected.
- The size of the subnet involves planning the number of hosts that will require IP host addresses in each subnet of the subdivided private network.
- Public addresses used to connect to the Internet are typically allocated from a service provider. So while the same principles for subnetting would apply, this is not generally the responsibility of the organization’s network administrator.
Subnetting an IPv4 Network
Every network address has a valid range of host addresses. All devices attached to the same network will have an IPv4 host address for that network and a common subnet mask or network prefix.
The following are guidelines for each of the subnets:
- Network address - All 0 bits in the host portion of the address.
- First host address - All 0 bits plus a right-most 1 bit in the host portion of the address.
- Last host address - All 1 bits plus a right-most 0 bit in the host portion of the address.
- Broadcast address - All 1 bits in the host portion of the address.
Use this formula to calculate the number of subnets:
2^n (where n = the number of bits borrowed)
As shown in Figure 1, for the 192.168.1.0/25 example, the calculation looks like this:
2^1 = 2 subnets
Use this formula to calculate the number of hosts per network:
2^n (where n = the number of bits remaining in the host field)
As shown in Figure 2, for the 192.168.1.0/25 example, the calculation looks like this:
2^7 = 128
Because hosts cannot use the network address or broadcast address from a subnet, 2 of these addresses are not valid for host assignment. This means that each of the subnets has 126 (128-2) valid host addresses.
Consider large organizations or campuses with an internetwork that requires 100 subnets.
In a situation requiring a larger number of subnets, an IP network is required that has more hosts bits to borrow from, such as an IP address with a default subnet mask of /16, or 255.255.0.0.
Using a new IP address of 172.16.0.0/16 address block, host bits must be borrowed to create at least 100 subnets.
There are some organizations, such as small service providers, that might need even more subnets than 100. Take for example, an organization that requires 1000 subnets.
Using the 10.0.0.0/8 address block, host bits must be borrowed to create at least 1000 subnets.
The decision about how many host bits to borrow to create subnets is an important planning decision. There are two considerations when planning subnets: the number of host addresses required for each network and the number of individual subnets needed.
1) Determine the Total Number of Hosts: 2^n-2 (n - bits from host portion)
ex: for 800 hosts is needed subnet with 1022 hosts (2^10-2, n=10)
2) Determine the Number and Size of the Networks
Variable Length Subnet Masking
The inefficient use of addresses is characteristic of traditional subnetting of classful networks.
Subnetting a subnet, or using Variable Length Subnet Mask (VLSM), was designed to avoid wasting addresses.
VLSM allows a network space to be divided in unequal parts. With VLSM the subnet mask will vary depending on how many bits have been borrowed for a particular subnet, thus the “variable” part of the VLSM.
CIDR
IP addresses are described as consisting of two groups of bits in the address: the most significant bits are the network address, which identifies a whole network or subnet, and the least significant set forms the host identifier, which specifies a particular interface of a host on that network.
This division is used as the basis of traffic routing between IP networks and for address allocation policies. Classful network design for IPv4 sized the network address as one or more 8-bit groups, resulting in the blocks of Class A, B, or C addresses.
Classless Inter-Domain Routing allocates address space to Internet service providers and end users on any address bit boundary, instead of on 8-bit segments. In IPv6, however, the interface identifier has a fixed size of 64 bits by convention, and smaller subnets are never allocated to end users.
There are three primary considerations when planning address allocation.
- Preventing Duplication of Addresses - Each host in an internetwork must have a unique address.
- Providing and Controlling Access - Some hosts, such as servers, provide resources to internal hosts as well as to external hosts. The Layer 3 address assigned to a server can be used to control access to that server.
- Monitoring Security and Performance - Similarly, the security and performance of network hosts and the network as a whole must be monitored.
A network addressing plan:
- Addresses for Clients - DHCP,
- Addresses for Servers and Peripherals - should have a static IP address,
- Addresses for Hosts that are Accessible from Internet - IP addresses for these devices should be static (public IP). The router or firewall at the perimeter of the network must be configured to translate the internal address of the server into a public address.
- Addresses for Intermediary Devices - assigned Layer 3 addresses, either for the device management or for their operation. Devices, such as hubs, switches, and wireless access points do not require IPv4 addresses to operate as intermediary devices. However, if we must access these devices as hosts to configure, monitor, or troubleshoot network operation, they must have addresses assigned. (assigned manually)
- Address for the Gateway (Routers and Firewalls) - have an IP address assigned to each interface. Typically, the router interface uses either the lowest or highest address in the network.
Subnetting an IPv6 Network
IPv6 subnetting requires a different approach than IPv4 subnetting. The primary reason is that with IPv6 there are so many addresses, that the reason for subnetting is completely different. An IPv6 address space is not subnetted to conserve addresses; rather, it is subnetted to support hierarchical, logical design of the network. While IPv4 subnetting is about managing address scarcity, IPv6 subnetting is about building an addressing hierarchy based on the number of routers and the networks they support.
An IPv6 address block with a /48 prefix has 16 bits for subnet ID.
Subnetting using the 16 bit subnet ID yields a possible 65,536 /64 subnets and does not require borrowing any bits from the interface ID, or host portion of the address.
Each IPv6 /64 subnet contains roughly eighteen quintillion addresses, obviously more than will ever be needed in one IP network segment.
The global routing prefix is the same for all subnets. Only the subnet ID quartet is incremented for each subnet.
Similar to borrowing bits from the host portion of an IPv4 address, with IPv6 bits can be borrowed from the interface ID to create additional IPv6 subnets. This is typically done for security reasons to create fewer hosts per subnet and not necessarily to create additional subnets.
When extending the subnet ID by borrowing bits from the interface ID, the best practice is to subnet on a nibble boundary. A nibble is 4 bits or one hexadecimal digit. As shown in the figure, the /64 subnet prefix is extended 4 bits or 1 nibble to /68. Doing this reduces the size of the interface ID by 4 bits, from 64 to 60 bits.
Subnetting on nibble boundaries means only using nibble aligned subnet masks. Starting at /64, the nibble aligned subnet masks are /68, /72, /76, /80, etc.
