Back to all articles
SubnettingIP AddressingLayer 3CIDR

Subnetting: The Art of Slicing Up a Network

Chris VanceAugust 19, 2024

If you look at the IP settings on your computer right now, you won't just see an IP address (like `192.168.1.50`). You will also see a Subnet Mask, which usually looks like `255.255.255.0`.

Why do we need a mask? Why can't we just use the IP address by itself?

Because an IP address is actually two completely different things mashed together into one number. The Subnet Mask is the decoder ring that tells your computer how to split them apart.

The Two Halves of an IP Address

Every IP address is divided into two sections:

1. The Network Portion: Like the zip code and street name on a piece of mail. It identifies the general neighborhood.

2. The Host Portion: Like the house number. It identifies the specific device within that neighborhood.

If two computers share the exact same Network Portion, they are on the same local network (LAN). They can talk to each other directly via Layer 2 (MAC addresses) using a Switch.

If they have different Network Portions, they are on different networks. They *cannot* talk directly. They must send their traffic to a Router, which will navigate the packet across the internet.

So, when your computer wants to talk to `192.168.1.100`, how does it know if that address is local (just use the switch) or remote (send it to the router)? It uses the Subnet Mask.

How the Mask Works

The Subnet Mask is a mathematical filter.

When your computer sees `255.255.255.0`, it lines that mask up against your IP address (`192.168.1.50`).

  • Wherever there is a `255`, that means "This part of the IP is the **Network Portion**."
  • Wherever there is a `0`, that means "This part of the IP is the **Host Portion**."

    • So, with a mask of `255.255.255.0`:

  • The Network is: `192.168.1.X`
  • The Host is: `.50`

    • Your computer knows that *any* IP address starting with `192.168.1` is on the local network. Anything else goes to the router.

    This specific mask (`255.255.255.0`) leaves you with one octet (8 bits) for hosts. Mathematically, 2^8 is 256. After subtracting the network address and the broadcast address, you are left with 254 usable host IP addresses. This is the standard size for a home network.

    Why Subnet?

    Suppose you are a network engineer for a university. The university is granted a massive block of IP addresses: everything starting with `172.16.X.X`.

    This block gives you 65,534 usable host IPs.

    If you just plug 65,000 computers into a giant array of switches and give them all a `255.255.0.0` mask, you have created a single, flat network. This is a catastrophic mistake.

    Every time one computer sends an ARP request (a broadcast asking "Who has this IP?"), the switches will blast that request to all 65,000 computers. The sheer volume of background broadcast noise will instantly overwhelm the switches and bring the entire network to a crawling halt. This is called a Broadcast Storm.

    To fix this, you must Subnet. You must take that massive block of 65,000 IPs and slice it into dozens of smaller, isolated networks.

    Borrowing Bits (The Math of Subnetting)

    Instead of using the default `255.255.0.0` mask, you create a custom mask. You move the dividing line to the right, "borrowing" bits from the Host portion and giving them to the Network portion.

    You might change the mask to `255.255.255.0`.

    By doing this, you have fundamentally altered the structure of the network. Instead of having One giant network with 65,000 hosts, you now have 256 smaller networks, each with 254 hosts.

  • Subnet 1: `172.16.1.0` (For the Library)
  • Subnet 2: `172.16.2.0` (For the Dorms)
  • Subnet 3: `172.16.3.0` (For the Science Building)

    • Now, when a computer in the Library sends a broadcast, it is contained entirely within Subnet 1. It only bothers 253 other computers. The Dorms and the Science Building never hear it.

    If a student in the dorms wants to access a server in the Science Building, the traffic must physically leave the dorm switch, go up to a Router (or Layer 3 Switch), get routed to the Science Building subnet, and go back down.

    Subnetting shrinks the broadcast domain, improving performance and security by forcing inter-departmental traffic to pass through a routed checkpoint.

    CIDR Notation

    Typing out `255.255.255.0` is annoying. Today, engineers almost exclusively use CIDR (Classless Inter-Domain Routing) notation.

    CIDR simply counts how many binary "1"s are in the subnet mask from left to right.

  • `255.0.0.0` has eight 1s. It is written as **`/8`**. (Massive network, 16 million hosts).
  • `255.255.0.0` has sixteen 1s. It is written as **`/16`**. (Large network, 65,000 hosts).
  • `255.255.255.0` has twenty-four 1s. It is written as **`/24`**. (Standard network, 254 hosts).

    • When you see an IP written as `192.168.1.50/24`, that slash-24 is exactly the same thing as the subnet mask. It tells you exactly where the network ends and the host begins.