πŸ” Cybersecurity Knowledge Base

Subnetting

3 min read

Subnetting

Created: 2025-11-25 Tags: networking subnetting ip-addressing network-design

Description

Subnetting is the practice of dividing a network into smaller, manageable sub-networks. It’s essential for efficient IP address allocation, network organization, and security segmentation.

Key Concepts

Subnet Mask

A 32-bit number that divides IP address into network and host portions.

Common Subnet Masks:

  • 255.0.0.0 (/8) - Class A
  • 255.255.0.0 (/16) - Class B
  • 255.255.255.0 (/24) - Class C
  • 255.255.255.128 (/25)
  • 255.255.255.192 (/26)

CIDR Notation

Classless Inter-Domain Routing notation: IP/prefix

  • 192.168.1.0/24 means first 24 bits are network, last 8 are host
  • /24 = 255.255.255.0
  • /16 = 255.255.0.0
  • /8 = 255.0.0.0

Network Classes (Legacy)

ClassRangeDefault MaskNetworksHosts/Network
A1-126/812616,777,214
B128-191/1616,38465,534
C192-223/242,097,152254
D224-239-Multicast-
E240-255-Experimental-

Subnet Calculation

Formula

  • Number of subnets: 2^n (n = borrowed bits)
  • Hosts per subnet: 2^h - 2 (h = host bits, -2 for network and broadcast)

Example: 192.168.1.0/24 split into /26

Original: 192.168.1.0/24 (256 addresses)
New: /26 subnets (64 addresses each)

Subnet 1: 192.168.1.0/26
  Network:   192.168.1.0
  First host: 192.168.1.1
  Last host:  192.168.1.62
  Broadcast:  192.168.1.63

Subnet 2: 192.168.1.64/26
  Network:   192.168.1.64
  First host: 192.168.1.65
  Last host:  192.168.1.126
  Broadcast:  192.168.1.127

Subnet 3: 192.168.1.128/26
Subnet 4: 192.168.1.192/26

Special Addresses

  • Network Address: First address (all host bits 0)
  • Broadcast Address: Last address (all host bits 1)
  • Usable Hosts: Network + 1 to Broadcast - 1

CIDR Block Sizes

CIDRSubnet MaskTotal IPsUsable Hosts
/32255.255.255.25510 (single host)
/31255.255.255.25422 (point-to-point)
/30255.255.255.25242
/29255.255.255.24886
/28255.255.255.2401614
/27255.255.255.2243230
/26255.255.255.1926462
/25255.255.255.128128126
/24255.255.255.0256254
/16255.255.0.065,53665,534
/8255.0.0.016,777,21616,777,214

Security Benefits

Network Segmentation

  • Isolate departments/functions
  • Contain security breaches
  • Limit broadcast domains
  • Implement access controls between subnets

Examples

Corporate Network: 10.0.0.0/8
  - Management: 10.1.0.0/16
  - Users: 10.2.0.0/16
  - Servers: 10.3.0.0/16
  - DMZ: 10.4.0.0/16
  - Guest: 10.5.0.0/16

Practical Tools

Linux/Mac

# Calculate subnets
ipcalc 192.168.1.0/24
 
# View network configuration
ip addr show
ifconfig

Windows

# View network configuration
ipconfig
 
# Calculate subnets (third-party tool)
# Or use online calculators

Online Calculators

  • subnet-calculator.com
  • ipcalc.org
  • Various mobile apps

Common Subnetting Scenarios

Scenario 1: Office with 50 users

  • Need: 62 usable addresses (50 users + devices + growth)
  • Solution: /26 subnet (62 usable hosts)
  • Need: 2 addresses for routers
  • Solution: /30 subnet (2 usable hosts)

Scenario 3: Data center with 200 servers

  • Need: 200+ addresses
  • Solution: /24 subnet (254 usable hosts)

VLSM (Variable Length Subnet Masking)

Using different subnet masks for different subnets to optimize address allocation.

Example:

Main network: 10.0.0.0/16

Large department (500 hosts): 10.0.0.0/23
Medium department (100 hosts): 10.0.2.0/25
Small department (20 hosts): 10.0.2.128/27
Point-to-point links: 10.0.3.0/30

Best Practices

  1. Plan ahead: Account for growth
  2. Document: Maintain IP address management (IPAM)
  3. Standardize: Consistent subnet sizes where possible
  4. Security: Segment by security zone
  5. Avoid waste: Use VLSM for efficiency
  6. Reserve space: Leave room for expansion

Common Mistakes

  • Not accounting for network and broadcast addresses
  • Overlapping subnets
  • Wrong subnet mask calculation
  • Not planning for growth
  • Inconsistent addressing scheme

Back to: 00-MOC-Cybersecurity-Roadmap

Graph View

Backlinks