Subnetting a large network improves security, increases performance, and logically organizes your network. But some of the calculations are difficult. The Linux
ipcalc command makes the planning phase easier.
What is subnetting?
Subnetting is a way of dividing a large network into smaller, connected parts. Each piece is called a subnet. You can organize your network so that your sales team uses one subnet, HR uses another subnet, customer support uses another subnet, and so on.
This has significant benefits. The first has to do with security and control. Without subnetting, everything is one big “flat” network. Subnetting lets you decide which subnets can communicate with other subnets. Different subnets have different IP address ranges and use different subnet masks, which we’ll get to in a moment.
Your router must be configured to allow traffic from one subnet to reach another subnet. And because the router is a managed device, you have control over the type of traffic and interaction allowed between different subnets.
Subnetting can also prevent unauthorized users and malware from roaming your network unchecked. Or at least it will slow them down. Think of it like a submarine. If you suffer a hull breach in one section, you can close the bulkhead doors to keep the rest of the ship from being flooded. Subnets are like these bulkheads.
Performance benefits often come simply from dividing a large network into subnets. If your network is large enough and busy, this increase in performance comes from reducing network traffic on each subnet. The throw-in ARP traffic alone might make things seem more responsive.
And of course, once your network is compartmentalized, it’s easier for your IT staff to understand, maintain, and support your infrastructure.
IP addresses and subnet masks
It all sounds great, and it is. But it means we have to be very specific with our IP addressing. We need to use part of IP address for network ID and part of IP address for device addressing. For subnets, we also need to use part of the IP address for the subnet.
IPv4 IP addresses use four three-digit numbers separated by periods. It’s called dot-decimal notation. The range of these numbers is 0 to 255. The first two numbers are the network ID. The third number is used to store the subnet ID and the fourth number is used to store the device address. That is in simple cases.
Numbers are represented in computers as sequences of binary values. If there are so few devices on the subnet that there are unused high bits in the device address number range, these “free” binary bits can be used by the subnet ID.
How does the router or other network device know how the IP address is composed? What indicates if the subnet ID is entirely contained in the third number or if it poaches some of the high bits of the fourth number? The answer to this is the subnet mask.
The subnet mask looks like an IP address. It’s four 3-digit numbers, and the range of numbers is from 0 to 255. But they really need to be viewed in their binary form.
Any binary bit that is a 1 in the subnet mask means that the corresponding bit in the IP address points to the network ID or subnet ID. Anything that is a zero in the subnet mask means that the corresponding bit in the IP address points to a device address.
Let’s take a typical IP address and apply a subnet mask to it. The subnet mask has 255 for each of the first three numbers and 0 for the fourth.
- IP address: 192.168.1.0
- subnet mask: 255.255.255.0 = 11111111.11111111.11111111.00000000
In binary, 255 is 11111111. When the subnet mask bits are set to one, the corresponding bits in the IP address refer to the network ID and subnet ID. 255 in the subnet mask means that all bits in the corresponding number in the IP address refer to the network ID or subnet ID.
The fourth number is zero, which means that no bit is set to one. So this number refers to the network device addresses. So our subnet mask 255.255.255.0 means that the first three digits of the IP address contain the network ID and the subnet ID and the last digit is reserved for network device addresses.
This means that as a side effect, the subnet mask also determines how many bits in the IP address can be used to identify individual devices. In other words, the subnet mask determines which bits in the IP address identify the subnet and how many devices this subnet can contain.
Changing the subnet mask has dramatic effects on the network. That’s why we have to do it right.
The ipcalc command
ipcalc makes it easy to figure out what the subnet masks and IP addresses need to be to properly subnet your network.
ipcalc was already installed on Fedora 36. We had to install it on Ubuntu 22.04 and Manjaro 21.
The command for Ubuntu is:
sudo apt install ipcalc
ipcalc Use on Manjaro:
sudo pacman -Sy ipcalc
As a minimum, we need to pass an IP address to
ipcalc. If this is all we pass
ipcalc assumes a subnet mask of 255.255.255.0. It provides a readout of information about the network and IP address.
The output contains dotted decimal values and their corresponding binary values. That means any information.
- address: 192.168.1.0. The IP address provided by us.
- netmask: 255.255.255.0 = 24. The subnet mask. 255.255.255.0 is used if no subnet mask is specified on the command line. The 24 means that 24 bits were set to 1 in the subnet mask. These are used for the network ID and subnet ID. These are counted from the left. The bits set to 1 are an uninterrupted sequence of ones. There must not be any 0 bits below it. We know that 8 bits set to 1 in binary equals 255 in decimal. So 24 means three sets of 8 bits all set to 1. In dotted decimal notation, this is 255,255,255. The rest of the bits are 0, giving us 255.255.255.0. So by counting the bits that are set to 1 and representing that as a decimal number like 24, we can convey a full subnet mask. This is called Classless inter-domain routing Notation.
- placeholder: 0.0.0.255. This is used in Cisco network devices as part of the allow list/block list settings.
- network: 192.168.1.0/24. This is the network IP address and subnet described in CIDR notation. If there is a router on this subnet, it is often assigned the lowest IP address in the permissible range.
- HostMin: 192.168.1.1. The lowest IP address that a device connected to this subnet can have.
- HostMax: 192.168.1.254. The highest IP address that a device connected to this subnet can have.
- transmission: 192.168.1.255. This is the broadcast address. Network packets sent to this IP address are broadcast back to all devices on the subnet.
- hosts/network: 254. The maximum number of devices you can connect to this subnet. In this example, our device’s IP address range is from 0 to 255, which means that we can identify 256 different IP addresses (0 to 255). But we lose an IP address for the network IP address (the “.0” address) and we lose one for the broadcast IP address (the “.255” address).
- Class C, private internet: That class of the network.
That class of a network is specified by the number of bits used for the network ID and subnet ID, plus a few bits used to contain the class of the network leading bits.
- class a: Leading bits 0. IP addresses start with 0. Default subnet: 255.0.0.0. The CIDR notation is /8.
- Class B: Leading bits 10. IP addresses start with 128. Default subnet: 255.255.0.0. The CIDR notation is /16.
- Class C: Leading bits 110. IP addresses start with 192. Default subnet: 255.255.255.0. The CIDR notation is /24.
- Class D: Leading bits 1110. IP addresses start with 224. Default subnet: undefined. The CIDR notation is /4.
Changing the subnet mask
ipcalc The command cannot change any settings, so we can try whatever we want without fear of affecting anything. Let’s see what effect changing the subnet mask has on our network.
You can use either CIDR or dot-decimal notation. For CIDR, a space is optional. These commands are all equivalent.
ipcalc 192.168.1.0 /16
ipcalc 192.168.1.0 255.255.0.0
This greatly increases the number of devices you can connect to this network. The addressing of network devices for this network starts at 192.168.0.0 and ends at 192.168.255.254.
We lose an address for the network address and one for the broadcast address, as before. But that still gives us a whopping 65,534 possible devices.
But they would still all be on one subnet.
Using ipcalc with subnets
Suppose we want to add three subnets to our network with capacity for 20, 15, and 80 hosts respectively. We can use those
-s (Split) option and follow it with our desired subnet sizes.
ipcalc 192.168.1.0 -s 20 15 80
The first section is the same as we saw earlier where
ipcalc provides an analysis of the network containing the IP address we specify on the command line. Our subnets are described in the following three sections.
In summary, the information we receive is the following:
- Subnet Mask: 255.255.255.224
- First device address: 192.168.0.129
- Last device address: 192.168.0.158
- Subnet capacity: 30 devices
- Subnet Mask: 255.255.255.224
- First device address: 192.168.0.161
- Last device address: 192.168.0.190
- Subnet capacity: 30 devices
- Subnet Mask: 255.255.255.128
- First device address: 192.168.0.1
- Last device address: 192.168.0.126
- Subnet Capacity: 126 devices
Notice the green entries in the binary values. These are the bits reserved for the subnet.
Also note that because the first and second subnets have the same subnet mask of 27, three bits in the hardware field were used for the subnet indication. In the first subnet, the bits are 100, and in the second – 101. This difference allows the router to route network traffic correctly.
It can escalate quickly
It is obvious that in a larger or more complicated network it is easy to go wrong
ipcalc, you can be sure that your values are correct. You still need to configure your network, but at least you know the values you’re using are correct.
This article was previously published on Source link