Efficient Networking with Subnetting and CIDR
Feb 03, 2025Introduction
Imagine a large corporate office building with multiple departments—HR, Finance, IT, and Customer Support. If every employee had unrestricted access to every room, things would quickly become chaotic. Employees might wander into spaces where they don’t belong, sensitive documents could be accessed by unauthorized people, and productivity could suffer. To manage this better, the office is divided into sections with controlled access. The HR department is restricted to HR employees, the finance department is accessible only to finance team members, and so on.
Similarly, in networking, large networks are divided into subnets to improve organization, security, and efficiency. Just as different departments have restricted access, subnetting ensures that different devices or groups of devices operate within their designated sections of a network. For example, web servers may be placed in one subnet with open internet access, while database servers are placed in a more secure subnet with no direct internet access and restricted access only from the web server subnet.
If the database subnet does not have internet access, how will we connect to it and make any changes? This is where a jump host (or bastion host) comes in. A jump host is a specially configured machine that sits in a subnet with controlled access and acts as a gateway to reach secured resources. Administrators first connect to the jump host, which has the necessary permissions to access the database subnet, ensuring that only authorized users can manage sensitive servers while keeping them isolated from direct internet exposure.
Let’s dive into Subnetting and CIDR (Classless Inter-Domain Routing) to understand how networks are structured.
What is Subnetting?
Subnetting is the practice of dividing a large network into smaller, manageable networks, called subnets. This helps improve network efficiency, security, and organization by ensuring that devices in different subnets can be controlled separately.
For example, consider a virtual network with the address space 192.168.0.0/16. This network contains 65,536 IP addresses (from 192.168.0.0 to 192.168.255.255). We can create smaller subnets such as the following to ensure better organization, security, and efficient resource allocation:
- 192.168.1.0/24 (256 IP addresses) for web servers.
- 192.168.2.0/24 (256 IP addresses) for database servers.
- 192.168.5.0/27 – Subnet for a Bastion Host (Jump Server), allowing controlled administrative access to secure subnets like the database or internal systems.
What is CIDR (Classless Inter-Domain Routing)?
CIDR is a way of representing IP address ranges efficiently. It uses prefix notation to specify how many bits belong to the network portion of an IP address.
Example: 192.168.1.0/24
-
/24 means 24 bits are used for the network.
-
The remaining 8 bits are for hosts.
-
This allows 256 total addresses (2^8 = 256).
By adjusting the CIDR prefix, we can create smaller or larger subnets as needed.
Subnet Mask: The Key to Subnetting
A subnet mask determines how many bits are used for the network and how many are left for hosts.
CIDR | Subnet Mask | # of Hosts |
---|---|---|
/24 | 255.255.255.0 | 256 (254 usable) |
/25 | 255.255.255.128 | 128 (126 usable) |
/26 | 255.255.255.192 | 64 (62 usable) |
/27 | 255.255.255.224 | 32 (30 usable) |
/28 | 255.255.255.240 | 16 (14 usable) |
The smaller the subnet (larger prefix /xx), the fewer hosts it can support.
Example Subnetting Problems
1️⃣ How Many Hosts Can a /26 Subnet Have?
-
/26 means 26 bits for the network, 6 bits for hosts.
-
Number of hosts = 2^6 = 64.
-
2 addresses are reserved (network + broadcast).
-
Usable hosts: 64 - 2 = 62.
2️⃣ What is the Subnet Mask for a /27 Network?
-
/27 means 27 bits are network bits.
-
The remaining 5 bits are host bits.
-
The subnet mask is 255.255.255.224.
3️⃣ If You Have a /24 Network, How Many /26 Subnets Can You Create?
-
/24 = 256 addresses.
-
/26 = 64 addresses per subnet.
-
256 ÷ 64 = 4 subnets.
4️⃣ How to Divide a Given Address Space into Two Equal Subnets?
-
Given a /24 network (e.g., 192.168.1.0/24), we can divide it into two equal /25 subnets.
-
First subnet: 192.168.1.0/25 (128 addresses, 126 usable).
-
Second subnet: 192.168.1.128/25 (128 addresses, 126 usable).
-
The subnet mask for /25 is 255.255.255.128.
Conclusion
Subnetting organizes networks, conserves IP addresses, and improves security. CIDR notation makes it easier to define networks efficiently. Understanding subnetting is essential for cloud engineers, network administrators, and cybersecurity professionals. Want to learn more? Stay tuned for our next post on VLSM (Variable Length Subnet Masking) and Advanced Subnetting!
There's More!
Please watch the IP Address 101 session where we discuss the foundational networking concepts related to IP addresses, including IPv4, IPv6, subnetting, and a detailed look at the mathematics behind subnetting! Link: https://youtu.be/eVQbE9T0_zo.