Subnetting and CIDR

[!NOTE] This module explores the core principles of Subnetting and CIDR, deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.

1. Why Subnet? (The Neighborhood Analogy)

Imagine a massive city with 10,000 houses, all sharing a single, giant megaphone. Every time someone needs to ask a question (“Hey, where does Bob live?”), they shout it into the megaphone. This is a Broadcast. If all 10,000 houses are constantly shouting, nobody can hear anything, and no real work gets done. This is known as a Broadcast Storm.

If we put 10,000 computers on one flat network, the Broadcast Traffic (like ARP requests, where a computer asks “Who has IP 192.168.1.5?”) would overwhelm every device’s CPU and saturate the network links.

Subnetting is the act of taking that massive city and breaking it down into smaller, walled neighborhoods (subnets), each with their own local, quieter megaphone. It allows us to:

1. Reduce Congestion: Limit broadcasts to a smaller group, significantly improving network performance.
2. Enhance Security: Isolate the “Finance” subnet from the “Public Wi-Fi” subnet. Without routing rules, traffic cannot cross from one neighborhood to another.
3. Improve Efficiency: Stop wasting large blocks of IP addresses by assigning smaller, appropriately-sized blocks to locations that only need a few.

2. The Anatomy of an IP and Subnet Mask

An IPv4 address is not a single number; it’s a 32-bit sequence divided into four 8-bit octets. It acts as both your “Street Name” (Network ID) and your “House Number” (Host ID).

But how does a computer know which part is the street, and which part is the house? It uses a Subnet Mask. A subnet mask is a continuous sequence of 1s followed by a continuous sequence of 0s.

• 1 bits = The Network portion (Street).
• 0 bits = The Host portion (House).

Example: IP Address: 192.168.1.10 Subnet Mask: 255.255.255.0

Let’s look at the binary:

• IP:     11000000.10101000.00000001.00001010
• Mask: 11111111.11111111.11111111.00000000

The first 24 bits of the mask are 1. This means the first three octets (192.168.1) are the Network ID. The last 8 bits are 0, meaning the last octet (.10) is the Host ID.

3. CIDR Notation (Classless Inter-Domain Routing)

Writing out 255.255.255.0 is tedious. CIDR notation (or “Slash Notation”) simply counts the number of 1 bits in the subnet mask.

• /24 = 24 ones = 255.255.255.0
• /16 = 16 ones = 255.255.0.0
• /8 = 8 ones = 255.0.0.0

When you see an IP written as 192.168.1.10/24, you immediately know the mask and the size of the network.

4. The Math of a Subnet: Boundaries and Limits

For any subnet you create, no matter the size, there are two Reserved addresses that cannot be assigned to a computer:

1. The Network ID: The very first address in the block. It represents the subnet itself. (All host bits are 0).
2. The Broadcast ID: The very last address in the block. Sending a packet here broadcasts it to every device in the subnet. (All host bits are 1).

Calculating Usable Hosts: Because we lose the Network and Broadcast IDs, the formula for usable IP addresses is always:

2^{(Host Bits)} - 2 = Usable Hosts

If you have a /24 subnet, you have 32 - 24 = 8 host bits. 2⁸ = 256 total addresses. 256 - 2 = 254 usable hosts.

---

5. Interactive: The Subnet Slicer

Select a CIDR block to see how the available IP space changes. Notice how increasing the slash number decreases the available host bits.

Network Block

192.168.1.0 / 24 25 26 27 30

Subnet Details

Mask: 255.255.255.0 Host Bits: 8 bits Total IPs: 256 Usable: 254

Boundary Ranges

Network: 192.168.1.0 First Usable: 192.168.1.1 Last Usable: 192.168.1.254 Broadcast: 192.168.1.255

---

6. Case Study: Variable Length Subnet Masking (VLSM)

The Problem: You are given a single /24 network (192.168.1.0/24). You need to design an architecture that supports:

• An Engineering Department (Needs 50 IPs)
• A Sales Department (Needs 20 IPs)
• A Point-to-Point Router Link connecting the two buildings (Needs exactly 2 IPs).

If you just assign everyone a /24, you run out of IPs immediately. If you slice it evenly into four /26 subnets (64 IPs each), Engineering fits, Sales fits, but assigning a massive 64-IP block to a Router Link that only needs 2 IPs is a massive waste.

The Solution: VLSM Variable Length Subnet Masking is the process of dividing a network into subnets of different, precisely-calculated sizes, starting from the largest requirement down to the smallest.

Step 1: Engineering (Needs 50)

• Find the smallest power of 2 that fits 50 (+2 for Network/Broadcast).
• 2⁶ = 64. We need 6 host bits.
• 32 - 6 = /26 Mask.
• Subnet: 192.168.1.0/26
• Range: .0 (Network) to .63 (Broadcast). Usable: .1 to .62.

Step 2: Sales (Needs 20)

• The next available block starts at .64.
• Find the smallest power of 2 that fits 20 (+2).
• 2⁵ = 32. We need 5 host bits.
• 32 - 5 = /27 Mask.
• Subnet: 192.168.1.64/27
• Range: .64 (Network) to .95 (Broadcast). Usable: .65 to .94.

Step 3: Point-to-Point Router Link (Needs 2)

• The next available block starts at .96.
• Find the smallest power of 2 that fits 2 (+2).
• 2² = 4. We need 2 host bits.
• 32 - 2 = /30 Mask. (This is the legendary /30 used universally for router links).
• Subnet: 192.168.1.96/30
• Range: .96 (Network) to .99 (Broadcast). Usable: .97 to .98.

By using VLSM, we satisfied all requirements and still have the IP space from .100 all the way to .255 completely unused and reserved for future growth.