Subnetting a large network improves security, increases performance, and organizes your network in a logical manner. But some calculations are difficult. Linux
ipcalc command facilitates the planning phase.
What is a subnet?
Subnetting is a way of dividing a large network into smaller, interconnected parts. Each piece is called a subnet. You may choose to organize your network so that your sales team uses one subnet, HR uses another subnet, customer support uses another subnet, and so on.
This has significant advantages. The first is about security and control. Without subnets, everything is one big “flat” network. You can use subnets to decide which subnets can communicate with other subnets. Different subnets have different IP address ranges and use different subnet masks, which we’ll talk about in a moment.
Your router must be configured to allow transmission from one subnet to another. And because a router is a managed device, it gives you control over the type of traffic and interactions that are allowed between different subnets.
Subnets can also prevent unauthorized users and malware from roaming your network unchecked. Or at least slow them down. Think of it as a submarine. If the hull ruptures in one section, you can close the bulkhead door to prevent the rest of the vessel from flooding. Subnets are like those partition doors.
Often the performance benefits are purely from the act of subnetting a large network. If your network is large enough and busy enough, this performance increase will come from reducing network traffic within each subnet. A drop in ARP traffic alone can make things more responsive.
And of course, once your network is partitioned, it’s easier for your IT staff to understand, maintain and support your infrastructure.
IP addresses and subnet masks
This all sounds great, and it is. But that means we have to be very specific in our IP addressing. We need to use part of IP address for network ID and part of IP address for device addressing. For subnets, we also need to use the subnet part of the IP address.
IPv4 addresses use four three-digit numbers separated by periods. This is called dotted decimal notation. The range of these numbers is 0 to 255. The first two numbers are the network ID. The third is used to store the subnet ID and the fourth number is used to store the device address. This is in simple cases.
Numbers are represented in computers as a sequence of binary values. If there are so few devices on a subnet that there are unused high bits in the device address number range, the subnet ID can use these “spare” binary bits.
How does a router or any other network device know what the make up of an IP address is? What does it indicate if the subnet ID is entirely contained in the third number, or if it contains some of the high bits of the fourth number? The answer to this is the subnet mask.
A subnet mask looks like an IP address. They are four three-digit numbers, and the range of numbers is from 0 to 255. But you really need to think about them in their binary form.
Each binary bit that is 1 in the subnet mask means that the corresponding bit in the IP address refers to a network ID or subnet ID. All zeros in the subnet mask mean that the corresponding bit in the IP address refers to the device address.
Let’s take a typical IP address and apply a subnet mask to it. The subnet mask has 255 for each of the first three numbers and 0 for the fourth.
- IP address: 192.168.1.0
- Subnet mask: 255.255.255.0 = 11111111.11111111.11111111.00000000
In binary 255 is 11111111. If the subnet mask bits are set to one, the corresponding bits in the IP address refer to the network ID and subnet ID. 255 in the subnet mask means that all the bits in the corresponding number in the IP address refer to the network ID or subnet ID.
The fourth number is zero, which means that no bits are set to one. So this number refers to network device addresses. So our subnet mask of 255.255.255.0 means that the first three numbers of the IP address contain the network ID and subnet ID, and the last number is reserved for network device addresses.
That said, a side effect of all this is that the subnet mask also determines how many bits in the IP address can be used to identify individual devices. In other words, the subnet mask determines which bits in the IP address identify the subnet and how many devices a subnet can contain.
Changing the subnet mask has a dramatic impact on the network. That’s why we have to fix it.
The ipcalc command
ipcalc makes it easy to find out what the subnet masks and IP addresses need to be for the correct subnet of your network.
ipcalc it was already installed on Fedora 36. We had to install it on Ubuntu 22.04 and Manjaro 21.
The command for Ubuntu is:
sudo apt install ipcalc
ipcalc on Manjaro use:
sudo pacman -Sy ipcalc
At a minimum, we need to pass the IP address
ipcalc. If this is all we go through
ipcalc assumes a subnet mask of 255.255.255.0. Provides reading of network and IP address information.
The output contains dotted decimal values and their equivalent binary values. That means every bit of information.
- Address: 192.168.1.0. The IP address we provided.
- Netmask: 255.255.255.0 = 24. Subnet mask. 255.255.255.0 is used if no subnet mask was specified on the command line. 24 means that 24 bits have been set to 1 in the subnet mask. These are used for the network ID and subnet ID. These are counted from the left. Bits set to 1 will be an unbroken sequence of ones. There can be no 0 bits between them. We know that 8 bits set to 1 in binary gives us 255 in decimal. So 24 means three sets of 8 bits all set to 1. In dot decimal, that gives us 255.255.255. The rest of the bits will be 0, giving us 255.255.255.0. So by counting the bits set to 1 and giving it as a decimal number like 24, we can convey the entire subnet mask. This is called classless inter-domain routing.
- Wild card: 0.0.0.255. This is used in Cisco network devices as part of the whitelist/blocklist setting.
- Sew: 192.168.1.0/24. This is the network IP address and subnet described in CIDR notation. If a router is connected to this subnet, it is often assigned the lowest IP address in the allowable range.
- Host Min: 192.168.1.1. The lowest IP address that a device connected to this subnet can have.
- HostMax: 192.168.1.254. The highest IP address that a device connected to this subnet can have.
- Transmission: 192.168.1.255. This is the broadcast address. Network packets sent to this IP address are echoed to all devices on the subnet.
- Hosts/Net: 254. The maximum number of devices you can connect to this subnet. In this example, our device’s IP address range is 0 to 255, which means we can identify 256 different IP addresses (0 to 255). But we lose one IP address for network IP address (address “.0”) and we lose one for broadcast IP address (address “.255”).
- Class C, Private Internet: The class networks.
The class network is indicated by the number of bits used for the network ID and subnet ID plus a few bits used to contain the network class, called leading bits.
- class A: Starting bits 0. IP addresses start with 0. Default subnet: 255.0.0.0. CIDR notation is /8.
- class B: Starting bits 10. IP addresses start with 128. Default subnet: 255.255.0.0. CIDR notation is /16.
- class C: Starting bits 110. IP addresses start with 192. Default subnet: 255.255.255.0. CIDR notation is /24.
- Class D: Starting bits 1110. IP addresses start with 224. Default subnet: undefined. CIDR notation is /4.
Change the subnet mask
ipcalc command can’t change any settings, so we can try whatever we want without worrying about affecting anything. Let’s see how changing the subnet mask affects our network.
You can use either CIDR or dotted decimal notation. For CIDR, the space is optional. All these commands are equivalent.
ipcalc 192.168.1.0 /16
ipcalc 192.168.1.0 255.255.0.0
This greatly increases the number of devices you can connect to this network. Network device addressing for this network starts at 192.168.0.0 and ends at 192.168.255.254.
We lose one address for the network address and one for the broadcast address as before. But that still gives us a whopping 65,534 possible devices.
But they would all still be on the same subnet.
Using ipcalc with subnets
Let’s say we want to add three subnets to our network with capacity for 20, 15 and 80 hosts. We can use
-s (split) and follow our desired subnet sizes.
ipcalc 192.168.1.0 -s 20 15 80
The first part is the same as we saw earlier where
ipcalc provides network analysis including the IP address we provide on the command line. Our subnets are described in the following three sections.
In summary, the information we provide is:
- Subnet mask: 255.255.255.224
- Address of the first device: 192.168.0.129
- Last device address: 192.168.0.158
- Subnet capacity: 30 devices
- Subnet mask: 255.255.255.224
- Address of the first device: 192.168.0.161
- Last device address: 192.168.0.190
- Subnet capacity: 30 devices
- Subnet mask: 255.255.255.128
- Address of the first device: 192.168.0.1
- Last device address: 192.168.0.126
- Subnet capacity: 126 devices
Note the green entries in the binary values. These are the bits that have been reserved for the subnet.
Also note that since the first and second subnets have the same subnet mask of 27, three bits in the hardware field were used for the subnet indicator. In the first subnet, bits are 100 and in the second, 101. This difference allows the router to correctly route network traffic.
It can escalate quickly
It will be obvious that in a larger or more complicated network, it is very easy for error to creep in.
ipcalc, you can be sure that your values are correct. You still have to configure the network, but at least you know the values you are using are correct.