Computer NetworksSubnetting

Subnetting: Dividing Networks for Efficiency

LevelIntermediate

Duration75 mins

TopicSubnetting

1 / 5

Subnet Concept

The Challenge of Monolithic Networks

Imagine a university with 50,000 students, faculty, and staff—all assigned IP addresses within a single Class B network (65,534 usable addresses). Every broadcast message, every ARP request, every network discovery packet propagates to all 50,000 devices. The result? Broadcast storms, network congestion, and security nightmares. A single misconfigured device can bring down the entire network.

This is the fundamental problem that subnetting solves. By dividing large networks into smaller, logically organized segments—subnets—we transform unwieldy monolithic structures into efficient, secure, and manageable network architectures.

What You Will Learn

By the end of this page, you will understand: (1) Why subnetting exists and the problems it solves, (2) The fundamental concept of network subdivision, (3) How subnets provide organizational, security, and performance benefits, and (4) The relationship between subnets and the original classful addressing scheme.

What is a Subnet?

A subnet (short for subnetwork) is a logically visible subdivision of an IP network. When you subnet a network, you take one large address block and partition it into multiple smaller, independent address blocks—each functioning as its own network for routing and traffic management purposes.

The Key Insight:

Subnetting doesn't change the total number of IP addresses available—it reorganizes them. Think of it like a large warehouse divided into separate rooms. The total floor space remains constant, but the rooms provide:

Isolation: Problems in one room don't affect others
Organization: Related items grouped together
Access Control: Doors can restrict who enters each room
Efficiency: Workers only navigate relevant spaces

IP subnets provide identical benefits for network traffic.

Subnet vs. Network Segment

While often used interchangeably, 'subnet' specifically refers to a logical IP address division, while 'segment' can refer to physical network separation. A subnet is always a segment, but a segment isn't always a subnet (e.g., VLANs can create segments without IP subnetting).

Formal Definition:

A subnet is defined by taking an IP address block and extending the network portion of the address. In classful addressing, a Class B network like 172.16.0.0 has a 16-bit network portion. Subnetting might extend this to 20, 24, or 28 bits—borrowing bits from the host portion to create additional network identifiers.

Example Visualization:

Original Class B Network: 172.16.0.0/16
├── Network portion:  172.16      (16 bits)
└── Host portion:     0.0 - 255.255 (16 bits = 65,534 hosts)

After Subnetting to /24:
├── Network portion:  172.16.X    (24 bits = 256 subnets)
└── Host portion:     0 - 255     (8 bits = 254 hosts per subnet)

The /16 became /24 by borrowing 8 bits from hosts to identify subnets. We traded host capacity for network organization.

Why Subnet? The Problems It Solves

Subnetting emerged as a solution to several critical networking challenges that became apparent as networks grew beyond trivial sizes. Understanding these problems illuminates why subnetting remains fundamental to network design.

Problems Solved by Subnetting

•Broadcast Domain Explosion — In a flat network, every broadcast reaches every device. ARP requests, DHCP discoveries, NetBIOS announcements, and routing updates flood the entire network. With thousands of devices, broadcasts consume significant bandwidth and CPU cycles on every host.
•Collision Domain Issues — While switches mitigate this, historical shared-media networks (hubs, coaxial Ethernet) suffered when all devices competed for the same medium. Subnetting with routers eliminated inter-subnet collisions entirely.
•Security Boundaries — A flat network provides no natural firewall points. Any compromised device can directly communicate with any other device. Subnets create chokepoints where security policies can be enforced.
•Administrative Organization — Without subnets, there's no logical structure mapping IP addresses to departments, buildings, or functions. Troubleshooting becomes detective work.
•Routing Efficiency — A single large network is a single routing entry, but traffic patterns within it are invisible to routers. Subnets enable traffic engineering and optimal path selection.
•Address Management — Allocating addresses from one giant pool leads to fragmentation and waste. Subnets allow hierarchical allocation matching organizational needs.

Flat Network vs. Subnetted Network Comparison
Characteristic	Flat Network (No Subnets)	Subnetted Network
Broadcast Scope	All devices receive all broadcasts	Broadcasts contained within subnet
Security Boundaries	None—all devices directly reachable	Router ACLs/firewalls at subnet boundaries
Failure Impact	Single failure can affect all devices	Failures isolated to affected subnet
Troubleshooting	Search entire network for issues	Localize by subnet based on IP address
Traffic Engineering	All traffic treated equally	Inter-subnet traffic can be shaped/prioritized
Address Allocation	Manual tracking of large pool	Hierarchical allocation by subnet

The Broadcast Domain Problem: A Deep Dive

The broadcast domain problem deserves special attention because it's the most immediate performance impact of flat networks. Let's quantify this with a realistic scenario.

Scenario: A Class B Network with 10,000 Hosts

Network: 172.16.0.0/16 Hosts: 10,000 devices (workstations, servers, printers, IoT devices)

Broadcast Traffic Sources:

Broadcast Traffic Analysis for 10,000-Host Network
Protocol	Interval	Packet Size	Packets/Day	Bandwidth/Day
ARP Requests	~Once per new communication	28 bytes	~500,000	14 MB
DHCP Discover/Request	Lease renewal (8 hr avg)	300 bytes	~30,000	9 MB
NetBIOS Name Service	Every 15 min (Windows)	50 bytes	~960,000	48 MB
Multicast DNS (mDNS)	Periodic announcements	200 bytes	~200,000	40 MB
Spanning Tree BPDUs	Every 2 seconds (per switch)	35 bytes	~432,000	15 MB

The Multiplier Effect:

Every broadcast packet is received by all 10,000 hosts. Each host must:

Receive the frame (NIC interrupt, DMA to memory)
Process the Ethernet header (check destination MAC)
Process the IP header (broadcast recognition)
Evaluate relevance (Is this ARP for me? Is this my DHCP lease?)
Discard if irrelevant (99.99% of broadcasts)

With 500,000+ ARP packets per day, each of 10,000 hosts processes 5+ billion irrelevant packets annually. On legacy systems or power-constrained IoT devices, this overhead is significant.

Subnetting the Same Network:

Divide into 40 subnets of 250 hosts each (/24 subnets):

ARP broadcasts: Only ~6,250 per subnet/day (250 hosts × 25 ARPs)
Each host processes ~6,250 ARP packets/day instead of ~500,000
80× reduction in broadcast processing overhead

The Broadcast Storm Cascade

In extreme cases, broadcast traffic can trigger a cascade: excess broadcasts cause CPU load, causing timeouts, causing retransmissions, causing more broadcasts. A single malfunctioning NIC generating broadcast storms has been known to bring down entire flat networks. Subnets contain such failures to their local segment.

Subnetting and Classful Addressing

Subnetting was developed as an extension to the original classful addressing scheme. Understanding this relationship clarifies how subnet boundaries work.

The Classful Limitation:

Original IPv4 addressing provided only three network sizes:

Classful Address Allocations
Class	Network Bits	Host Bits	Networks	Hosts per Network
Class A	8	24	128	16,777,214
Class B	16	16	16,384	65,534
Class C	24	8	2,097,152	254

The Problem:

Organizations needing 500 hosts had two choices:

Class C (254 hosts): Too small—need 2 networks, complicating routing and management
Class B (65,534 hosts): Wastes 65,034 addresses (99.2% waste)

There was no "Class B.5" for medium-sized networks.

RFC 950: The Subnetting Solution (1985)

Subnetting (standardized in RFC 950) allowed organizations to internally subdivide their allocated network. An organization with a Class B network could subnet it into:

256 subnets of 254 hosts each (/24)
4,096 subnets of 14 hosts each (/28)
Any power-of-two division in between

How It Works:

Subnetting borrows bits from the host portion to create a subnet identifier:

Class B Address: 172.16.0.0/16

Original:
├── Network ID:  172.16     (16 bits - assigned by registry)
└── Host ID:     X.X        (16 bits - local assignment)

With /24 Subnet Mask:
├── Network ID:  172.16     (16 bits - assigned by registry)
├── Subnet ID:   X          (8 bits - local subnet identifier)
└── Host ID:     X          (8 bits - host within subnet)

Combined Network+Subnet = 24 bits = Extended Network Portion

To external routers, 172.16.0.0/16 remains a single entry. Internally, the organization's routers understand the /24 subdivision.

Subnetting is Invisible Externally

The Internet's core routers don't know or care that 172.16.0.0/16 is internally subnetted. They route all 172.16.x.x traffic to the organization's border router. Only within the organization do routers understand subnet boundaries. This hierarchical invisibility keeps global routing tables manageable.

The Anatomy of a Subnetted Address

Every IP address in a subnetted environment has three logical components, even though physically it's still a 32-bit number. Understanding this decomposition is essential for subnet design and troubleshooting.

The Three Components:

IP Address Components in Subnetted Networks

•Network ID (Assigned by Registry) — The original classful network assignment or CIDR block from an Internet registry. This portion is fixed by your ISP or registry allocation and identifies your organization to the global Internet.
•Subnet ID (Assigned by Network Admin) — The bits borrowed from hosts to identify internal subnets. This portion is designed by your network architects to match organizational structure, security zones, or geographic locations.
•Host ID (Assigned per Device) — The remaining bits that uniquely identify individual devices within each subnet. DHCP or static assignment fills this portion when a device joins the network.

Visual Decomposition Example:

Organization receives: 192.168.0.0/16 (Class B equivalent) Admin subnets to: /24 (256 subnets) Device address: 192.168.47.129

Binary: 11000000.10101000.00101111.10000001
        └────────┬────────┘└───┬───┘└───┬───┘
              Network ID    Subnet    Host ID
              (16 bits)     (8 bits)  (8 bits)
              
192.168    = Network assigned by ISP (fixed)
47         = Subnet 47 (building, department, floor, etc.)
129        = Host 129 within that subnet (specific device)

Important Boundaries:

All-zeros host ID: Network/subnet address itself (192.168.47.0)
All-ones host ID: Broadcast address for subnet (192.168.47.255)
Usable host range: 192.168.47.1 through 192.168.47.254 (254 addresses)

The Router's Perspective

A router examining 192.168.47.129/24 performs a bitwise AND with the subnet mask (255.255.255.0) to extract 192.168.47.0—the subnet identifier. This is compared against routing table entries to determine the next hop. The host portion (129) is irrelevant for routing decisions.

Subnet Design Considerations

Designing a subnet structure isn't purely mathematical—it requires balancing technical constraints with organizational needs. Effective subnet design considers multiple factors.

Technical Factors

•Current Host Count — How many devices exist today in each logical group?
•Growth Projections — Plan for 2-3× current size minimum; address changes are disruptive
•Broadcast Traffic Tolerance — Larger subnets mean more broadcast overhead
•Routing Table Size — More subnets = more routes = more router memory/CPU
•Address Efficiency — Smaller subnets waste more addresses (2 lost per subnet)

Organizational Factors

•Security Zones — DMZ, internal, guest networks should be separate subnets
•Administrative Boundaries — Departments, cost centers, management domains
•Physical Topology — Buildings, floors, campuses often map to subnets
•Regulatory Requirements — PCI-DSS, HIPAA may mandate network segmentation
•Troubleshooting Ease — Logical subnet naming simplifies diagnostics

Common Subnet Sizing Guidelines:

Subnet Size	Prefix	Usable Hosts	Typical Use Case
/30 or /31	4 or 2 addresses	2	Point-to-point router links
/28	16 addresses	14	Small department, printer VLAN
/27	32 addresses	30	Conference room, lab
/26	64 addresses	62	Medium department
/25	128 addresses	126	Large department
/24	256 addresses	254	Standard LAN segment
/23	512 addresses	510	Large open office
/22	1,024 addresses	1,022	Campus building

The /24 Sweet Spot:

Most enterprise networks default to /24 subnets because:

254 hosts balances broadcast control with address efficiency
Octet-aligned boundaries simplify mental arithmetic
Matches DHCP scope sizing expectations
Large enough for most departments, small enough to contain failures

Subnetting in Modern Network Architecture

While subnetting was invented in the 1980s, it remains absolutely central to modern network design—from cloud infrastructure to IoT deployments. Let's examine how subnetting manifests in contemporary environments.

Modern Subnetting Applications

•Cloud VPCs (AWS, Azure, GCP) — Virtual Private Clouds are defined by CIDR blocks. Subnets within VPCs separate public-facing resources from private backends. Availability zones map to subnets for fault isolation.
•Kubernetes Networking — Pod networks use subnets (e.g., 10.244.0.0/16) subdivided per node. Service IPs occupy separate subnets. Understanding CIDR is essential for cluster network design.
•SD-WAN and Zero Trust — Modern architectures use micro-segmentation—subnets as small as /32 (single host) with per-device policies. Subnetting enables the granular identity-based access control.
•IoT Network Isolation — Smart buildings subnet IoT devices separately from corporate networks. A compromised thermostat can't pivot to financial systems because routing prevents inter-subnet communication.
•Container and Microservices — Docker bridge networks, Kubernetes CNI plugins, and service meshes all leverage IP subnetting for traffic isolation and routing between containerized workloads.

IPv6 and Subnetting

IPv6 continues subnetting concepts but with a standardized approach: /64 for individual LANs (2^64 hosts—effectively unlimited), /48 for sites. The principles remain identical; only the scale and notation differ. Mastering IPv4 subnetting transfers directly to IPv6.

Example: AWS VPC Subnet Design

VPC CIDR: 10.0.0.0/16 (65,536 addresses)

├── Public Subnets (Internet-facing)
│   ├── 10.0.0.0/24   (AZ-a, Web servers)
│   ├── 10.0.1.0/24   (AZ-b, Web servers)
│   └── 10.0.2.0/24   (AZ-c, Web servers)
│
├── Private Subnets (Backend services)
│   ├── 10.0.10.0/24  (AZ-a, App servers)
│   ├── 10.0.11.0/24  (AZ-b, App servers)
│   └── 10.0.12.0/24  (AZ-c, App servers)
│
├── Database Subnets (Isolated)
│   ├── 10.0.20.0/24  (AZ-a, RDS instances)
│   ├── 10.0.21.0/24  (AZ-b, RDS instances)
│   └── 10.0.22.0/24  (AZ-c, RDS instances)
│
└── Reserved for Future
    └── 10.0.100.0/22 (1,024 addresses)

This design uses subnetting to:

Separate security tiers (public vs. private vs. database)
Enable multi-AZ redundancy
Reserve space for growth
Allow route table policies per subnet type

Summary: The Subnet Concept

We've established the foundational concept of subnetting. Before moving to the mechanics of subnet masks and calculations, let's consolidate our understanding.

Key Takeaways

•A subnet is a logical subdivision of an IP network — It partitions a large address space into smaller, independently managed segments while maintaining hierarchical addressing.
•Subnetting solves critical network problems — Broadcast containment, security boundaries, administrative organization, and efficient addressing all depend on proper subnet design.
•Subnetting extends classful addressing — By borrowing bits from the host portion, we create a subnet identifier that enables flexible network sizing beyond the rigid Class A/B/C structure.
•Subnetted addresses have three parts — Network ID (registry-assigned), Subnet ID (administrator-designed), and Host ID (per-device assignment).
•Subnet design balances multiple factors — Host counts, growth, security zones, organizational structure, and routing efficiency all influence optimal subnet boundaries.
•Subnetting remains fundamental in modern infrastructure — Cloud VPCs, Kubernetes, SD-WAN, and IoT all rely on subnet-based segmentation for security and traffic management.

What's Next:

Now that you understand why subnets exist and what they accomplish, we'll examine how they work mechanically. The next page covers subnet masks—the critical piece of data that enables hosts and routers to determine subnet boundaries and make routing decisions.

Concept Mastered

You now understand the subnet concept at a fundamental level. Subnetting transforms monolithic networks into organized, secure, and efficient architectures. Next, we'll learn how subnet masks encode these boundaries into a format that network devices can process.

1 / 5

Loading learning content...

Computer NetworksSubnetting

Subnetting: Dividing Networks for Efficiency

LevelIntermediate

Duration75 mins

TopicSubnetting

1 / 5

Subnet Concept

The Challenge of Monolithic Networks

What You Will Learn

What is a Subnet?

The Key Insight:

Isolation: Problems in one room don't affect others
Organization: Related items grouped together
Access Control: Doors can restrict who enters each room
Efficiency: Workers only navigate relevant spaces

IP subnets provide identical benefits for network traffic.

Subnet vs. Network Segment

Formal Definition:

Example Visualization:

Original Class B Network: 172.16.0.0/16
├── Network portion:  172.16      (16 bits)
└── Host portion:     0.0 - 255.255 (16 bits = 65,534 hosts)

After Subnetting to /24:
├── Network portion:  172.16.X    (24 bits = 256 subnets)
└── Host portion:     0 - 255     (8 bits = 254 hosts per subnet)

The /16 became /24 by borrowing 8 bits from hosts to identify subnets. We traded host capacity for network organization.

Why Subnet? The Problems It Solves

Problems Solved by Subnetting

•Broadcast Domain Explosion — In a flat network, every broadcast reaches every device. ARP requests, DHCP discoveries, NetBIOS announcements, and routing updates flood the entire network. With thousands of devices, broadcasts consume significant bandwidth and CPU cycles on every host.
•Collision Domain Issues — While switches mitigate this, historical shared-media networks (hubs, coaxial Ethernet) suffered when all devices competed for the same medium. Subnetting with routers eliminated inter-subnet collisions entirely.
•Security Boundaries — A flat network provides no natural firewall points. Any compromised device can directly communicate with any other device. Subnets create chokepoints where security policies can be enforced.
•Administrative Organization — Without subnets, there's no logical structure mapping IP addresses to departments, buildings, or functions. Troubleshooting becomes detective work.
•Routing Efficiency — A single large network is a single routing entry, but traffic patterns within it are invisible to routers. Subnets enable traffic engineering and optimal path selection.
•Address Management — Allocating addresses from one giant pool leads to fragmentation and waste. Subnets allow hierarchical allocation matching organizational needs.

Flat Network vs. Subnetted Network Comparison
Characteristic	Flat Network (No Subnets)	Subnetted Network
Broadcast Scope	All devices receive all broadcasts	Broadcasts contained within subnet
Security Boundaries	None—all devices directly reachable	Router ACLs/firewalls at subnet boundaries
Failure Impact	Single failure can affect all devices	Failures isolated to affected subnet
Troubleshooting	Search entire network for issues	Localize by subnet based on IP address
Traffic Engineering	All traffic treated equally	Inter-subnet traffic can be shaped/prioritized
Address Allocation	Manual tracking of large pool	Hierarchical allocation by subnet

The Broadcast Domain Problem: A Deep Dive

The broadcast domain problem deserves special attention because it's the most immediate performance impact of flat networks. Let's quantify this with a realistic scenario.

Scenario: A Class B Network with 10,000 Hosts

Network: 172.16.0.0/16 Hosts: 10,000 devices (workstations, servers, printers, IoT devices)

Broadcast Traffic Sources:

Broadcast Traffic Analysis for 10,000-Host Network
Protocol	Interval	Packet Size	Packets/Day	Bandwidth/Day
ARP Requests	~Once per new communication	28 bytes	~500,000	14 MB
DHCP Discover/Request	Lease renewal (8 hr avg)	300 bytes	~30,000	9 MB
NetBIOS Name Service	Every 15 min (Windows)	50 bytes	~960,000	48 MB
Multicast DNS (mDNS)	Periodic announcements	200 bytes	~200,000	40 MB
Spanning Tree BPDUs	Every 2 seconds (per switch)	35 bytes	~432,000	15 MB

The Multiplier Effect:

Every broadcast packet is received by all 10,000 hosts. Each host must:

Receive the frame (NIC interrupt, DMA to memory)
Process the Ethernet header (check destination MAC)
Process the IP header (broadcast recognition)
Evaluate relevance (Is this ARP for me? Is this my DHCP lease?)
Discard if irrelevant (99.99% of broadcasts)

With 500,000+ ARP packets per day, each of 10,000 hosts processes 5+ billion irrelevant packets annually. On legacy systems or power-constrained IoT devices, this overhead is significant.

Subnetting the Same Network:

Divide into 40 subnets of 250 hosts each (/24 subnets):

ARP broadcasts: Only ~6,250 per subnet/day (250 hosts × 25 ARPs)
Each host processes ~6,250 ARP packets/day instead of ~500,000
80× reduction in broadcast processing overhead

The Broadcast Storm Cascade

Subnetting and Classful Addressing

Subnetting was developed as an extension to the original classful addressing scheme. Understanding this relationship clarifies how subnet boundaries work.

The Classful Limitation:

Original IPv4 addressing provided only three network sizes:

Classful Address Allocations
Class	Network Bits	Host Bits	Networks	Hosts per Network
Class A	8	24	128	16,777,214
Class B	16	16	16,384	65,534
Class C	24	8	2,097,152	254

The Problem:

Organizations needing 500 hosts had two choices:

Class C (254 hosts): Too small—need 2 networks, complicating routing and management
Class B (65,534 hosts): Wastes 65,034 addresses (99.2% waste)

There was no "Class B.5" for medium-sized networks.

RFC 950: The Subnetting Solution (1985)

Subnetting (standardized in RFC 950) allowed organizations to internally subdivide their allocated network. An organization with a Class B network could subnet it into:

256 subnets of 254 hosts each (/24)
4,096 subnets of 14 hosts each (/28)
Any power-of-two division in between

How It Works:

Subnetting borrows bits from the host portion to create a subnet identifier:

Class B Address: 172.16.0.0/16

Original:
├── Network ID:  172.16     (16 bits - assigned by registry)
└── Host ID:     X.X        (16 bits - local assignment)

With /24 Subnet Mask:
├── Network ID:  172.16     (16 bits - assigned by registry)
├── Subnet ID:   X          (8 bits - local subnet identifier)
└── Host ID:     X          (8 bits - host within subnet)

Combined Network+Subnet = 24 bits = Extended Network Portion

To external routers, 172.16.0.0/16 remains a single entry. Internally, the organization's routers understand the /24 subdivision.

Subnetting is Invisible Externally

The Anatomy of a Subnetted Address

The Three Components:

IP Address Components in Subnetted Networks

•Network ID (Assigned by Registry) — The original classful network assignment or CIDR block from an Internet registry. This portion is fixed by your ISP or registry allocation and identifies your organization to the global Internet.
•Subnet ID (Assigned by Network Admin) — The bits borrowed from hosts to identify internal subnets. This portion is designed by your network architects to match organizational structure, security zones, or geographic locations.
•Host ID (Assigned per Device) — The remaining bits that uniquely identify individual devices within each subnet. DHCP or static assignment fills this portion when a device joins the network.

Visual Decomposition Example:

Organization receives: 192.168.0.0/16 (Class B equivalent) Admin subnets to: /24 (256 subnets) Device address: 192.168.47.129

Binary: 11000000.10101000.00101111.10000001
        └────────┬────────┘└───┬───┘└───┬───┘
              Network ID    Subnet    Host ID
              (16 bits)     (8 bits)  (8 bits)
              
192.168    = Network assigned by ISP (fixed)
47         = Subnet 47 (building, department, floor, etc.)
129        = Host 129 within that subnet (specific device)

Important Boundaries:

All-zeros host ID: Network/subnet address itself (192.168.47.0)
All-ones host ID: Broadcast address for subnet (192.168.47.255)
Usable host range: 192.168.47.1 through 192.168.47.254 (254 addresses)

The Router's Perspective

Subnet Design Considerations

Designing a subnet structure isn't purely mathematical—it requires balancing technical constraints with organizational needs. Effective subnet design considers multiple factors.

Technical Factors

•Current Host Count — How many devices exist today in each logical group?
•Growth Projections — Plan for 2-3× current size minimum; address changes are disruptive
•Broadcast Traffic Tolerance — Larger subnets mean more broadcast overhead
•Routing Table Size — More subnets = more routes = more router memory/CPU
•Address Efficiency — Smaller subnets waste more addresses (2 lost per subnet)

Organizational Factors

•Security Zones — DMZ, internal, guest networks should be separate subnets
•Administrative Boundaries — Departments, cost centers, management domains
•Physical Topology — Buildings, floors, campuses often map to subnets
•Regulatory Requirements — PCI-DSS, HIPAA may mandate network segmentation
•Troubleshooting Ease — Logical subnet naming simplifies diagnostics

Common Subnet Sizing Guidelines:

Subnet Size	Prefix	Usable Hosts	Typical Use Case
/30 or /31	4 or 2 addresses	2	Point-to-point router links
/28	16 addresses	14	Small department, printer VLAN
/27	32 addresses	30	Conference room, lab
/26	64 addresses	62	Medium department
/25	128 addresses	126	Large department
/24	256 addresses	254	Standard LAN segment
/23	512 addresses	510	Large open office
/22	1,024 addresses	1,022	Campus building

The /24 Sweet Spot:

Most enterprise networks default to /24 subnets because:

254 hosts balances broadcast control with address efficiency
Octet-aligned boundaries simplify mental arithmetic
Matches DHCP scope sizing expectations
Large enough for most departments, small enough to contain failures

Subnetting in Modern Network Architecture

Modern Subnetting Applications

•Cloud VPCs (AWS, Azure, GCP) — Virtual Private Clouds are defined by CIDR blocks. Subnets within VPCs separate public-facing resources from private backends. Availability zones map to subnets for fault isolation.
•Kubernetes Networking — Pod networks use subnets (e.g., 10.244.0.0/16) subdivided per node. Service IPs occupy separate subnets. Understanding CIDR is essential for cluster network design.
•SD-WAN and Zero Trust — Modern architectures use micro-segmentation—subnets as small as /32 (single host) with per-device policies. Subnetting enables the granular identity-based access control.
•IoT Network Isolation — Smart buildings subnet IoT devices separately from corporate networks. A compromised thermostat can't pivot to financial systems because routing prevents inter-subnet communication.
•Container and Microservices — Docker bridge networks, Kubernetes CNI plugins, and service meshes all leverage IP subnetting for traffic isolation and routing between containerized workloads.

IPv6 and Subnetting

Example: AWS VPC Subnet Design

VPC CIDR: 10.0.0.0/16 (65,536 addresses)

├── Public Subnets (Internet-facing)
│   ├── 10.0.0.0/24   (AZ-a, Web servers)
│   ├── 10.0.1.0/24   (AZ-b, Web servers)
│   └── 10.0.2.0/24   (AZ-c, Web servers)
│
├── Private Subnets (Backend services)
│   ├── 10.0.10.0/24  (AZ-a, App servers)
│   ├── 10.0.11.0/24  (AZ-b, App servers)
│   └── 10.0.12.0/24  (AZ-c, App servers)
│
├── Database Subnets (Isolated)
│   ├── 10.0.20.0/24  (AZ-a, RDS instances)
│   ├── 10.0.21.0/24  (AZ-b, RDS instances)
│   └── 10.0.22.0/24  (AZ-c, RDS instances)
│
└── Reserved for Future
    └── 10.0.100.0/22 (1,024 addresses)

This design uses subnetting to:

Separate security tiers (public vs. private vs. database)
Enable multi-AZ redundancy
Reserve space for growth
Allow route table policies per subnet type

Summary: The Subnet Concept

We've established the foundational concept of subnetting. Before moving to the mechanics of subnet masks and calculations, let's consolidate our understanding.

Key Takeaways

•A subnet is a logical subdivision of an IP network — It partitions a large address space into smaller, independently managed segments while maintaining hierarchical addressing.
•Subnetting solves critical network problems — Broadcast containment, security boundaries, administrative organization, and efficient addressing all depend on proper subnet design.
•Subnetting extends classful addressing — By borrowing bits from the host portion, we create a subnet identifier that enables flexible network sizing beyond the rigid Class A/B/C structure.
•Subnetted addresses have three parts — Network ID (registry-assigned), Subnet ID (administrator-designed), and Host ID (per-device assignment).
•Subnet design balances multiple factors — Host counts, growth, security zones, organizational structure, and routing efficiency all influence optimal subnet boundaries.
•Subnetting remains fundamental in modern infrastructure — Cloud VPCs, Kubernetes, SD-WAN, and IoT all rely on subnet-based segmentation for security and traffic management.

What's Next:

Concept Mastered

1 / 5