Computer NetworksSubnetting

Subnetting: Dividing Networks for Efficiency

LevelIntermediate

Duration75 mins

TopicSubnetting

3 / 5

Subnet Creation

Designing the Network Architecture

You've been given an IP address block: 172.16.0.0/16. Your organization has 12 departments ranging from 20 to 500 employees, a data center requiring 100 server addresses, 15 point-to-point WAN links, and anticipated 50% growth over five years. How do you divide this address space?

This is subnet creation—the process of transforming business requirements into a logical, efficient, and scalable IP addressing architecture. It's part mathematics, part engineering judgment, and part organizational understanding.

What You Will Learn

By the end of this page, you will understand: (1) The systematic process for subnet design, (2) How to determine optimal subnet sizes, (3) Techniques for allocating subnets to organizational units, (4) Best practices for addressing scheme documentation, and (5) Common pitfalls and how to avoid them.

The Subnet Design Process

Subnet creation follows a systematic process that balances technical constraints with organizational requirements. The steps build upon each other—rushing through early steps creates problems in later phases.

The Five-Step Subnet Design Process

•Requirements Gathering — Document the number of subnets needed, hosts per subnet, security zones, geographic distribution, and growth projections. This is primarily a business/organizational analysis, not technical work.
•Address Block Assessment — Evaluate your available IP address space. Determine if it's sufficient for requirements. If not, request additional allocation or reconsider requirements.
•Subnet Size Determination — Calculate the appropriate prefix length for each subnet category based on host requirements, always accounting for growth and the network/broadcast overhead.
•Address Allocation — Assign specific subnet ranges to organizational units, maintaining logical structure and leaving room for expansion. Document boundaries clearly.
•Validation and Documentation — Verify the scheme meets all requirements, doesn't overlap, uses address space efficiently, and create comprehensive documentation.

The Cost of Poor Planning

Renumbering an IP addressing scheme after deployment is extremely disruptive and expensive. DNS updates, firewall rules, application configurations, documentation, and user training all require changes. Invest time in proper design upfront—it's far cheaper than remediation.

Step 1: Requirements Gathering

Before touching any IP addresses, you need a complete picture of what the network must support. This involves stakeholder interviews, documentation review, and future planning.

Requirements Checklist

•Organizational Units — How many departments, teams, or business units need separate subnets? What are their current and projected sizes?
•Physical Locations — How many buildings, floors, or campuses? WAN connectivity between them?
•Security Zones — DMZ requirements? Guest networks? IoT/OT separation? Compliance mandates (PCI-DSS, HIPAA)?
•Infrastructure — Server subnets? Management networks? Storage networks? Out-of-band management?
•WAN Links — Point-to-point connections require /30 or /31 subnets. How many?
•Growth Projections — 3-year and 5-year plans. Acquisitions? New facilities? Remote work expansion?
•Special Requirements — Multicast? IPv6 transition? Load balancer VIPs? Network services (DHCP, DNS)?

Example Requirements Document:

Organization: Acme Corporation
Total Employees: 2,500 (current), 4,000 (projected 5-year)

Departments:
├── Engineering (450 employees, expected to double)
├── Sales (300 employees)
├── Marketing (150 employees)
├── Finance (100 employees, strict isolation required)
├── HR (75 employees, strict isolation required)
├── Operations (200 employees)
├── Executive (50 employees)
├── IT (125 employees)
└── Guest/Contractor (variable, up to 200 concurrent)

Infrastructure:
├── Data Center (150 servers, expandable to 300)
├── DMZ (25 public-facing servers)
├── Management Network (50 network devices)
├── VoIP (2,500 phones, same growth as employees)
└── IoT/Building Systems (500 devices)

WAN Links: 8 point-to-point connections

Allocated Address Space: 10.0.0.0/8 (private)

Step 2: Determining Subnet Sizes

Once requirements are documented, translate host counts into subnet sizes. The fundamental formula:

Usable Hosts = 2^(32 - prefix) - 2

The -2 accounts for the network address (all-zeros host portion) and broadcast address (all-ones host portion), which cannot be assigned to devices.

Sizing for Requirements:

Always round UP to the next power of 2, then add growth buffer:

Current hosts: 450
Growth factor: 2× (100% growth expected)
Required capacity: 900 hosts
Next power of 2: 1,024 (2^10)
Prefix calculation: 32 - 10 = /22
Usable hosts: 1,022 (meets 900 requirement)

Subnet Size Quick Reference
Host Requirement	Choose Prefix	Actual Capacity	Efficiency*
2	/30	2	100%
3-6	/29	6	50-100%
7-14	/28	14	50-100%
15-30	/27	30	50-100%
31-62	/26	62	50-100%
63-126	/25	126	50-100%
127-254	/24	254	50-100%
255-510	/23	510	50-100%
511-1,022	/22	1,022	50-100%

The 50% Rule of Thumb

When current utilization exceeds 50% of subnet capacity, it's time to plan for expansion. This buffer handles unexpected growth from new projects, acquisitions, or IoT proliferation. Never design subnets to be more than 50% utilized at deployment.

Applying to Example Requirements:

Subnet Purpose	Current Hosts	With Growth	Prefix	Capacity
Engineering	450	900	/22	1,022
Sales	300	450	/23	510
Marketing	150	225	/24	254
Finance	100	150	/24	254
HR	75	120	/25	126
Operations	200	300	/23	510
Executive	50	75	/25	126
IT	125	190	/24	254
Guest	200	300	/23	510
Data Center	150	300	/23	510
DMZ	25	50	/26	62
Management	50	100	/25	126
VoIP	2,500	4,000	/20	4,094
IoT	500	1,000	/22	1,022
WAN Links	8	16	16×/30	2 each

Total Address Consumption Analysis:

Summarizing the above allocations:

Large subnets (/22 and larger): ~7,000 addresses
Medium subnets (/23-/24): ~3,000 addresses
Small subnets (/25-/26): ~500 addresses
WAN links: ~64 addresses

Approximate total: ~10,500 addresses Available in 10.0.0.0/8: 16,777,214 addresses

✓ Requirements fit comfortably within allocated space.

Step 3: Address Allocation Strategies

With subnet sizes determined, the next step is assigning specific address ranges. This isn't arbitrary—good allocation strategies simplify routing, aid troubleshooting, and enable future summarization.

Allocation Best Practices

•Group by Function — Keep related subnets contiguous. All department subnets together, all infrastructure subnets together. This enables route summarization.
•Leave Expansion Room — Don't pack subnets tightly. Leave gaps between major groups for growth. A /24 today might need to grow to /23.
•Use Meaningful Patterns — Third octet = building number, fourth octet ranges = floor. Patterns aid memory and troubleshooting.
•Allocate Large Blocks First — Assign the biggest subnets first, aligned to their natural boundaries. Smaller subnets fill remaining space.
•Document Reservations — Explicitly reserve address ranges for future use. Prevents piecemeal allocation that fragments the space.

Hierarchical Allocation Example:

Given address space: 10.0.0.0/8

First, divide into major categories using the second octet:

10.0.0.0/16   - Reserved for future
10.1.0.0/16   - WAN/Infrastructure
10.2.0.0/16   - Reserved for future
10.10.0.0/16  - User Networks (Departments)
10.11.0.0/16  - User Networks (Expansion)
10.20.0.0/16  - Voice/VoIP
10.30.0.0/16  - Data Center/Servers
10.40.0.0/16  - Security Zones (DMZ, Guest)
10.50.0.0/16  - IoT/OT Networks
10.100-254    - Reserved for future

Detailed User Network Allocation (10.10.0.0/16):

10.10.0.0/22   - Engineering (1,022 hosts)
10.10.4.0/23   - Sales (510 hosts)
10.10.6.0/24   - Marketing (254 hosts)
10.10.7.0/24   - Finance (254 hosts, isolated)
10.10.8.0/25   - HR (126 hosts, isolated)
10.10.8.128/25 - Executive (126 hosts)
10.10.9.0/24   - IT (254 hosts)
10.10.10.0/23  - Operations (510 hosts)
10.10.12.0/22  - [Reserved for growth]

Note the Alignment:

/22 subnets start at multiples of 4 in the third octet (0, 4, 8...)
/23 subnets start at multiples of 2 (0, 2, 4, 6...)
/24 subnets start at any third octet value

This alignment isn't arbitrary—it's required. A /22 contains 4 consecutive /24s, so it must start at a multiple of 4.

Subnet Boundary Alignment

Subnets must be aligned to their natural boundaries. A /22 (1,024 addresses) must start at an address divisible by 1,024. A /27 (32 addresses) must start at an address divisible by 32. Misalignment causes overlapping ranges and routing failures.

Step 4: Creating the Subnet Plan

Let's work through a complete subnet creation exercise to solidify the process.

Scenario:

You're designing the IP scheme for a new branch office with:

Address allocation from HQ: 192.168.100.0/23 (512 addresses)
3 departments: Engineering (45 users), Sales (28 users), Admin (12 users)
1 server VLAN (8 servers)
1 printer/IoT VLAN (15 devices)
1 guest wireless (up to 50 guests)
2 WAN links to HQ (need /30 each)

Step-by-Step Solution:

1. Calculate Required Sizes:

Subnet	Current	+50% Growth	Min Size	Chosen Prefix	Addresses Used
Engineering	45	68	/25 (126)	/25	128
Sales	28	42	/26 (62)	/26	64
Admin	12	18	/27 (30)	/27	32
Servers	8	12	/28 (14)	/28	16
Printers/IoT	15	23	/27 (30)	/27	32
Guest	50	75	/25 (126)	/25	128
WAN Link 1	2	2	/30 (2)	/30	4
WAN Link 2	2	2	/30 (2)	/30	4

Total Required: 128+64+32+16+32+128+4+4 = 408 addresses Available: 512 addresses in /23 Remaining: 104 addresses (for future needs) ✓

2. Allocate Addresses (Largest First):

Base range: 192.168.100.0 - 192.168.101.255

/25 blocks (128 addresses each):
  192.168.100.0/25   → Engineering (100.0 - 100.127)
  192.168.100.128/25 → Guest (100.128 - 100.255)
  
/26 blocks (64 addresses each):  
  192.168.101.0/26   → Sales (101.0 - 101.63)
  
/27 blocks (32 addresses each):
  192.168.101.64/27  → Admin (101.64 - 101.95)
  192.168.101.96/27  → Printers/IoT (101.96 - 101.127)
  
/28 blocks (16 addresses each):
  192.168.101.128/28 → Servers (101.128 - 101.143)
  192.168.101.144/28 → [Reserved]
  
/30 blocks (4 addresses each):
  192.168.101.160/30 → WAN Link 1 (101.160 - 101.163)
  192.168.101.164/30 → WAN Link 2 (101.164 - 101.167)
  
Remaining: 192.168.101.168 - 192.168.101.255 (88 addresses reserved)

Final Subnet Allocation Table
Subnet Name	Network Address	Mask	Usable Range	Broadcast	Gateway*
Engineering	192.168.100.0	/25	.1 - .126	.127	.1
Guest	192.168.100.128	/25	.129 - .254	.255	.129
Sales	192.168.101.0	/26	.1 - .62	.63	.1
Admin	192.168.101.64	/27	.65 - .94	.95	.65
Printers/IoT	192.168.101.96	/27	.97 - .126	.127	.97
Servers	192.168.101.128	/28	.129 - .142	.143	.129
WAN Link 1	192.168.101.160	/30	.161 - .162	.163	N/A
WAN Link 2	192.168.101.164	/30	.164 - .165	.167	N/A

Gateway Convention

The gateway address (usually the router's interface in that subnet) is conventionally the first (.1) or last (.254 for /24) usable address. Consistency across the organization aids troubleshooting. Document whichever convention you choose.

Step 5: Documentation Standards

A subnetting scheme is only as good as its documentation. Poorly documented IP schemes lead to conflicts, confusion, and costly mistakes during troubleshooting or expansion.

Essential Documentation Elements

•Master Subnet Table — Complete list of all subnets with network address, prefix, usable range, broadcast, gateway, VLAN ID, and purpose.
•Allocation Hierarchy Diagram — Visual representation showing how address space is carved up, including reserved/unallocated blocks.
•DHCP Scope Configuration — For each subnet: scope range (excluding static reservations), lease duration, options (gateway, DNS, etc.).
•Reserved Addresses — Document which addresses are statically assigned: gateways, servers, printers, network devices.
•VLAN Mapping — Correspondence between IP subnets and VLAN IDs. Often 1:1 but should be explicitly documented.
•Change Log — History of scheme modifications with dates, justifications, and who approved changes.
•Growth Plan — Which reserved blocks are intended for which purpose. Prevents random allocation that fragments future expansion.

subnet_documentation.yaml
YAML
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Branch Office IP Addressing Scheme
# Document Version: 1.0
# Last Updated: 2024-01-15
# Author: Network Engineering Team
 
site:
  name: "Branch Office - Seattle"
  allocated_block: "192.168.100.0/23"
  total_addresses: 512
  allocated_addresses: 408
  reserved_addresses: 104
  
subnets:
  - name: "Engineering"
    network: "192.168.100.0/25"
    vlan_id: 100
    gateway: "192.168.100.1"
    usable_range: "192.168.100.2 - 192.168.100.126"
    dhcp_scope: "192.168.100.10 - 192.168.100.126"
    broadcast: "192.168.100.127"
    purpose: "Engineering department workstations"
    reserved_ips:
      - ip: "192.168.100.1"
        purpose: "Default gateway"
      - ip: "192.168.100.2"
        purpose: "Dept printer"
        
  - name: "Servers"
    network: "192.168.101.128/28"
    vlan_id: 200
    gateway: "192.168.101.129"
    usable_range: "192.168.101.130 - 192.168.101.142"
    dhcp_scope: null  # Static only
    purpose: "Branch office servers"
    reserved_ips:
      - ip: "192.168.101.130"
        hostname: "sea-dc01"
        purpose: "Domain Controller"
      - ip: "192.168.101.131"
        hostname: "sea-fs01"  
        purpose: "File Server"
 
unallocated:
  - range: "192.168.101.168 - 192.168.101.255"
    addresses: 88
    intended_purpose: "Future department expansion"

Common Mistakes and Pitfalls

Even experienced network engineers make subnetting mistakes. Awareness of common pitfalls helps avoid them.

Common Mistakes

•Overlooking Growth — Designing for today's needs without expansion buffer forces painful renumbering.
•Misaligned Subnets — Starting a /26 at .100 instead of .64 or .128 causes overlap with adjacent subnets.
•Forgetting -2 — Forgetting to subtract network and broadcast addresses leads to undersized subnets.
•Inconsistent Gateways — Using .1 in some subnets, .254 in others creates confusion and misconfiguration.
•No Reserved Space — Allocating every address leaves no room for infrastructure additions.

Best Practices

•Plan for 50-100% growth — Subnets should be ≤50% utilized at deployment.
•Always verify boundaries — Check that network address is divisible by subnet size.
•Formula: 2^n - 2 — Always subtract 2 for network and broadcast addresses.
•Document conventions — Establish and enforce consistent gateway placement.
•Reserve 20%+ for infrastructure — Static IPs for printers, servers, network gear.

The Overlap Trap

Overlapping subnets cause intermittent, hard-to-diagnose connectivity issues. For example, 192.168.1.0/24 and 192.168.1.0/25 overlap—the /25 is a subset of the /24. If both are configured on different routers, packets may route incorrectly depending on which route is preferred. Always verify no overlap exists before deploying.

Overlap Detection Technique:

Two subnets overlap if and only if one's network address falls within the other's range (or vice versa).

Subnet A: 192.168.100.0/25   (range: .0 - .127)
Subnet B: 192.168.100.64/26  (range: .64 - .127)

Check: Does 192.168.100.64 fall within 192.168.100.0 - 192.168.100.127?
Yes → OVERLAP! These subnets cannot both exist.

Subnet C: 192.168.100.128/25 (range: .128 - .255)
Check: Does 192.168.100.128 fall within Subnet A (.0 - .127)?
No → No overlap. These can coexist.

Automate this check with IP address management (IPAM) tools for large environments.

Summary: Subnet Creation

Subnet creation is the translation of organizational requirements into a logical, efficient IP addressing architecture. It requires both technical precision and organizational understanding.

Key Takeaways

•Follow the five-step process — Requirements, assessment, sizing, allocation, documentation. Each step builds on the previous.
•Size subnets with growth in mind — Use the formula 2^n - 2 for usable hosts, then select a prefix that provides at least 50% headroom.
•Allocate largest subnets first — This ensures proper alignment and maximizes remaining contiguous space.
•Maintain alignment discipline — Subnet network addresses must be divisible by their size. /26 subnets start at 0, 64, 128, 192.
•Document everything — Master tables, DHCP scopes, static reservations, VLAN mappings, and change history are all essential.
•Verify no overlaps — Check that every subnet's range is distinct from every other subnet before deployment.

What's Next:

With the subnet creation process understood, we need to master the mathematical calculations that underpin it. The next page covers subnet calculations—the formulas and techniques for determining network addresses, broadcast addresses, valid host ranges, and performing rapid mental math for subnetting questions.

Design Skills Acquired

You now understand the complete subnet design process from requirements to documentation. You can translate organizational needs into subnet specifications and allocate address space efficiently. Next, we'll master the calculations that make this work precisely.

3 / 5

Loading learning content...

Computer NetworksSubnetting

Subnetting: Dividing Networks for Efficiency

LevelIntermediate

Duration75 mins

TopicSubnetting

3 / 5

Subnet Creation

Designing the Network Architecture

What You Will Learn

The Subnet Design Process

The Five-Step Subnet Design Process

•Requirements Gathering — Document the number of subnets needed, hosts per subnet, security zones, geographic distribution, and growth projections. This is primarily a business/organizational analysis, not technical work.
•Address Block Assessment — Evaluate your available IP address space. Determine if it's sufficient for requirements. If not, request additional allocation or reconsider requirements.
•Subnet Size Determination — Calculate the appropriate prefix length for each subnet category based on host requirements, always accounting for growth and the network/broadcast overhead.
•Address Allocation — Assign specific subnet ranges to organizational units, maintaining logical structure and leaving room for expansion. Document boundaries clearly.
•Validation and Documentation — Verify the scheme meets all requirements, doesn't overlap, uses address space efficiently, and create comprehensive documentation.

The Cost of Poor Planning

Step 1: Requirements Gathering

Before touching any IP addresses, you need a complete picture of what the network must support. This involves stakeholder interviews, documentation review, and future planning.

Requirements Checklist

•Organizational Units — How many departments, teams, or business units need separate subnets? What are their current and projected sizes?
•Physical Locations — How many buildings, floors, or campuses? WAN connectivity between them?
•Security Zones — DMZ requirements? Guest networks? IoT/OT separation? Compliance mandates (PCI-DSS, HIPAA)?
•Infrastructure — Server subnets? Management networks? Storage networks? Out-of-band management?
•WAN Links — Point-to-point connections require /30 or /31 subnets. How many?
•Growth Projections — 3-year and 5-year plans. Acquisitions? New facilities? Remote work expansion?
•Special Requirements — Multicast? IPv6 transition? Load balancer VIPs? Network services (DHCP, DNS)?

Example Requirements Document:

Organization: Acme Corporation
Total Employees: 2,500 (current), 4,000 (projected 5-year)

Departments:
├── Engineering (450 employees, expected to double)
├── Sales (300 employees)
├── Marketing (150 employees)
├── Finance (100 employees, strict isolation required)
├── HR (75 employees, strict isolation required)
├── Operations (200 employees)
├── Executive (50 employees)
├── IT (125 employees)
└── Guest/Contractor (variable, up to 200 concurrent)

Infrastructure:
├── Data Center (150 servers, expandable to 300)
├── DMZ (25 public-facing servers)
├── Management Network (50 network devices)
├── VoIP (2,500 phones, same growth as employees)
└── IoT/Building Systems (500 devices)

WAN Links: 8 point-to-point connections

Allocated Address Space: 10.0.0.0/8 (private)

Step 2: Determining Subnet Sizes

Once requirements are documented, translate host counts into subnet sizes. The fundamental formula:

Usable Hosts = 2^(32 - prefix) - 2

The -2 accounts for the network address (all-zeros host portion) and broadcast address (all-ones host portion), which cannot be assigned to devices.

Sizing for Requirements:

Always round UP to the next power of 2, then add growth buffer:

Current hosts: 450
Growth factor: 2× (100% growth expected)
Required capacity: 900 hosts
Next power of 2: 1,024 (2^10)
Prefix calculation: 32 - 10 = /22
Usable hosts: 1,022 (meets 900 requirement)

Subnet Size Quick Reference
Host Requirement	Choose Prefix	Actual Capacity	Efficiency*
2	/30	2	100%
3-6	/29	6	50-100%
7-14	/28	14	50-100%
15-30	/27	30	50-100%
31-62	/26	62	50-100%
63-126	/25	126	50-100%
127-254	/24	254	50-100%
255-510	/23	510	50-100%
511-1,022	/22	1,022	50-100%

The 50% Rule of Thumb

Applying to Example Requirements:

Subnet Purpose	Current Hosts	With Growth	Prefix	Capacity
Engineering	450	900	/22	1,022
Sales	300	450	/23	510
Marketing	150	225	/24	254
Finance	100	150	/24	254
HR	75	120	/25	126
Operations	200	300	/23	510
Executive	50	75	/25	126
IT	125	190	/24	254
Guest	200	300	/23	510
Data Center	150	300	/23	510
DMZ	25	50	/26	62
Management	50	100	/25	126
VoIP	2,500	4,000	/20	4,094
IoT	500	1,000	/22	1,022
WAN Links	8	16	16×/30	2 each

Total Address Consumption Analysis:

Summarizing the above allocations:

Large subnets (/22 and larger): ~7,000 addresses
Medium subnets (/23-/24): ~3,000 addresses
Small subnets (/25-/26): ~500 addresses
WAN links: ~64 addresses

Approximate total: ~10,500 addresses Available in 10.0.0.0/8: 16,777,214 addresses

✓ Requirements fit comfortably within allocated space.

Step 3: Address Allocation Strategies

Allocation Best Practices

•Group by Function — Keep related subnets contiguous. All department subnets together, all infrastructure subnets together. This enables route summarization.
•Leave Expansion Room — Don't pack subnets tightly. Leave gaps between major groups for growth. A /24 today might need to grow to /23.
•Use Meaningful Patterns — Third octet = building number, fourth octet ranges = floor. Patterns aid memory and troubleshooting.
•Allocate Large Blocks First — Assign the biggest subnets first, aligned to their natural boundaries. Smaller subnets fill remaining space.
•Document Reservations — Explicitly reserve address ranges for future use. Prevents piecemeal allocation that fragments the space.

Hierarchical Allocation Example:

Given address space: 10.0.0.0/8

First, divide into major categories using the second octet:

10.0.0.0/16   - Reserved for future
10.1.0.0/16   - WAN/Infrastructure
10.2.0.0/16   - Reserved for future
10.10.0.0/16  - User Networks (Departments)
10.11.0.0/16  - User Networks (Expansion)
10.20.0.0/16  - Voice/VoIP
10.30.0.0/16  - Data Center/Servers
10.40.0.0/16  - Security Zones (DMZ, Guest)
10.50.0.0/16  - IoT/OT Networks
10.100-254    - Reserved for future

Detailed User Network Allocation (10.10.0.0/16):

10.10.0.0/22   - Engineering (1,022 hosts)
10.10.4.0/23   - Sales (510 hosts)
10.10.6.0/24   - Marketing (254 hosts)
10.10.7.0/24   - Finance (254 hosts, isolated)
10.10.8.0/25   - HR (126 hosts, isolated)
10.10.8.128/25 - Executive (126 hosts)
10.10.9.0/24   - IT (254 hosts)
10.10.10.0/23  - Operations (510 hosts)
10.10.12.0/22  - [Reserved for growth]

Note the Alignment:

/22 subnets start at multiples of 4 in the third octet (0, 4, 8...)
/23 subnets start at multiples of 2 (0, 2, 4, 6...)
/24 subnets start at any third octet value

This alignment isn't arbitrary—it's required. A /22 contains 4 consecutive /24s, so it must start at a multiple of 4.

Subnet Boundary Alignment

Step 4: Creating the Subnet Plan

Let's work through a complete subnet creation exercise to solidify the process.

Scenario:

You're designing the IP scheme for a new branch office with:

Address allocation from HQ: 192.168.100.0/23 (512 addresses)
3 departments: Engineering (45 users), Sales (28 users), Admin (12 users)
1 server VLAN (8 servers)
1 printer/IoT VLAN (15 devices)
1 guest wireless (up to 50 guests)
2 WAN links to HQ (need /30 each)

Step-by-Step Solution:

1. Calculate Required Sizes:

Subnet	Current	+50% Growth	Min Size	Chosen Prefix	Addresses Used
Engineering	45	68	/25 (126)	/25	128
Sales	28	42	/26 (62)	/26	64
Admin	12	18	/27 (30)	/27	32
Servers	8	12	/28 (14)	/28	16
Printers/IoT	15	23	/27 (30)	/27	32
Guest	50	75	/25 (126)	/25	128
WAN Link 1	2	2	/30 (2)	/30	4
WAN Link 2	2	2	/30 (2)	/30	4

Total Required: 128+64+32+16+32+128+4+4 = 408 addresses Available: 512 addresses in /23 Remaining: 104 addresses (for future needs) ✓

2. Allocate Addresses (Largest First):

Base range: 192.168.100.0 - 192.168.101.255

/25 blocks (128 addresses each):
  192.168.100.0/25   → Engineering (100.0 - 100.127)
  192.168.100.128/25 → Guest (100.128 - 100.255)
  
/26 blocks (64 addresses each):  
  192.168.101.0/26   → Sales (101.0 - 101.63)
  
/27 blocks (32 addresses each):
  192.168.101.64/27  → Admin (101.64 - 101.95)
  192.168.101.96/27  → Printers/IoT (101.96 - 101.127)
  
/28 blocks (16 addresses each):
  192.168.101.128/28 → Servers (101.128 - 101.143)
  192.168.101.144/28 → [Reserved]
  
/30 blocks (4 addresses each):
  192.168.101.160/30 → WAN Link 1 (101.160 - 101.163)
  192.168.101.164/30 → WAN Link 2 (101.164 - 101.167)
  
Remaining: 192.168.101.168 - 192.168.101.255 (88 addresses reserved)

Final Subnet Allocation Table
Subnet Name	Network Address	Mask	Usable Range	Broadcast	Gateway*
Engineering	192.168.100.0	/25	.1 - .126	.127	.1
Guest	192.168.100.128	/25	.129 - .254	.255	.129
Sales	192.168.101.0	/26	.1 - .62	.63	.1
Admin	192.168.101.64	/27	.65 - .94	.95	.65
Printers/IoT	192.168.101.96	/27	.97 - .126	.127	.97
Servers	192.168.101.128	/28	.129 - .142	.143	.129
WAN Link 1	192.168.101.160	/30	.161 - .162	.163	N/A
WAN Link 2	192.168.101.164	/30	.164 - .165	.167	N/A

Gateway Convention

Step 5: Documentation Standards

A subnetting scheme is only as good as its documentation. Poorly documented IP schemes lead to conflicts, confusion, and costly mistakes during troubleshooting or expansion.

Essential Documentation Elements

•Master Subnet Table — Complete list of all subnets with network address, prefix, usable range, broadcast, gateway, VLAN ID, and purpose.
•Allocation Hierarchy Diagram — Visual representation showing how address space is carved up, including reserved/unallocated blocks.
•DHCP Scope Configuration — For each subnet: scope range (excluding static reservations), lease duration, options (gateway, DNS, etc.).
•Reserved Addresses — Document which addresses are statically assigned: gateways, servers, printers, network devices.
•VLAN Mapping — Correspondence between IP subnets and VLAN IDs. Often 1:1 but should be explicitly documented.
•Change Log — History of scheme modifications with dates, justifications, and who approved changes.
•Growth Plan — Which reserved blocks are intended for which purpose. Prevents random allocation that fragments future expansion.

subnet_documentation.yaml
YAML
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Branch Office IP Addressing Scheme
# Document Version: 1.0
# Last Updated: 2024-01-15
# Author: Network Engineering Team
 
site:
  name: "Branch Office - Seattle"
  allocated_block: "192.168.100.0/23"
  total_addresses: 512
  allocated_addresses: 408
  reserved_addresses: 104
  
subnets:
  - name: "Engineering"
    network: "192.168.100.0/25"
    vlan_id: 100
    gateway: "192.168.100.1"
    usable_range: "192.168.100.2 - 192.168.100.126"
    dhcp_scope: "192.168.100.10 - 192.168.100.126"
    broadcast: "192.168.100.127"
    purpose: "Engineering department workstations"
    reserved_ips:
      - ip: "192.168.100.1"
        purpose: "Default gateway"
      - ip: "192.168.100.2"
        purpose: "Dept printer"
        
  - name: "Servers"
    network: "192.168.101.128/28"
    vlan_id: 200
    gateway: "192.168.101.129"
    usable_range: "192.168.101.130 - 192.168.101.142"
    dhcp_scope: null  # Static only
    purpose: "Branch office servers"
    reserved_ips:
      - ip: "192.168.101.130"
        hostname: "sea-dc01"
        purpose: "Domain Controller"
      - ip: "192.168.101.131"
        hostname: "sea-fs01"  
        purpose: "File Server"
 
unallocated:
  - range: "192.168.101.168 - 192.168.101.255"
    addresses: 88
    intended_purpose: "Future department expansion"

Common Mistakes and Pitfalls

Even experienced network engineers make subnetting mistakes. Awareness of common pitfalls helps avoid them.

Common Mistakes

•Overlooking Growth — Designing for today's needs without expansion buffer forces painful renumbering.
•Misaligned Subnets — Starting a /26 at .100 instead of .64 or .128 causes overlap with adjacent subnets.
•Forgetting -2 — Forgetting to subtract network and broadcast addresses leads to undersized subnets.
•Inconsistent Gateways — Using .1 in some subnets, .254 in others creates confusion and misconfiguration.
•No Reserved Space — Allocating every address leaves no room for infrastructure additions.

Best Practices

•Plan for 50-100% growth — Subnets should be ≤50% utilized at deployment.
•Always verify boundaries — Check that network address is divisible by subnet size.
•Formula: 2^n - 2 — Always subtract 2 for network and broadcast addresses.
•Document conventions — Establish and enforce consistent gateway placement.
•Reserve 20%+ for infrastructure — Static IPs for printers, servers, network gear.

The Overlap Trap

Overlap Detection Technique:

Two subnets overlap if and only if one's network address falls within the other's range (or vice versa).

Subnet A: 192.168.100.0/25   (range: .0 - .127)
Subnet B: 192.168.100.64/26  (range: .64 - .127)

Check: Does 192.168.100.64 fall within 192.168.100.0 - 192.168.100.127?
Yes → OVERLAP! These subnets cannot both exist.

Subnet C: 192.168.100.128/25 (range: .128 - .255)
Check: Does 192.168.100.128 fall within Subnet A (.0 - .127)?
No → No overlap. These can coexist.

Automate this check with IP address management (IPAM) tools for large environments.

Summary: Subnet Creation

Subnet creation is the translation of organizational requirements into a logical, efficient IP addressing architecture. It requires both technical precision and organizational understanding.

Key Takeaways

•Follow the five-step process — Requirements, assessment, sizing, allocation, documentation. Each step builds on the previous.
•Size subnets with growth in mind — Use the formula 2^n - 2 for usable hosts, then select a prefix that provides at least 50% headroom.
•Allocate largest subnets first — This ensures proper alignment and maximizes remaining contiguous space.
•Maintain alignment discipline — Subnet network addresses must be divisible by their size. /26 subnets start at 0, 64, 128, 192.
•Document everything — Master tables, DHCP scopes, static reservations, VLAN mappings, and change history are all essential.
•Verify no overlaps — Check that every subnet's range is distinct from every other subnet before deployment.

What's Next:

Design Skills Acquired

3 / 5