chevron_left Subnetting: Dividing a network into smaller subnetworks to improve performance and security chevron_right

Anna Kowalski

visibility2

calendar_month2026-02-06

Subnetting: The Art of Network Segmentation

Dividing a single large network into smaller, organized, and secure subnetworks for better performance and management.

Summary: Subnetting is a fundamental networking technique that involves logically dividing a large IP^[1] address network into smaller, more manageable pieces called subnetworks (or subnets). This process is crucial for reducing network congestion, improving performance by limiting broadcast traffic, and enhancing security by isolating different parts of a network. By creating smaller broadcast domains, subnetting helps network traffic flow more efficiently, much like organizing a large school into separate classrooms and hallways to prevent overcrowding and confusion.

Understanding IP Addresses and Their Structure

Before diving into subnetting, we must understand IP addresses. Every device connected to a network, like your computer, phone, or smart TV, needs a unique identifier, similar to a home address. This identifier is the Internet Protocol (IP) address. The most common version currently in use is IPv4^[2], which looks like this: 192.168.1.50.

An IPv4 address is a 32-bit number, but it's written in a human-friendly dotted-decimal format. It has two main parts:

Network Portion: Identifies the specific network the device belongs to (like the street name).
Host Portion: Identifies the specific device within that network (like the house number).

How does a device know which part is which? This is defined by the subnet mask. A typical subnet mask for a home network is 255.255.255.0. The 255s "mask" the network portion, and the 0 reveals the host portion. Think of it as a stencil that shows only the part you want to paint.

Key Formula - Total Hosts in a Network: The number of usable devices (hosts) in a network is calculated as $2^{(number\;of\;host\;bits)} - 2$. We subtract 2 because one address is reserved for the network itself, and one is reserved for the broadcast address (a message sent to all devices).

For example, with the mask 255.255.255.0, the host portion has 8 bits (the last zero). So, total possible hosts = $2^8 - 2 = 256 - 2 = 254$.

Why Divide? The Core Benefits of Subnetting

Imagine a single, giant school cafeteria where every student from kindergarten to 12th grade eats, talks, and yells at the same time. It would be chaotic, loud, and slow to get your food. This is like a large, flat network without subnets. Subnetting builds walls to create separate lunchrooms for elementary, middle, and high school students.

Benefit	How Subnetting Helps	Real-World Analogy
Improved Performance & Reduced Congestion	Limits the scope of broadcast traffic. A broadcast sent in one subnet doesn't bother devices in another, freeing up bandwidth^[3] for actual data.	School announcements are made only to relevant classrooms via intercom, not to the entire building over a megaphone.
Enhanced Security	Isolates network segments. A security breach or problem in one subnet (e.g., the Guest Wi-Fi) can be contained and prevented from spreading to more critical subnets (e.g., the Finance Department).	Having separate, lockable wings in a hospital prevents visitors from accidentally wandering into secure operating rooms.
Simplified Management & Organization	Allows logical grouping of devices by department, function, or location. Network administrators can apply policies more easily.	Organizing a library by genre (fiction, science, history) makes it much easier to find and manage books.

The Mechanics: How Subnetting Actually Works

Subnetting works by "borrowing" bits from the host portion of an IP address and re-assigning them to become an extension of the network portion. This creates a subnet mask that is longer (has more 255s or 1s) than the original. This borrowed area creates the subnet ID.

Let's break it down with a simple example. Suppose a school is given a network address: 10.0.0.0 with a default mask of 255.0.0.0. This is a huge network with millions of possible addresses. The school wants separate subnets for its three main buildings: Admin, Science, and Arts.

Subnet Name	Borrowed Bits	New Subnet Mask	Subnet Address (Example)	Usable Host Range	Total Usable Hosts
Administration	2 bits	255.255.192.0 or /18^[4]	10.0.0.0	10.0.0.1 to 10.0.63.254	$2^{14} - 2 = 16,382$
Science Building	2 bits	255.255.192.0 or /18	10.0.64.0	10.0.64.1 to 10.0.127.254	16,382
Arts Building	2 bits	255.255.192.0 or /18	10.0.128.0	10.0.128.1 to 10.0.191.254	16,382

By borrowing 2 bits, we created 4 possible subnets ($2^2=4$), using three for our buildings and leaving one for future growth. Each building now has its own isolated network with over 16,000 usable addresses, and traffic intended for the Science Building stays there.

Planning and Executing a Real-World Subnetting Scenario

Let's work through a practical problem. A small company is assigned the network 192.168.50.0/24. They have the following needs:

Sales Department: 30 computers.
IT Department: 15 computers.
Guest Wi-Fi: 10 devices maximum.
Future expansion: Reserve one extra subnet.

Step 1: Determine host requirements. Find the subnet size that fits the largest group (Sales, with 30 hosts). We need the formula: $2^{(host\;bits)} - 2 >= required\;hosts$.

$2^5 - 2 = 30$. Perfect. So we need 5 host bits. This leaves 32 - 24 - 5 = 3 bits to borrow for subnetting. Number of subnets = $2^3 = 8$ subnets.

Step 2: Determine the new subnet mask. Original mask was /24 (255.255.255.0). We are borrowing 3 more bits, so new mask is /27. In decimal, that's 255.255.255.224.

Step 3: Define the subnets. The increment between subnets is determined by the least significant borrowed bit, which is $2^{(host\;bits)} = 2^5 = 32$. So our subnets will increase by 32 in the last octet.

Quick Tip - Finding the Subnet Increment: The easiest way to find the "block size" or increment between subnets is to look at the last non-255 number in the subnet mask. Subtract it from 256. For mask 255.255.255.224, increment = $256 - 224 = 32$.

We can now assign our subnets from the eight available:

Subnet 1: 192.168.50.0/27 - Usable: .1 to .30 (For Sales)
Subnet 2: 192.168.50.32/27 - Usable: .33 to .62 (For IT)
Subnet 3: 192.168.50.64/27 - Usable: .65 to .94 (For Guests)
Subnet 4: 192.168.50.96/27 - Reserved for future use.

This logical division ensures each department is isolated, improving security and performance, while making efficient use of the original address block.

Important Questions About Subnetting

Q1: Does subnetting slow down the network?

No, the opposite. Subnetting generally improves network speed and performance. It reduces unnecessary broadcast traffic that every device must process, freeing up bandwidth for actual user data. It's like adding dedicated lanes on a highway to prevent all cars from jamming a single lane.

Q2: What is the difference between a subnet mask and an IP address?

Think of the IP address as the full mailing address of a specific house (e.g., "123 Main Street, Springfield"). The subnet mask defines which part of that address is the "street name" (network) and which part is the "house number" (host). For "123 Main Street," the mask could be "Street Name = first two words, House Number = last word." It's the rule for interpreting the address.

Q3: Can I connect devices on different subnets?

Yes, but they cannot communicate directly by default. They need a router (or a Layer 3 switch) to act as a gateway between subnets. The router is like a security guard at the entrance of each building wing who checks IDs and decides if traffic is allowed to pass from one wing to another.

Conclusion: Subnetting is an essential skill for designing efficient and secure networks. By moving beyond the concept of a single, flat network, we can create organized, high-performance, and secure digital environments. It allows us to logically group devices, contain problems, and make the best possible use of the limited IPv4 address space. From a simple home network to a global corporate infrastructure, the principles of dividing a network into smaller subnetworks remain the same, providing the foundation for a well-managed and robust information highway.

Footnote

^[1] IP: Internet Protocol. The principal communications protocol for relaying data packets across network boundaries.
^[2] IPv4: Internet Protocol version 4. The fourth version of the Internet Protocol, which uses 32-bit addresses, providing about 4.3 billion unique addresses.
^[3] Bandwidth: The maximum rate of data transfer across a given network path, often measured in bits per second (bps).
^[4] /18 (CIDR notation): Classless Inter-Domain Routing notation. A compact representation of an IP address and its associated subnet mask. The number after the slash (/) indicates how many bits in the address are used for the network portion (e.g., /18 means the first 18 bits are the network prefix).

#IP Addressing #Subnet Mask #Network Segmentation #CIDR Notation #Broadcast Domain #AS & A Level

Did you like this article?

Blog

Go to blog

See allchevron_forward