SUBNETTING(CIDR) & SUPERNETTING – A backbone of cloud Network
Cloud Architects and SAP Infra guys – I’m sure you have all heard of networks and understand that they exist and that they are comprised of your, or your company’s, devices. You may have also noticed that they typically all have the same IP addressing scheme, at least the first numbers. Most smaller networks (less than 254 hosts; there’s a reason for this number that I’ll explain later) only change the last octet of their IP address. For instance, in your home network, you may have 192.168.1.1 as your router’s IP. Your computer might be 192.168.1.2 and your phone might be 192.168.1.99. If you are at home now, go ahead and find your IP addresses on your devices, or login to your router to obtain them from there. Unfortunately, I won’t be able to assist you with this as I don’t know what devices you have, but look around online to see if you can figure out how to find them.
As you can see by the above example, each IP address has 3 octets that match: 192.168.1 and one that doesn’t: 1, 2, and 99 respectively in this example. The first 3 octets are known as the “network” portion of the address and the last octet is known as the “host” portion:
To understand SUBNETTING – Now that we understand the network and host portion of a network, let’s discuss how we can determine how many hosts we can have in a particular network. In our previous example, we used the network 192.168.1.0, which has 1 network and a possibility of 254 hosts. How do we determine this for other networks? In the past, there was a concept of “network classes.” These classes made it very easy to tell how many hosts and networks could be created from one address. The primary Network classes are as follows:
Class A: 0.0.0.0 – 127.255.255.255
Class B: 126.96.36.199 – 188.8.131.52
Class C: 192.0.0.0 – 184.108.40.206
But what about the addresses from 220.127.116.11 and above? These are reserved for special cases and are beyond the scope of this SCN blog.
The purpose of these “classes” was to make it easier to determine what address to use based on how many hosts and networks you require. Class A networks can support up to 16 MILLION hosts, so that would be used for very large networks. Class B networks can support about 65,000, and a Class C (which most of you currently use at home) can support 254 hosts. This was a very easy way of doing things, but as networking became more complicated, so did the requirements for creating networks. This led to “Classless Inter-Domain Routing” (CIDR). With CIDR, the range the IP address falls into doesn’t matter anymore. Any IP address can be in any “class.”
So how do we determine how many networks and hosts are available now? And why do we care? Let’s say you have three departments in your organization. These three departments need to be separated from each other in a way that allows you to control who has access to each department’s respective resources. The easiest way is to put them on different networks that can’t talk to each other by design (unless you allow it). These networks are called “subnetworks” or “subnets” for short.
A subnet allows us to divide networks into smaller networks to more efficiently allocate IP addresses to logical business units. Ok, that explanation might have been a little long, so let’s use an example:
Most generic guides would use Finance, Management, and Marketing Networking Departments to describe the Organization structure.
Let’s say the three departments all use a 192.168.1.0 network. This makes things easy, but they can only have 254 hosts! So what happens if The Finance adds 150 employees and The Management adds 150? That isn’t going to work! So that’s one reason why this network won’t work. Assuming all three organizations don’t add too many hosts, the next issue is the ability to access each other’s resources. If they are all on the same network, it is easy for CPA guy in the Finance dept to be able to access a computer that Mgt team office wants to keep secure! You may also want to ensure The Marketing dept aren’t able to access YouTube while still allowing The Mgt to look up all the cat videos they want. These are all reasons to “subnet” your network!!!
Now, let’s say The Finance gets addresses 192.168.1.1 – 192.168.1.254, the Mgt Dept gets 192.168.2.1 – 192.168.2.254, and The Marketing dept gets 192.168.3.1 – 192.168.3.254. That gives all three of them 254 addresses to use and puts them on different networks (Remember, the network in this case is the first 3 octets.) This allows for security, scalability, and administration!
CLASSLESS INTER-DOMAIN ROUTING (CIDR)
So how do we know how large this network is? Why can’t this network just start at 192.168.0.0 – 192.168.255.255 like a class B network? This is where “Classless Inter-Domain Routing” or “CIDR notation” comes into play!
If you have been in IT for any amount of time, you have probably seen the “/” slash following an IP address with a number after it. Such as: 192.168.1.1/24. This /24 shows us that 24 bits are dedicated to the network. Remember bits and Bytes? We are back to those again! So, if 24 bits (3 Bytes) are dedicated to the network, we get 8 bits (or 1 Byte) dedicated for hosts. If we have 8 bits to use for hosts, that means we can have any number of hosts up to 2^7. So, if we have 8 bits set to 1, that is a total of 255 possible hosts. Here is the table for a refresher:
CALCULATING NUMBER OF SUBNETS
Let’s say you have a business with 15 departments. You need a scheme that will allow you to create 15 subnets with 14 host addresses in each subnet. How can you tell how many subnets you can create? First, find the number of 1s in the hosts section. We will call these bits “subnet bits” then we raise 2 to that power. It is similar to the hosts equation, only you are using the number of 1s instead of the number of 0s and you are not subtracting 2 from this number. Let’s look at an example with a /28 below —
Remember – n=network bit, s=subnet bit, h=host bit. –> NSH
Formula to fetch – Host quickly –
Host ==> 32 minus /subnet number = (output^2) -2
/28 -> 32-28 = 4^2 = 16 host -2 = 14 Hosts (final)
As you can see, there are 28 network bits set to “on”. So there are 28 1s and 4 0s. This allows for a total of 14 hosts, so let’s see how many subnets this gives us. The last octet is still considered the host octet, but 4 of those 0s have been changed to 1s. These 1s in the host section allow us to create subnetworks to further divide the hosts. In a /24, you can only create 1 subnet, or 20, but in a /28, you can get 16, or 24, subnets since you borrow some of the host bits to use as subnet bits.
Ok, now that we have gone through the harder parts of subnetting, it’s time to discuss another topic: “supernetting”. Supernetting, also called “Route Summarization”, allows us to take multiple subnets and consolidate them into one larger subnet. This enables us to create routing tables and policies with fewer networks listed which helps keep them cleaner and easier to manage.
Let’s say you have 2 networks: 192.168.1.0/24 and 192.168.2.0/24. You wish to create a route that will forward traffic from your router to both of these networks, but you don’t want to create two separate routes. Let’s break these masks down to binary and see how we can do this:
The goal of route summarization is to create a network using the bits the two addresses share in common. In this case, the first 22 bits are shared by these two networks!
As you can see, the first bit that differs is the 22nd bit. So if we create a new mask to mask out the first 22 bits, we can create a network that contains both networks. This network is:
I personally use CIDR Calculator for quick Network configuration review. Please let me know if anyone required this calculator sheet, I’ll be happy to share…
You made it through subnetting! We have been solving real world problems and, with practice, you can be a networking master!
Keep practicing and let me know if you have any questions!