Unless you're running a very small home or office network, subnetting is generally a good idea. Subnetting allows you to split your network into smaller pieces, each with their own IP addresses and resources. An example may include placing wireless traffic, servers, workstations, and company-issued mobile devices on their own subnets. In addition, if there is any specific service on your network that receives the most traffic, you can also place that service on its own subnet as well. There are endless possibilities, and every administrator will have his or her own ideas of the best way of splitting up the network.

In Chapter 6, Configuring Network Services, we set up a DHCP server. In it, I included an example of using a specific subnet for dynamically leased IP addresses. In that scheme, the network we used was 10.10.96.0/22. This means that we have several networks available to us, which include 10.10.96.0, 10.10.97.0, 10.10.98.0, and 10.10.99.0. With this network, we can basically divide several services each into their own network. In our configuration, 10.10.99.0 was used for DHCP. But of course, there's nothing stopping you from using IP addresses 10.10.96.1 through 10.10.99.254 should you decide to do so. It really is up to you how you configure your network. In that chapter, we set some of the ground work that will be used in this chapter. But we didn't go over how we arrived at these numbers, or how to manually split up the network ourselves.

The magic in subnetting is all about the subnet mask, though this number is only glanced over by most. For quite a few networks, the subnet mask is left at its default (255.255.255.0) and no one really questions it. If you purchase a router from a store and put it into production without configuring it (bad idea), you're left with a 24-bit network and a 255.255.255.0 subnet mask. But what does this actually mean?

There are two different styles of subnets, classful and classless. In production networks, it's rare that anyone mentions actual classes anymore, as classless is how subnetting is done nowadays (more on that later). But before we get into classless networking, it's important to understand what came before. With our discussion on subnetting, we used the example subnet mask of 255.255.255.0 several times, which belongs to what is considered a Class C network. In total, there are five classes, Class A through Class E. Classes D and E aren't used for much, so we'll stick with Classes A through C for the sake of our discussion of classful IP addressing.

The subnet masks for classes A to C are as follows:

Each of these subnet masks corresponds to which portion of the IP address is designated for the network, and which part is designated for each individual node. For example, say we have a network configured with a network address 192.168.50.0 as a Class C network. This means that our network has a subnet mask of 255.255.255.0. As with all IPv4 IP addresses, our network address has four octets: 192, 168, 50, and 0. To illustrate how a subnet mask affects an IP address, I'll line up each octet in a table:

The purpose of a subnet mask is to mask out which octets of an IPv4 address correspond to the entire network and which correspond to individual nodes. The highest possible number in each octet is 255. If an octet within a subnet mask is set to 255, which takes up that entire octet and thus cancels it out. In this case, the IP address of every node will begin with 192.168.50, since the first three octets were canceled out. Notice that the last octet is a zero in both the network address and subnet mask. In IPv4 networking, a 0 means anything. Therefore, the last octet of the subnet mask being 0 tells us that it doesn't care about that octet, and the network address being 0 means that it doesn't either. Thus, any number in the last place is fair game.

In our case, IP addresses starting from 192.168.50.0 through 192.168.50.255 belong to this network (subnet). Well, almost. We could never begin our DHCP IP range with distributing the 192.168.50.0 IP address if our subnet mask was 255.255.255.0. This is because the first IP address of a subnet cannot be assigned to a node. The first IP address is designated as the network identifier and is reserved. It's certainly possible to have an IP address ending in 0, as long as it's not the first IP address in the block. But in a Class C network, an IP address of 192.168.50.0 is not valid since it is indeed the first address within that subnet.

Another IP address that cannot be assigned to any node is the last IP of a subnet. In our Class C example, that would be 192.168.255.255. This IP address is known as the broadcast address and is also reserved. If a broadcast message needs to be sent to the entire network, the broadcast address is used for that purpose. With that in mind, the maximum our DHCP range can be in a Class C network such as the one used in our example is 192.168.50.1 to 192.168.50.254.

You may be wondering about the purpose of a broadcast address. As mentioned, it allows for packets to be sent to an entire network. In practice, network services, such as DHCP, utilize broadcast. When you first plug in a computer to an Ethernet cable (a computer that is not programmed with a static IP), it will send a broadcast message requesting an IP address. Until it connects, it has no idea what the IP address is of your DHCP server. It could be 192.168.1.1, or even 192.168.1.100. It has no idea whatsoever. By sending broadcast messages, whichever server is responsible for DHCP should be able to hear the request and respond to it.

So, why was the IP address 192.168.50.0 chosen for the previous example? That number was just chosen at random in order to illustrate how the subnet mask impacts the IP addresses that are available. We could have used 172.16.254.0 as our network address and with the Class C subnet mask of 255.255.255.0, which would still give us the same number of usable IP addresses (254). In this second example, we're still declaring a Class C network, but just with a different IP scheme. Since you're managing an internal network, you can choose whatever numbering system you want. As long as your IP addresses aren't publicly routable, it's all fair game as long as you don't use numbers above 255 in any octet, or the first or last IP address within a network. There are a few other IP addresses we can't use, but we'll get to those later.

To better understand how this works, we'll need to revisit subnet masks. As mentioned, a subnet mask helps determine which portion of an IP address scheme belongs to individual nodes and which portion belongs to the network itself. Think about it like this. A value of 255 is the maximum number that can be in any octet of a subnet mask or IP address. Each 255 within a subnet mask represents a number that cannot change. So, if you have an IP address 10.19.100.24 and a subnet mask 255.255.255.0, you can tell right away that the first three octets of this network will never change. This means that every host that is a member of this subnet will have an IP address beginning with 10.19.100. If the subnet mask was 255.255.0.0, there would be more IP addresses available, since the last two octets are up for grabs. This would actually give us 65,534 IP addresses. The former would only allow us 254 IP addresses, since the last octet is the only one that could change and its maximum number is 255 (subtracting one for the broadcast address).

But you may have noticed that I used an example of a Class A IP address (10.19.100.24), but I used a Class C subnet mask (255.255.255.0). Is this valid? Sure! Regardless of the generally agreed upon class structure, the sole purpose of a subnet mask is to help you understand which portion is host and which portion of node. Thus, subnet masks of 255.255.0.0 and 255.255.255.0 are both valid for this network.

However, some IP addresses aren't considered valid for individual classes. While an internal IP network of 253.221.96.0 with a subnet mask of 255.255.255.0 fits all these rules, it's not considered valid for a Class C network. If you're only managing your IP addresses within your network, it may or may not work. So for each class in the classful style, there is a recommended scheme to stay within. I'll illustrate that in the following table:

In fact, it's very common with internal networks to start an IP address range with 10, within the Class A scheme. That's what we've done earlier in the book when we set up our DHCP server. In that example, we used the 10.10.96.0 network. But if you recall, we did not use a Class C subnet mask of 255.255.255.0; we used 255.255.252.0. This distinction will lead us right into our next topic, CIDR.