Subnets and Network Masks
TL;DR
Without going too deep into network address space design, using /16 mask for the network (e.g. AWS VPC) and /24 mask for the subnets is a reasonable starting point.
bits mask description
network: /16 255.255.0.0 contains up to 65534 hosts in 256 subnets
subnets: /24 255.255.255.0 contains up to 254 hosts in each subnet.
The most vanilla network configuration is:
- Use
192.168.0.0/16for the whole network. - Use
192.168.X.0/24for the subnets, where X is between 0 and 255. - This configuration works like 99% of the time, but sometimes, rarely if ever, you need to have more than 254 hosts in a single subnet and you need to revise.
Networks, Subnets and Masks - The Full Details
Computers in an IP network have an address divided into two parts: the network prefix and the host identifier.
[Network prefix][Host identifier]
[38].[124.10.55]
[38.124].[10.55]
[38.124.10].[55]
Network prefix tells IP package handlers like routers where to send the package to find the network. When the package enters the network, host identifier is used to identify a machine inside the network.
Network prefix is expressed in Classless Inter-Domain Routing (CIDR) notation. But of course you also need the full address to actually calculate the network prefix.
/[Prefix Length in Bits]
/16
IP address accompanied by a CIDR contains all information required to route packages on the Internet.
38.124.10.55/24
=>
IP Address: 38.124.10.55
CIDR: /24
Subnet Mask: 255.255.255.0 (= 24 bits)
Network Address: 38.124.10.0/24 (AND between IP and mask)
Host Identifier: 0.0.0.55 (reminder of network address)
Broadcast Address: 38.124.10.255 (Last IP in the subnet)
Subnet Host Pool: 38.124.10.1 - 38.124.10.254
IP networks are divided into subnets. Subnets are mainly created to increase network security and improve network performance. Subnets are created by utilizing bits from host identifier to indicate a network inside the IP network prefix; thus called subnet.
There are three address blocks reserved for private subnets in IPv4. Addresses within this private address space will only be unique within the network and the machines will need to be assigned a global unique identifier to communicate on the Internet.
Private Network Addresses
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
To allow Internet access from hosts in a private network, you have to use a network gateway. All IP packages that are sent outside the subnet are sent to the network gateway.
If the network is 192.168.0.0/24, all packages other than 192.168.0.X
are sent to the network gateway.
Bits are borrowed from the host identifier to create subnets.
192.168.5.0/26 contains 4 subnets:
192.168.5.0/26 = 192.168.5.1 - 192.168.5.62
192.168.5.64/26 = 192.168.5.65 - 192.168.5.126
192.168.5.128/26 = 192.168.5.129 - 192.168.5.190
192.168.5.192/26 = 192.168.5.193 - 192.168.5.254
And 6 bits is reserved for the host identifier which allows 62 hosts
per subnet. Number of available hosts is 2^h-2 where h is the number of
bits reserved for hosts in the network.
A network has a subnet mask, which is the bitmap when applied by a bitwise AND operation to any IP address yielding the network prefix.
IP Address: 192.168.5 .130
Subnet Mask 255.255.255.0 (/24)
Network Prefix: 192.168.5 .0
Host Identifier: 0 .0 .0 .130
IP Address 192.168.5.130 with a mask 255.255.255.0 can be written
as 192.168.5.130/24.
CIDR is a shorter way to represent subnet masks.
11111111.11111111.11111111.00000000 // Binary
255.255.255.0 // Subnet Mask
/24 // CIDR
Broadcast address is always the last address in a subnet.
Network -> Broadcast Address
192.168.5.0/26 -> 192.168.5.63
192.168.5.64/26 -> 192.168.5.127
192.168.5.128/26 -> 192.168.5.191
192.168.5.192/26 -> 192.168.5.255
IPv4 networks may be divided into the following subnets by increasing the network mask.
CIDR Subnet mask Subnets Hosts per subnet Total Hosts
/24 255.255.255.0 1 254 254
/25 255.255.255.128 2 126 252
/26 255.255.255.192 4 62 248
/27 255.255.255.224 8 30 240
/28 255.255.255.240 16 14 224
/29 255.255.255.248 32 6 192
/30 255.255.255.252 64 2 128