Subnetting- From networking to cloud

8 min readSep 15, 2023

Hello there!

This blog is an attempt to explain the tricky concept of subnetting and the math behind it.

One can expect to be able to find out: the number of hosts available in a network after looking at a subnet, the number of switches that might be turned on for a particular subnet, finding the subnet with the help of classes after looking at the number of switches turned on for a particular network, list out the subnet mask for one’s network and also understand how to scale subnets according to one’s network requirements.

Now I’m aware that this was indeed an intro filled with jargon, much like the life of an infosec professional. It’ll be hard to change things for the latter but an attempt has been made to resolve the fresh jargon thrown at you in the write-up below.

What is an IP address?
What is a subnet?
How can I find out my IP, MAC, and subnet mask in Windows and Linux?
How to find out the number of hosts within a subnet?
How does subnetting work on auto-scaling container instances on the cloud?

Let’s get started!

1. What is an IP Address?

While working on networks, a lot of you might have come across some numerical label like 192.168.x.y. This is called an Internet Protocol address. This address is used to identify your device on a network. (Layer 3 of the OSI model). It is assigned by the internet service provider to all the devices on a network.

Now this IP address is made up of four octets or four 8-bit numbers which are visible to us in a decimal number format. This thus makes the IP address a 32-bit number. The number of addresses possible would thus be equal to 2³².

Each decimal number can have its binary equivalent and this binary number is in turn used to communicate with the underlying machines. The figure above depicts the break-up of four octets in an IP as well as the binary equivalent of each of the four octets in that IP.

Private IP addresses make use of 3 network classes namely: A, B, and C. Each class uses the 32-bit space differently to define a specific range of IP addresses pertaining to that particular class (refer to the table below). In doing so, each class is also able to specify a particular number of hosts and networks available in that range. More on this in part 2.

Each IP address is made up of two addresses, a network address, and a host address. The first 24 bits are identified as a network address and the last 8 bits are identified as the host address. So if we have an IP address like 192.168.23.152, the binary equivalent would be:

11000000.10101000.00010111.10011000 -Complete IP address(192.168.23.152)

Out of this, the first 24 bits i.e. 11000000.10101000.00010111 correspond to 192.168.23 which is the network address. The last 8 bits, 10011000 correspond to 152, which is the destination or host address.

11000000.10101000.00010111. 00000000 -Network Address (192.168.23.0)

00000000.00000000.00000000.10011000 -Host address (000.000.000.152)

Now this network address is essentially a subnet. So when a packet arrives at 192.168.23.0 subnet, it has a destination/host address of 192.168.23.152.

2. What is a subnet?

Now let’s address the big question! A subnet is nothing but a sub-network. Subnetting is the process of dividing a large network into smaller sub-networks called subnets.

This process proves more efficient to conserve a great number of addresses as the address base of IPs(ipv4) is only 2³² which is approximately equal to 4 billion. And that is not enough. Courtesy: Network revolution and population growth.

Now, this IPv4 range was considered to be fairly enough in the 90s. But the technical boom thereon put things in a pickle. So what was done instead, was that another address in the form of ipv6 was introduced. This was a 128-bit hexadecimal address which made the address base 2¹²⁸ which is approximately equal to something we should not be concerned about, ever. But there was one problem with ipv6; it was not pretty.

Subnetting to the rescue!

The problem with ipv6 was that it was hard to remember. It looked something like:

So to solve the issue of running out of address bases, what was done was that each octet in the IP address was given a range from 0–255. The value of the decimal number on each octet could be any number between 0–255. This thus produced a huge range of numbers and addresses that could be assigned to billions of machines available to us and never run out of them.

What was done was that for a private network with a number of devices connected, the network class C was recommended which gave a huge difference between the number of networks and the number of devices per network. This was suitable for a home environment.

For an organizational ecosystem, however, network class A was recommended as the no of networks is small but no. of hosts per network is huge.

Subnetting is done through subnet masks. “A subnet mask is a 32- or 128-bit number that segments an existing IP address in a TCP/IP network.” This division is done by breaking the IP address into a network and a host address. This thus, helps us identify which part of the IP is available for the network and which of them is available for the host to use.

A subnet mask also helps us identify the number of devices that can be hosted on a network, the subnets possible for an IP range, and finally, the type of network one is working in.

3. How can I find out my IP and subnet mask in Windows and Linux?

Now to find the IP and subnet mask of your PC in a network, you can run some commands on your terminal.

For Linux: ifconfig

The inet corresponds to the IP address of the machine. Netmask is specified beside the label netmask, broadcast is used to identify the broadcast address within the subnet and ether specifies the MAC address of the machine.

For Windows: ipconfig

The IPv4 corresponds to the IP address of the machine. Subnet Mask is used to specify the netmask of the network.

4. How to find out the number of hosts within a subnet?

Example: Suppose you have the IP address range 192.168.10.0/24, and you want to subnet it to create smaller subnets.

Step 1: Convert to Binary Convert the subnet mask and IP addresses to binary format. In a /24 subnet, the first 24 bits represent the network portion, and the remaining 8 bits are for hosts.

IP Address: 192.168.10.0 = 11000000.10101000.00001010.00000000
Subnet Mask: 255.255.255.0 = 11111111.11111111.11111111.00000000

Step 2: Determine Subnet Prefix Bits Let’s say you want to create subnets that can accommodate at least 30 hosts each. Calculate the required number of host bits using the formula: 2^Host Bits — 2 ≥ Required Hosts.

In this case, 2⁵ — 2 = 30, so you need at least 5 host bits.

Step 3: Calculate New Subnet Mask Add the required number of host bits to the original 24 bits to get the new subnet mask.

New Subnet Mask: 255.255.255.224 = 11111111.11111111.11111111.11100000

Step 4: Calculate Subnet Size The subnet size is the number of host addresses available within the subnet prefix. Use the formula: 2^(Number of Host Bits) — 2.

Subnet Size = 2⁵ — 2 = 30 hosts

Step 5: Subnet Allocation Divide the original IP address range into smaller subnets. The subnets will have the new subnet mask, and the host portion can be divided into usable addresses.

Subnet 1: 192.168.10.0/27

Subnet Address: 192.168.10.0,
Usable Addresses: 192.168.10.1 to 192.168.10.30,
Broadcast Address: 192.168.10.31

Subnet 2: 192.168.10.32/27

Subnet Address: 192.168.10.32
Usable Addresses: 192.168.10.33 to 192.168.10.62
Broadcast Address: 192.168.10.63

Step 6: Recap and Tips

Subnetting allows you to divide the IP address space efficiently.
The more bits you allocate for hosts, the smaller the subnet size and the more subnets you can create.
Remember to subtract 2 from the formula for host addresses (one for the network address and one for the broadcast address).

This example demonstrates subnetting a /24 network into smaller /27 subnets to accommodate 30 hosts each. You can repeat these steps with different requirements and subnet sizes to create a network design that suits your needs.

Subnetting is a skill that takes practice to master, and there are online subnet calculators and tools available to assist in complex scenarios. Check this out: https://www.calculator.net/ip-subnet-calculator.html

5. How does subnetting work on auto-scaling container instances on the cloud?

Setting up subnets within an AWS Virtual Private Cloud (VPC) is a straightforward process facilitated through the AWS Management Console. The initial step involves choosing the target VPC and subsequently navigating to the “Subnets” section. Here, the user can proceed by opting to “Create Subnet,” furnishing essential details like the subnet’s moniker, associating VPC, and picking the desired availability zone. The user is also empowered to define the subnet’s classification as public or private.

Post creation, the user gains the ability to augment the subnet with diverse resources such as Amazon EC2 instances or Amazon RDS databases. Additionally, the user is endowed with the capability to administer the subnet’s accessibility via security groups and network access control lists (ACLs).

Noteworthy deliberations encompass the CIDR (Classless Inter-Domain Routing) block. The CIDR block acts as the specification for the permissible IP address spectrum within the subnet. Users must stipulate a fitting CIDR block while establishing a subnet, ensnured within the bounds of the parent VPC’s CIDR range.

Equally salient is the consideration of the chosen availability zone for the subnet. AWS VPC permits users to generate subnets within multiple availability zones residing in a given region. This arrangement bolsters the subnet’s resilience and ensures redundancy for both the subnet and its associated resources.

Subnet segmentation further proves advantageous for delineating distinct environments within a VPC, such as developmental, staging, and production stages. This demarcation lends itself to resource isolation and controlled inter-environment access.

Furthermore, the advantages of leveraging subnets within an AWS VPC extend beyond mere segmentation. A case in point is the deployment of a Network Address Translation (NAT) gateway within a public subnet. This component empowers private subnets to access the internet sans the need for a public IP address, bolstering security.

Facilitating an elevated level of network complexity, users can employ VPC peering to connect disparate VPCs and engage in resource sharing across them. This tactic proves particularly useful for orchestrating intricate network architectures, such as connecting a VPC in one geographical region with another VPC located elsewhere.