What's the point of subnetting??

Ok, so took a couple months break after getting my CCENT and am now studying for the CCNA. I decided to watch the CBT Nugget for subnetting and while going through that, I was kind of wondering what the purpose of subnetting was?

I mean, I know it's to break up one big network into smaller network, prevent broadcast storm, prevents us from wasting IP addresses, blah blah blah. However, if I'm using private IPs, why do I care if I'm wasting IP addresses?

Lets say I have a network of 50 users and I decided to use a 10.0.0.0/8 network...why does it matter if I'm wasting the other 16 million IP in that range when I can just use a 192.168.0.0/24 if I ever need to add another network? Does subnetting only applies to public IPs?

Also, what stops a private IP from being routed on the internet? I know why private IP shouldn't be routed over the internet, but I don't know why I can route private IP between the 2 routers I have in Packet Tracer, but not over the internet?

Maybe it's been too long since I passed my CCENT and these are stupid questions but I would appreciate an answer!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

rogue2shadow

Subnetting has various uses. It is up to the design architect to determine what class and addresses to use in creating networks. Sure you could use the class A for your case scenario but lets assume all you are doing is sharing data among this whole network (at first). Lets now say you add voice, streaming media servers, proprietary software DBs, SaaS etc; at this point generally you would want to place the traffic on different subnets (with different switches possibly) for latency purposes and QoS. Subnetting also bring peace of mind; take the case that you have multiple floors to your office. It easier to memorize the subnet start and end IPs versus remembering "oh .29, .31, .8, and .10 are floor 1".

Security is a major reason subnetting would come into play. Defense in depth is something that is very valuable in this industry. If X attacker gets into your one subnet not only do they have access to the compromised machine but they now have control over your entire infrastructure. If the assets/users were separated, not to say the full compromise would be completely negated, there's a greater chance that you could take care of the incident a lot faster given its isolated to only one subnet (for the time being). Vlans on top of this would further help with the isolation of communication.

gosh1976

pham0329 wrote: »

Ok, so took a couple months break after getting my CCENT and am now studying for the CCNA. I decided to watch the CBT Nugget for subnetting and while going through that, I was kind of wondering what the purpose of subnetting was?

I mean, I know it's to break up one big network into smaller network, prevent broadcast storm, prevents us from wasting IP addresses, blah blah blah. However, if I'm using private IPs, why do I care if I'm wasting IP addresses?

Lets say I have a network of 50 users and I decided to use a 10.0.0.0/8 network...why does it matter if I'm wasting the other 16 million IP in that range when I can just use a 192.168.0.0/24 if I ever need to add another network? Does subnetting only applies to public IPs?

Also, what stops a private IP from being routed on the internet? I know why private IP shouldn't be routed over the internet, but I don't know why I can route private IP between the 2 routers I have in Packet Tracer, but not over the internet?

Maybe it's been too long since I passed my CCENT and these are stupid questions but I would appreciate an answer!

I'll have a guess at these questions. You can route the private IP's between the two routers in packet tracer because you have control over the routing protocols and routing table. You can't route a packet addressed to a private IP over the internet because the edge routers of the ISP are just going to drop the packet.

As far as using private addresses, subnetting and VLSM on a private network: I'm guessing some reasons to use it would be to have network designs that make sense, that can be summarized... I'm guessing a well designed network using vlsm would not only be easy to understand for someone troubleshooting or documenting the network but it could also mean for smaller routing tables and use of less processing power for routing. As mentioned above vlan's and security would give another reason for using subnetting.

That makes sense to me anyway. Maybe someone coudl tell me if I'm off base.

Mojo_666

pham0329 wrote: »

I mean, I know it's to break up one big network into smaller network, prevent broadcast storm, prevents us from wasting IP addresses, blah blah blah. However, if I'm using private IPs, why do I care if I'm wasting IP addresses?

Lets say I have a network of 50 users and I decided to use a 10.0.0.0/8 network...why does it matter if I'm wasting the other 16 million IP in that range when I can just use a 192.168.0.0/24 if I ever need to add another network? Does subnetting only applies to public IPs?
!

I hear you man, I am a windows guy but have been studying for the ccent/ccna and I do not get it either. I am working on a project to centralise sysems for 80 sites (ofc I am doing the windows stuff) anyhow as far as the network goes were going to be using a stanard class C's for each site which might have between 10-20 ip's in use. We are going to be starting at 192.168.1.11 and going up to 192.168.1.91 or so, and really why should we even consider subnetting? Going down the road we are means everyone understands it, it is easy to document and easy to explain, what would be the benefit of us subnetting?
If you are an ISP or huge multi national I get it, but for the rest of us? why bother?

pham0329

The 10.0.0.0 example is a bad example. I guess my question comes from watching the VLSM nugget.

Using the example in the video, you have 3 networks:

20 users, 25 users, and 50 users.

Now, what's the point of subnetting a 192.168.0.0/24 network when I can just assign

20 users = 192.168.0.0
25 users = 192.168.1.0
50 users = 192.168.2.0

gosh1976 mentioned that using VLSM, the networks can be summarized...but couldn't you just as easily summarize the above networks as 192.168.0.0/22?

soskar

pham0329 wrote: »

Also, what stops a private IP from being routed on the internet? I know why private IP shouldn't be routed over the internet, but I don't know why I can route private IP between the 2 routers I have in Packet Tracer, but not over the internet?

Your ISPs router would stop private IPs from propagating over the internet. The solution to this is to configure your edge router with Network Address Translation (NAT) and Port Address Translation (PAT). This converts your private IP addresses to the single (or multiple) IP address(es) your ISP has assigned to you. You'll learn more about it in your ICND2 studies.

gosh1976

Mojo_666 wrote: »

why bother?

I think the answer to this may just be that there isn't always a good enough reason to bother with subnettng and certainly there are instances when there's no good reason to bother with VLSM.

gosh1976

pham0329 wrote: »

The 10.0.0.0 example is a bad example. I guess my question comes from watching the VLSM nugget.

Using the example in the video, you have 3 networks:

20 users, 25 users, and 50 users.

Now, what's the point of subnetting a 192.168.0.0/24 network when I can just assign

20 users = 192.168.0.0
25 users = 192.168.1.0
50 users = 192.168.2.0

gosh1976 mentioned that using VLSM, the networks can be summarized...but couldn't you just as easily summarize the above networks as 192.168.0.0/22?

I'm thinking that the disconnect is maybe in that in the video the example uses a network example like that for the sake of simplicity and that in the real world if you were designing a site using 3 networks or subnets or whatever then you could use your design and that would be just fine.

networker050184

pham0329 wrote: »

The 10.0.0.0 example is a bad example. I guess my question comes from watching the VLSM nugget.

Using the example in the video, you have 3 networks:

20 users, 25 users, and 50 users.

Now, what's the point of subnetting a 192.168.0.0/24 network when I can just assign

20 users = 192.168.0.0
25 users = 192.168.1.0
50 users = 192.168.2.0

gosh1976 mentioned that using VLSM, the networks can be summarized...but couldn't you just as easily summarize the above networks as 192.168.0.0/22?

So what happens if you assign 192.168.0.0/24 to a site and then for some reason you need another network there? I guess you could add another of your private /24s if you have enough and redo any summerization you have in place.

If you don't have anymore /24s left because you wasted them all then you need to go back and redo the entire site to break that network into smaller subnets. You (or someone else if your lucky) will need to change all the subnet masks on anything that isn't assigned via DHCP.

It just makes things easier to assign a block like 192.168.1.0/23 to a site and start breaking /29 chunks off as you need them. You then have subnets to spare and you don't need to update any sumerizing or change host masks if you need seperate IPs. You also end up with more Layer three boundaries for easier traffic control with ACLs etc using two /25s instead of one /24. You already also mentioned the reduction in broadcast traffic per subnet.

Better to plan ahead then have to go back and redo a bunch of work.

Qord

pham0329 wrote: »

However, if I'm using private IPs, why do I care if I'm wasting IP addresses?

Evidently, you don't. I wouldn't either. But, what if you want to use public IP's instead of private IP's?

Maybe you have 1 class C block, which gives you 256 addresses. Sure, you could keep everyone on the same subnet, but what if you wanted to keep different user groups separated? You'd need to break up the address space to keep users segregated.

rogue2shadow

Random but I feel like my post just got ignored haha. Did it help at all pham?

ehnde

Qord wrote: »

Evidently, you don't. I wouldn't either. But, what if you want to use public IP's instead of private IP's?

Maybe you have 1 class C block, which gives you 256 addresses. Sure, you could keep everyone on the same subnet, but what if you wanted to keep different user groups separated? You'd need to break up the address space to keep users segregated.

Agreed. It doesn't matter much in your NAT'ed environment. It does matter on the interwebs. Practicing subnetting with private addresses in your lab will make your job easier if you someday find yourself working as a network admin managing a block of addresses.

stuh84

I guess no-one has mentioned that if you dont subnet, all your hosts are in the same broadcast domain. You can't break up these broadcast domains with a router, as a router will not allow IPs from the same subnet on different interfaces. The same would apply to VLANs, you can't have different VLANs using IPs from the same subnet if you want hosts to be able to communicate.

Why would you want to break up broadcast domains? Broadcast storms

Broadcast radiation - Wikipedia, the free encyclopedia

Edit: Okay I saw in your original post you mentioned it. Even so, don't underestimate how many hosts it takes for a broadcast storm to occur. You just need one rogue user/server to take an entire network down if you have everything in one subnet.

Forsaken_GA

pham0329 wrote: »

The 10.0.0.0 example is a bad example. I guess my question comes from watching the VLSM nugget.

Using the example in the video, you have 3 networks:

20 users, 25 users, and 50 users.

Now, what's the point of subnetting a 192.168.0.0/24 network when I can just assign

20 users = 192.168.0.0
25 users = 192.168.1.0
50 users = 192.168.2.0

gosh1976 mentioned that using VLSM, the networks can be summarized...but couldn't you just as easily summarize the above networks as 192.168.0.0/22?

networker covered most of it in his response to this below, but the bottom line is it all comes down to good planning. For the 20 user location, if they don't need all 254 IP's, and they're not likely to grow into it's full size, it's wasteful to leave them there. Allocating your IP's from the work go with growth and scalability in mind can save you alot of headache later. It is no fun renumbering a network because you screwed up your IP's

pham0329

rogue2shadow wrote: »

Random but I feel like my post just got ignored haha. Did it help at all pham?

It kind of did and kind of didn't

. I understand why I want things on different networks, but I didnt quite understand why I need to subnet rather than to just use 192.168.x.x, 192.168.x.x, etc..

Anyhow, looking over the response, the main reason you subnet is for future growth? Also, would I be correct in saying that subnetting really only comes into play for enterprise level networks?

networker050184

pham0329 wrote: »

Anyhow, looking over the response, the main reason you subnet is for future growth? Also, would I be correct in saying that subnetting really only comes into play for enterprise level networks?

The main reason for subnetting is to break networks into smaller pieces. Everyone from the smallest to the largest network can benefit from this.

Qord

pham0329 wrote: »

It kind of did and kind of didn't . I understand why I want things on different networks, but I didnt quite understand why I need to subnet rather than to just use 192.168.x.x, 192.168.x.x, etc..

Anyhow, looking over the response, the main reason you subnet is for future growth? Also, would I be correct in saying that subnetting really only comes into play for enterprise level networks?

I understand where your question is coming from, and as long as you choose to use private addresses, you don't need to subnet.

As soon as you get away from private addressing, you'll see why it sometimes becomes necessary to subnet. Think of your house as a network. You have different rooms, right? Why?

r.h.lee wrote:

Well, think of each room in your home as a "subnet" of the overall space underneath the roof. By "subnetting" the house, you get more manageable sections that you can specialize it's use. Same thing with networks. You want to subnet the network so that you can have one subnet for the servers, one subnet for the clients, one subnet for wireless, and so on. Now do you see WHY you want to subnet?

rogue2shadow wrote: »

Random but I feel like my post just got ignored haha. Did it help at all pham?

That's what happens when you write something informative that takes up more than 4 lines of text. We're lazy.

pham0329

Qord wrote: »

I understand where your question is coming from, and as long as you choose to use private addresses, you don't need to subnet.

As soon as you get away from private addressing, you'll see why it sometimes becomes necessary to subnet. Think of your house as a network. You have different rooms, right? Why?

I understand the need to subnet public IPs...it's just that I haven't worked for a company large enough that we get assigned an entire class C block. All the companies I've been with so far would get like a block of 8 or 16 public IPs.

DevilWAH

also subnettign help in the managemnt and visulation of Ip addresses.

for instance you may want to connect a mesh of routers togqather with point ot point links in your company. Say you have a mesh of 20 routers all interconnected. that gives you 300 point to point links (i think)... now each needs its own seperate non overlapping nework address range.

so you could assing a seperate 192.168.x.x network to each link.

or you could sube net up two class C provate networks in to 255.255.255.254 (special case where each network only containe 2 addresses) and use these.

you may chose 3 or 4 class c networks and then logicaly device the routers in to different areas. may be some are in one cab and others are in another. then you can instantly see from the 3rd oct where a device is by its IP address.

When you get on to routing asubnettign becomes more important as there is a lot to do with summirisation. where you might have a router advertising out a single class B address to the wide network, but you then subnet out that network on the "inside"

so you may have a class c subbnet for users, a second one for servers, a third fro printers (again for managemnt and security) but then these are summorised to the class b network address to devices in other ares of the network. This allows you to keep the size of routing tables down so they operate more effiently.

But in generaly the main reson for subnetting is managment and security.

office A has a main network address of 172.16.0.0 255.255.0.0
office B has a main network address of 172.17.0.0 255.255.0.0
office b ha a main network address of 172.18.0.0 255.255.0.0

users pc are x.x.10.0 255.255.255.0
Printers are x.x.20.0 255.255.255.0
server are x.x.30.0 255.255.255.0

now if i see the ip address 172.16.20.56 i kow its a printer from office A

172.18.30.95 is a server from office C .. etc...

and i knwo if i get any packet 172.16.x.x it goes to ofice A. (if I only assing 172.16.0.0 to office A then even if the packet is for 172.16.95.62 which does not exist it does not matter as only office A will ever have the 172.16 addresses.

So not 100% nessery, but on a large network that may have 1000+ networks for security, managment and device limit (200 devices per subnet max for broadcast reasons and efficeny). it can be very helpfull to have a higharichical system to keep it logical.

As for how you stop prvt ip address gettign routed. there is a standared (o forget which one) that requires prvt IP address to be blocked on public IP links. In the case of many compines this is simply a Access list or a rule in a firewall that blocks traffic with a source IP address that is a prvt Ip.

So for example you home ISP, will have a a rule on the interface you are connected to, blocking any traffic from prvt addresses.

All the internet backbone have these rules so even if your ISP forgot to apply it there are many other places it would get checked as well. But thats all it is, a Access list or firewall rule that blocks it. nothing actuly built into the routers or network equipment.

techsmithy

i know why you need to learn subnetting with private IPs. A good example is what happens if you have a point to point connection?

would you want to use a private ip of /24? no you would use /30 instead to allow only 2 IP for only 2 host. would it hurt to use a pvt IP /24 for a point to point? no it wouldn't but why?

zrockstar

pham0329 wrote: »

I mean, I know it's to break up one big network into smaller network, prevent broadcast storm, prevents us from wasting IP addresses, blah blah blah. However, if I'm using private IPs, why do I care if I'm wasting IP addresses?

Why do you need any better answer than to prevent broadcast storms?

NetworkVeteran

zrockstar wrote: »

Why do you need any better answer than to prevent broadcast storms?

Rockstar, his proposed non-subnetting solution already addressed this. He proposed that we use--

10.0.0.0
172.16.0.0 - 172.31.0.0
192.168.0.0 - 192.168.255.0

If we were to assign our HQ 192.168.0.0-192.168.31.0 (8,000 hosts), and each spoke site upto sixteen consecutive 192.168.x.x networks (250-4,000 hosts), theoretically, even a small enterprise might be able to avoid subnetting. This scheme supports summarization, prevents crazy broadcast storms, and allows for some segmentation for the inevitable "other purposes".

The cons of this approach are that it's wasteful, inflexible, and not so scalable. In practice, I often find good cause to use subnetting even on small home networks. For example, see this thread--

"Having difficulties setting up CCNA home lab" in the CCNA/CCENT forum.

And there was another dealing with accessing a local printer while connected via a VPN.

zrockstar

Yeah but I'm just saying that if you are running across subnetting info and find out it prevents broadcast storms, why would discount that and try to look further. That's like saying "I just read that wearing your seat belt increases your survival rate by X percent. I know seat belts save lives and blah blah blah, but really, why do we have to wear seat belts when I can drive perfectly down the road without one?" I know that is a pretty exaggerated relation, but you get what I am trying to say.

MAC_Addy

Subnetting is a way to conserve IP addresses. Although most companies will most likely use a /24 address, or if they need more hosts a /21. If you have a company with a lot of branch sites, then you'd want to only give as many IP's as they need. Though, in this case, you'll most likely still use a /24 for their internal network.

DevilWAH

having large numbers of devices in a single layer 2 network creates a lot of back ground noise. in a net work of only 1200 devices this back ground noise starts to be noticed, you will see every net work card on the network being hit with 100's of packets a second for things such as arp requests and DHCP while this is not such an issue for desk tops, this back ground traffic can inpact traffic from servers and Voice calls. Generally practice is to keep layer 2 nets works to no more than class C in size. So any Class B or above should be broken up to improve network proformance. you are now limited to 255 class C networks with out any sub-netting.

Secondly security, you may want all servers and departments secure from each other, and while you are correct you could use lots of class c networks, then and in a class c for each router to router link and very soon 255 networks starts to seem very small.

However there are plenty of people who just go over the top, assigning network address spaces that exactly match the numbers of hosts. But used well sub netting is very useful. for example I has a site that had a hub with 12 spokes which then further branched of it.

each spoke was assigned a class b network from the 172 range, which as the spoke branched out where further sub-netted to smaller network. This made trouble shooting extreamly easy as for example you knew any 172.16.x.x was spoke one, 172.17.0.0 spoke 2. and 172.16.1.x was a sub branch of that spoke. And setting up security rule was again straight forward as they made logical sense.

Remember you could if you wanted set up a 10.x.x.x subnet with 16,000,000 million hosts and it would work, how well it would work I have no idea but it would work just fine. This is the nice thing about networks, they simply WORK. Sub-netting can just added features such as security and separation, saves on IP address usage, and can help with the logical management of your network.

Remember no right or wrong way in networking, just good and bad.

DevilWAH

MAC_Addy wrote: »

Subnetting is a way to conserve IP addresses. Although most companies will most likely use a /24 address, or if they need more hosts a /21. If you have a company with a lot of branch sites, then you'd want to only give as many IP's as they need. Though, in this case, you'll most likely still use a /24 for their internal network.

This is true of public IP address where numbers are limited, but for pvt ranges conservation of IP address is not a valid reason to use sub netting, That's not to say there are not many good reasons to subnet prvt ranges. But conserving address space is one of many benifits that sub-netting provides.

CEHwanabe

to break down into smaller networks!!!