My First Thread - and its subnetting ...

politenessman

... but not subnetting in the way you might usually think. I seem to have no problem solving subnetting questions, its just binary math. What I am having trouble with is the concepts behind subnetting.

Why do we have subnets at all?
As far as I can tell, we have a pool of IP addresses (2^32) and that never changes.
So what does the subnet do for me?

I suspect I am missing some unspoken but fundamental concept, but for the life of me I just can't figure it out.

bbarrick

Well, from what I have gathered so far in Odom's book it's mainly an organizational tool. You have a pool of numbers, you only need 200 so you shrink the pool down to 512 to give you room for expansion. I guess, in relation to organization, it can also be used to easily identify equipment on large networks. Break down subnets based on locations so you know as soon as you see the ip, at least generally which direction it came from.

I'm not sure but there may be some security benefit to shrinking that number as well.

Carpe Porcus

Subnetting helps manage larger networks into smaller units, primarily for ease of administration. For example, having different departments in a company means you can control both network security and traffic administration. Ever tried administering a single network on one subnet? Perfect for small subnets but difficult the more hosts you have to administer.

You can allocate a subnet per department or building floor or geographical location using VPNs depending upon business needs, allowing for growth you can assign a sensible subnet which is easily managed and maintained.

You get a call from accounts with a network issue you don’t have to look in logistics or H.R. subnets to find the problem. What is easier? Looking at the subnet in which the accounts host resides or an entire scope for the building or business with thousands of IP addresses?

iamme4eva

Nobody has mentioned broadcast traffic yet.

A massive use for limiting the scope of a subnet is to limit broadcast traffic. Think a VLAN = a Subnet = a Broadcast domain.

If a host wants to communicate with an IP address that is within it's own subnet (as calculated by it's self using the address / mask) then it sends out an ethernet frame containing an ARP request destined for the broadcast MAC FF:FF:FF:FF:FF:FF - all hosts within the broadcast domain will receive that. A host knows it's subnet, and if it is trying to communicate with a destination IP address OUTSIDE of it's own subnet, then it won't even try and ARP for it - it will instead send out an ARP frame for it's default gateway and let it worry about forwarding the traffic there.

Now imagine that all of your 2^32 IP addresses were all in one subnet (0.0.0.0).....think how much broadcast traffic would have to saturate your network, and how big those ARP tables would be on your hosts. It would be a nightmare.

bbarrick

True, but broadcast domains can be limited by other means no? Wouldn't VLAN's, l3 switches and routers be able to reduce the amount of broadcast traffic?

That's just a question, I'm not trying to argue with a CCNP.

Mishra

If you need a super simple explanation, I give you:

If you have a network at home, and you get a virus, do you want that to spread to your neighbors house? In order to make sure you don't spread that virus, you 2 are on totally different networks even though you logically connect together through the internet.

Bringing it into the business, do you want Walmart store clerks surfing the web on the managers computer to somehow affect (another possible virus scenario, or maybe hacker) the PCs in the Walmart Stock Market department?

Networks are complete boundaries that you can allow nothing, allow everything, or a little in between. You subnet in order to build those networks, boundaries, and to secure your environment.

iamme4eva

bbarrick wrote: »

True, but broadcast domains can be limited by other means no? Wouldn't VLAN's, l3 switches and routers be able to reduce the amount of broadcast traffic?

That's just a question, I'm not trying to argue with a CCNP.

Ha. Argue away, a love a good debate, and I'm certainly not above being proven wrong. Nobody knows everything!

For simplicity, I'll use a small subnet and try and give an example:

If a host is 192.168.0.1 with a mask of 255.255.255.248 then the subnet range that it is part of is: 192.168.0.0 - 192.168.0.7.

The host knows that. So, if you ping 192.168.0.2, it checks and uses the logic "I should be able to reach that directly. I will ARP for it. If it doesn't respond to my ARP request, then it must be dead".

If you ping 192.168.0.10, then it checks it's subnet and uses the logic "I can't reach that, it's not in my subnet. Instead of ARPing for it, I will forward the packet to my default gateway".

A default gateway isn't used for a "fallback" - a host doesn't ARP for something and then fall back to the default gateway because it didn't respond.

So, knowing the logic, that should answer your question. If you tried to split a single subnet up using two VLANs (lets say you put 192.168.0.1 - 3 in VLAN 1, and 192.168.0.4 - 6 in VLAN 2), you will isolate the two VLANs and traffic will never flow between them, not even with a router. This is because the host would never even go to the router - it would consider the destination hosts to be reachable and directly ARP for them.

There is something called proxy ARP to get around that situation, but that's a little more advanced and there to meet specific requirements.

Hopefully that rambling on makes sense.

bbarrick

I think I understand what your saying. But I wasn't referring to splitting up a subnet with a vlan, but using a vlan to create a separate broadcast domain. For instance I can set vlan1 to 10.0.0.0 and vlan2 to 11.0.0.0, just as an example which would break up the broadcast domain without subnetting right?

The op was asking why we need subnetting, which breaking up broadcast domains is a good example, but I was just thinking that it's technically not the only way to break them up.

Ismaeljrp

bbarrick wrote: »

I think I understand what your saying. But I wasn't referring to splitting up a subnet with a vlan, but using a vlan to create a separate broadcast domain. For instance I can set vlan1 to 10.0.0.0 and vlan2 to 11.0.0.0, just as an example which would break up the broadcast domain without subnetting right?

The op was asking why we need subnetting, which breaking up broadcast domains is a good example, but I was just thinking that it's technically not the only way to break them up.

Remember, a subnetwork, is a part THE network. So if you you're using vlan 1 10.0.0.0 and vlan 2 11.0.0.0, they are no longer in the same network. Meaning they need different default-gateways as well. Meaning you'll make your network multiple times more expensive, because you'd basically just be running another new network just to have another segment.

Sure there are ways to get around some stuff, inter-vlan routing and others but really, the need to subnet, is the need for effecient network management. If a Network Admin/engineer, doesn't want to be efficient, then by all means go right ahead. I hope he wouldn't lose his job too soon.

iamme4eva

bbarrick wrote: »

For instance I can set vlan1 to 10.0.0.0 and vlan2 to 11.0.0.0, just as an example which would break up the broadcast domain without subnetting right?

That is still subnetting though. It's classful subnetting, but it's still subnetting. Assigning a class A address to a VLAN is using a /8 or 255.0.0.0 subnet mask.

"No subnetting" would imply not needing a subnet mask, or using 0.0.0.0 (which you can't).

Classless subnetting (using a /30 for example) is used for all the reasons everyone else said above, to logically separate a network, etc. Also to prevent address wastage. Without classless subnetting, a point to point link would have to be assigned a class C address - effectively giving it 254 usable addresses - that's 252 addresses that you can't use anywhere else!

I'm not sure whether the OP was asking "whats the point in subnetting at all" or "what's the point in classless subnetting", but both are covered now!