MSP Business
Guide to Subnets and IP Addressing
Subnets are a foundation part of the basic infrastructure of computer networks. And although they may seem like a simple topic, a proper subnet design requires a fair amount of planning and foresight.
In this article, we offer tips for designing subnets and assigning IP addresses to them in a way that will allow your network to keep growing, while also simplifying management. In addition, we discuss different classes of subnets and how they can be used. You might also want to check out our guide to network address translation.
What Is a Subnet?
Local networks are made up of IP address subnets. A subnet is a range of IP addresses allocated to a specific network or virtual LAN. Subnets are selected by network administrators as a network is designed. The subnet design process may seem trivial, but there are a good number of things to keep in mind when making the decision.
Selecting a Subnet
Selecting the best subnet for your network is important, no matter how simple it seems. Ideally, a subnet is allocated at the time a network is first designed. Occasionally, networks need to be re-addressed. This could be due to a network that has outgrown its allotment of IP addresses. Other times, networks have to be re-addressed due to improper subnet selection, such as a non-private scheme.
Classified Private IP Addressing
There are 3 different, large "super-subnets" from which every local subnet should be chosen. In order to avoid conflicts with local networks, these subnets are never used on the public internet; instead, they are used only for computers on local networks. Each subnet is classified into one of three classes: A, B, or C. Administrators are free to create smaller local subnets by subdividing these original subnets. Here are the three classified subnets:
- Class A: 10.0.0.0/8 (10.0.0.0 – 10.255.255.255)
- Class B: 172.16.0.0/12 (172.16.0.0 – 172.31.255.255)
- Class C: 192.168.0.0/16 (192.168.0.0 – 192.168.255.255)
Network Considerations
When choosing the specific subnet for your network, you need to consider a few different things. You need to have an understanding of the size of the subnet that you need. You need to have an understanding of the other networks that you'd interact with and pick something unique. Finally, it's recommended that you avoid the more popular subnets.
- Size of the subnet. Your chosen subnets should fit the network of which the subnets are a part. Network administrators should have an understanding of the number of devices that will need IP addresses. It's also a good idea to leave room for additional devices.
- Network individually. Your network will most likely not exist on an island. It will interact with different networks. The most likely way that this will happen is with VPNs (virtual private networks). You should take into account all of the networks that you expect to interact with, and be sure to make your network unique.
- Popular consumer subnets. There are a number of subnets that come as the default subnets on many routers. The two most popular, for example, are 192.168.0.0/24 and 192.168.1.0/24. These subnets should be avoided. For maximum uniqueness, use a Class A subnet. Only the first octet is decided; the rest are customizable.
Multiple Subnets
VLANs
VLANs (or virtual local area networks) are a way to segregate your network for efficiency and security. Before subnets are selected, a few items need to be verified. This is a bit of a divergence from subnet selection. However, it's very important to have a good understanding before making any other decisions, including choosing IP address schemes. You need to know that you have the proper hardware for the job, an understanding of the reasons why you are creating VLANs, and know how you want to configure each port.
Proper hardware. To set up VLANs on your network, your network infrastructure must support it. You need to have a router that is capable of creating VLANs and assigning VLAN IDs to different networks. You also must have a network switch that is manageable and that allows for port configuration.
Security needs. It’s very important to know WHY you are creating VLANs and to have a concrete plan on how you will use them. Too often, administrators use VLANs to carve up their network without an end goal, with the result being confusion and complications. VLANs are a great way to separate corporate data from guest traffic, wired and wireless networks, and telecom communications from the rest of your network. VLANs should be used to streamline information, not over-complicate things.
Port configuration. Have an understanding of how you want to configure each port. Here are a couple of keywords to know:
- Trunk port. This port is configured to communicate with all of the other ports and VLANs on your switch. Only a few ports, such as the uplink port from your router, should be configured as a trunk port.
- Tagged. Tagged VLAN ports, like the trunk port, are able to communicate with other VLANs on your switch. There should be only one tagged VLAN, often referred to as the management VLAN.
- Untagged. Untagged ports only give access to a single VLAN. Most of the ports on your switch should be on tagged VLANs.
Generally, you can use similar, sequential schemes between subnets. If you want to have one subnet substantially stand out from the rest, you can use a subnet of a different class for that example.
Here's a general example of how you can allocate subnets to a business with separate management, wired, wireless, and telecom VLANs. In this example, we're using a larger subnet for the wired network due to the number of devices, and putting the telecom devices in a different subnet class for clarification.
- Management VLAN: 10.0.0.0/24
- Wired VLAN: 10.0.4.0/22
- Wireless VLAN: 10.0.8.0/24
- Telecom VLAN: 192.168.150.0/24
Virtual Private Networks
A business with multiple locations spread out over a wide area may use virtual private network (or VPN) technology to join your networks together. Distinguishing different networks may be simpler in this scenario than with VLANs, but there are some considerations to be made here as well.
- Keep everything unique. Overlapping subnets will not be able to interact with each other over a VPN. Be sure to keep everything unique.
- Use larger "super-subnets". Assign each of your locations a large subnet that can be divided up for VLAN purposes, if needed.
- Leave room for growth. In the future, there may be additional subnets that you need to connect to. Be prepared for that by setting aside a few subnets for future use.
Here’s an example of a small business with three different locations, connecting via VPN.
- Location 1: 10.0.0.0/16
- Management VLAN: 10.0.0.0/24
- Wired VLAN: 10.0.4.0/22
- Wireless VLAN: 10.0.8.0/24
-
- Location 2: 10.1.0.0/16
- Management VLAN: 10.1.0.0/24
- Wired VLAN: 10.1.4.0/22
- Wireless VLAN: 10.1.8.0/24
- Location 3: 10.2.0.0/16
- Management VLAN: 10.3.0.0/24
- Wired VLAN: 10.3.4.0/22
- Wireless VLAN: 10.3.8.0/24
Conclusion
Subnet selection is critical when setting up a new network. Proper subnet design offers a number of benefits. Clean subnets reduce the chances for IP address conflicts. Organized subnets make life easier on administrators trying to manage a network or troubleshoot issues. When networks are configured in the right way, administrators are better prepared for network growth in the future.
Hopefully, this information helps to show how important proper subnet selection is. It can seem very trivial, but when it’s done in the right way, the benefits are definitely there. If you are an administrator on a mess of a network, try to redesign the subnets if you can. And if you are creating a new network from scratch, save future administrators from headaches by creating a proper subnet design right away!