TRENDING »
Loading...

Understanding Subnets Using CIDR Notation

Understanding Subnets Using CIDR Notation


Cyber threats have increased to a large extent. It is important to secure the networks to be safe from these cyber threats. The majority of today's networks are protected by firewalls and network security software. However, to configure firewalls properly, you need to know the incoming and outgoing rules that you can use with your firewall. 

Let's understand the basics of computer networks.

There are various classes of networks

InterNIC, the body that administers the Internet, assigns Internet addresses. These IP addresses are categorized into different groups. The Class A, B, C, D, and E. D and E types are rarely used by end-users. The default subnet mask for each address type is different. The first octet of an IP address tells us about the class of network. The Internet address ranges for Class A, B, and C, as well as an example address for each, are listed below.

For Class A networks, the default subnet mask is 255.0.0.0, with 0-127 as the first octet. The IP address 10.10.11.11 is part of the class A network. We can see the first octet is 10, which ranges from 1 to 126 both numbers inclusive.

The default subnet mask for Class B networks is 255.255.0.0, with the first octet of 128-191. The address 168.41.52.63 is a class B address. 172 is the first octet, which is between 128 and 191.

For Class C networks, the default subnet mask is 255.255.255.0, with the first octet of 192-223. The IP address 192.168.123.132 is within the range and hence part of the class C network. The initial octet is 192, and the remaining octets in IP range from 192 to 223.

The private networks use Class C type starting with IP 192.168.0.1. Configuring firewalls for security is very important. Most forewalls use CIDR Notation to define incoming and outgoing rules.

A collection of Internet protocol (IP) standards known as classless inter-domain routing (CIDR) is used to provide unique identifiers for networks and individual devices. Individual data packets can be transmitted to specific computers using IP addresses.

Let's suppose you're granted a 192.168.0.0/24 Class C subnet to support the entire network.

Host IP address availability table (Subnet Table)

Because there are various hosts around the organization, a broadcast network is the best option. In addition, it was planned that each department would have its own subnet. For IP routing, within the subnet inter-communication to connect departments and offer Internet access, a router with multiple interfaces(switches) will be used.

The closest subnets for 10 hosts are /29 and /28, according to the host IP address availability table. The /29 subnet size is 8, but we have 10 hosts in each subnet and this will insufficient. The smallest subnet size that would fit 10 hosts would be /28 with some (yet) unused IP addresses.

In /28, there are 16 IP addresses. Since the two IP addresses are already been allocated for network ID and broadcast addresses, there are 14 IP addresses left for hosts.

Because each department has 10 hosts, one /28 subnet would be allotted to each department.

The following subnet can then be assigned to each department.

1st Department: 192.168.0.0/28 (192.168.0.1 - 192.168.0.14)

2nd Department: 192.168.0.16/28 (192.168.0.17 - 192.168.0.30)

3rd Department: 192.168.0.32/28 (192.168.0.33 - 192.168.0.46)

The process of calculating a network's subnet mask to satisfy the specific needs of a certain number of hosts within the network is known as Variable-Length Subnet Masking (VLSM).

Subnetting a large network into smaller networks with a maximum host size the network can sustain should result in minimal to no wastage of IP addresses.

Without some form of method to facilitate communication across these smaller-size networks, there is no sense in building VLSM to reserve the IP address used. In other words, for inter-communication between networks or between devices in various networks, such as inter-communication between devices in the first, second, and third departments, some (IP) routing must be in place.

A network device that operates the gateway to contact the outside network is the router. To put it another way, this router device should be able to handle network traffic routing. Ideally, the gateway IP address will be assigned to the router for handling network traffic routing.

Each subnet requires a dedicated router interface to handle gateway activities since each subnet has its own gateway IP address. There are now four networks that must communicate with one another. The first three networks are the subnets that we have mapped to each department. The Internet is the last network. Each of these networks requires a specialized router interface to serve as a gateway for connecting to the outside network. In a network, this gateway IP is essentially another host within a network.

As a result, the gateway would be assigned one IP address from each of the above subnets.

Let's say then

1st Department gateway IP address: 192.168.0.14/28

2nd Department gateway IP address: 192.168.0.17/28

3rd Department gateway IP address: 192.168.0.37/28


There are 13 IP addresses left in each subnet now. All hosts within each department can use these 13 available IP addresses.

1st Department host IP addresses: from 192.168.0.1 to 192.168.0.13

2nd Department host IP addresses: from 192.168.0.18 to 192.168.0.30

3rd Department host IP addresses: from 192.168.0.33 to192.168.0.36 and from 192.168.0.38 to 192.168.0.46.

As mentioned earlier, the entire network will be managed by a single router. This router will have four separate interfaces called switches, each with routing capabilities. Each router interface may then handle each department's gateway IP address and connect to the Internet.

Switch #1 will manage the routing for the first department, Switch #2 will manage the routing for the second, and Switch #3 will manage routing for the third.

Switch #1:

IP address range: 192.168.0.1 - 192.168.0.14

Subnet Mask: /28 (or 255.255.255.240)

Gateway: 192.168.0.14


Switch #2:

IP address range: 192.168.0.17 - 192.168.0.30

Subnet Mask: /28 (or 255.255.255.240)

Gateway: 192.168.0.17


Switch #3:

IP address range: 192.168.0.33 - 192.168.0.46

Subnet Mask: /28 (or 255.255.255.240)

Gateway: 192.168.0.37


Basics of subnetting

Let's see at the first Department's hosts. One host will have the following.


192.168.0.2/28

Here is the detailed subnet information

IP Address : 192.168.0.2

Subnet Mask : /28 (255.255.255.240)

Number of IP address inside the subnet: 16

Number of IP address remaining for the host: 14

IP Address range : 192.168.0.0 - 192.168.0.15

Network ID: 192.168.0.0

Network Broadcast: 192.168.0.15

IP Address range available for host : 192.168.0.1 - 192.168.0.14

Gateway IP Address assigned in the subnet : 192.168.0.14

Available IP address range : 192.168.0.1 - 192.168.0.13


The table leads to this understanding.

* 192.168.0.0 is reserved for Network ID

* 192.168.0.15 is reserved for Network Broadcast

* 192.168.0.14 is reserved for gateway (the router, or more precisely, the router interface that serves as a gateway for hosts within the 192.168.0.0/28 network to communicate with other 192.168.0.x hosts and the Internet).

* 192.168.0.1 - 192.168.0.13 range is available for other PCs, printers, servers, and any other network device that requires to be connected to the network within the 1st Department.

* The server on the network can be given IP address 192.168.0.2 or any IP address falling within 192.168.0.1 - 192.168.0.13 range)

Subnet Mask: /28 (255.255.255.240)

Gateway: 192.168.0.14 (pointing to the router)


Other hosts in the 2nd and 3rd Departments are in a similar predicament.

2nd Department

192.168.0.28/28

IP Address : 192.168.0.28

Subnet Mask : /28 (255.255.255.240)

Number of IP address inside the subnet: 16

Number of IP address remaining for the host: 14

IP Address range : 192.168.0.16 - 192.168.0.31

Network ID: 192.168.0.16

Network Broadcast: 192.168.0.31

IP Address range available for host : 192.168.0.17 - 192.168.0.30

Gateway IP Address assigned in the subnet : 192.168.0.17

Available IP address range : 192.168.0.18 - 192.168.0.30


3rd Department

192.168.0.41/28

IP Address : 192.168.0.41

Subnet Mask : /28 (255.255.255.240)

Number of IP address inside the subnet: 16

Number of IP address remaining for the host: 14

IP Address range : 192.168.0.32 - 192.168.0.47

Network ID: 192.168.0.32

Network Broadcast: 192.168.0.47

IP Address range available for host : 192.168.0.33 - 192.168.0.46

Gateway IP Address assigned in the subnet : 192.168.0.37

Available IP address range : 192.168.0.33 - 192.168.0.36,

                             192.168.0.38 - 192.168.0.46


The network router will have the following IP address assignment on its interfaces.


1st interface

IP Address: 192.168.0.14

Subnet Mask: 255.255.255.240


2nd interface

IP Address: 192.168.0.17

Subnet Mask: 255.255.255.240


3rd interface

IP Address: 192.168.0.37

Subnet Mask: 255.255.255.240


Network Interface


The 1st interface of the router will act as the gateway for the hosts of the 1st Department, the 2nd interface will act as the gateway for the 2nd Department's hosts, and the 3rd interface will act as the gateway for the 3rd Department's hosts, respectively.

As previously stated, hosts from all departments must be able to communicate with hosts on the Internet. 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28 directly cannot communicate with any outside world hosts. The router must be able to connect to subnets outside of the 192.168.0.0/28, 192.168.0.16/28, and 192.168.0.32/28 ranges to connect to the outside world.

Please subscribe for more such articles.


Share with your friends

Add your opinion
Notification
You can subscribe to our blog or follow us on social media to get notified about the new posts.
Done
Title
Text Content
Close
Cookies used on the website!
We and our partners use cookies to personalize content and ads, to provide social media features and to analyze our traffic.
You consent to use of these cookies if you continue to use this website.
Learn more »