Getty Images
How to create subnets in IPv4 and IPv6 networks
Network administrators subnet networks into segments for improved control and efficiency. IPv4 uses subnet masks, while IPv6 uses prefixes, and each has its own unique steps.
Subnetting is a fundamental part of network architecture and design. Network administrators create subnets to divide the network into smaller segments and gain granular control of the infrastructure. This enables them to control the flow of network traffic and data, as well as improve efficiency.
Network administrators subnet networks based on various factors. For example, those who manage large and complex networks, or networks with multiple locations, might subnet networks based on business departments or geographic locations. If an organization has stringent security requirements, its network administrators can also subnet based on security policies.
Because subnetting is a fundamental part of networking, it's important to understand how to create subnets in IPv4 and IPv6 networks. The process is similar, but network administrators must understand the differences to ensure proper configuration.
What is subnetting?
Subnetting is the division of a network into a series of smaller networks, each with its own address space. Network administrators often subnet networks as a way to reduce network congestion and improve performance.
For example, suppose an organization has a large network that isn't divided into subnets. Traffic produced by devices traverses the entire network, regardless of destination. If administrators divide the network into subnets, however, traffic generated by a device remains within the device's subnet unless its destination address is outside the subnet.
In other words, subnets isolate and reduce network traffic logically as a whole. However, the methods in which administrators create subnets differ based on the type of network configuration.
Differences in subnet creation for IPv4 and IPv6 networks include the following:
- Address mechanism. IPv4 subnets use subnet masks to identify subnets and available addresses, while IPv6 networks use the prefix length to determine the subnet size.
- Subnet calculations. Network administrators must calculate the subnet mask with IPv4 to get the desired number of subnets and hosts. This process involves converting the mask from binary to decimal. IPv6 doesn't require as much calculation, as network admins use the subnet prefix to define the subnet.
- Number of subnets. IPv6 has a 128-bit address space, so it enables the creation of more subnets than IPv4, which is limited by a 32-bit address space.
How to create subnets in IPv4 networks
IP addresses are essential in the creation of subnets. An IPv4 address consists of four numbers that range between 0 and 255, and each number is separated from each other with a period. For example, 192.0.2.1 is a type of IPv4 address.
Every IPv4 address consists of two parts: a network identifier and a host identifier. The network identifier defines the network -- or subnet -- on which the computer resides, while the host address uniquely defines the computer on that network.
Once you have a solid understanding of how IPv4 addresses work, you can subnet the network. Although the process of creating IPv4 subnets might vary based on the complexity of the network, the process, generally, is as follows:
- Determine the number of subnets and hosts.
- Find the subnet mask.
- Calculate the subnet mask if necessary.
- Convert binary to decimal.
1. Determine the number of subnets and hosts
The first step to creating subnets in an IPv4 network is to determine the number of subnets and hosts you need to configure. This depends on your network requirements, such as the use cases for subnet creation and the number of devices the network needs to accommodate. The number of hosts affects how many IP addresses are required for each subnet.
2. Find the subnet mask
Once you figure out the number of subnets and hosts you need, find the subnet mask of your current network configuration to segment it. A subnet mask indicates which part of the address is the network identifier and which part is the host identifier. These two pieces of information are crucial to subnet creation because they help network administrators understand how to segment networks logically.
For example, suppose your network includes the IP address 192.168.0.1. This IP address typically uses the 255.255.255.0 subnet mask, and this number also serves as the subnet mask of the entire network. The subnet mask tells how many bits you have for the network and host portions of the IP address. This information acts as a baseline for where to begin with the subnetting process.
Similar to IP addresses, a subnet mask consists of four numbers, ranging between 0 and 255, separated by periods. In this example, the first three numbers are 255, and the last number is 0. This means the IP address's first three numbers serve as the network identifier, and the last number is the host identifier. In other words, the network -- or subnet -- contains IP addresses that range from 192.168.0.0 to 192.168.0.255.
3. Calculate the subnet mask
Not all subnets use the 255.255.255.0 subnet mask, however. Network administrators might use a different subnet mask depending on the number of IP addresses a particular subnet needs. In fact, several IP address classes exist, and each enables the use of different numbers of IP addresses.
The table below outlines IP address classes and their subnet masks.
IP address class | Subnet mask | Number of supported addresses |
Class A | 255.0.0.0 | 16,777,214 |
Class B | 255.255.0.0 | 65,534 |
Class C | 255.255.255.0 | 254 |
As you look at the classes above, notice the discrepancy between the number of supported addresses within each class. The variation provides network administrators with a large number of IP addresses to accommodate their networks, depending on the size.
For example, if you're designing a network and need more than 254 addresses but fewer than 65,534 addresses, you can follow one of a few approaches:
- Create a Class B subnet, and ignore the additional address space.
- Create multiple Class C subnets.
- Create a custom subnet.
The numbers in an IP address are called octets, and each is eight bits in length. For example, an address with a subnet mask of 255.255.0.0 is a 16-bit address because the host address consists of the last two positions, which are eight bits each. Similarly, an address with a subnet mask of 255.255.255.0 is an 8-bit address because the host address consists of the last portion.
If you need to create a custom-length subnet, you can borrow bits from the host address space. For example, suppose an 8-bit address space doesn't provide enough addresses, but a 10-bit address space does. Because the entire IP address is 32 bits in length, a 10-bit host identifier leaves 22 bits for the network identifier.
The easiest way to find the subnet address is by expressing the subnet address in binary format, which consists of four 8-bit numbers. The number 1 represents a network identifier position, and the number 0 represents a host identifier position.
Because the network identifier is 22 bits long and leaves a 10-bit host identifier, the binary representation of the subnet mask is the following: 11111111.11111111.11111100.00000000.
4. Convert binary to decimal
Next, use an online subnet calculator to convert binary to decimal. You can also convert your numbers longhand. Regardless of how you convert the binary subnet mask, the result is 255.255.252.0. This subnet mask enables the creation of up to 1,022 hosts within the address space.
How to create subnets in IPv6 networks
IPv6 addresses have a different structure from IPv4 addresses, which means the subnetting process differs slightly as well.
While an IPv4 address is 32 bits in length, an IPv6 address is 128 bits long. An IPv6 address is expressed as eight groups of four hexadecimal numbers, and its numbers are separated by colons instead of periods.
Although IPv6 addresses look different from IPv4, they're similar to IPv4 addresses in that they still have a network identifier and a host identifier. The network identifier is usually expressed by way of a subnet prefix. The subnet prefix is a number written in Classless Inter-Domain Routing notation, which is also sometimes used with IPv4 addresses.
If an IP address has a prefix of /32, its first 32 bits make up the network identifier. The remaining 96 bits make up the host identifier.
Another difference between IPv6 addresses and IPv4 addresses is the subnetting process. Essentially, to subnet an IPv6 address, you only need to modify the address prefix to change the network portion and host portion of the address. To do this, consider the number and size of the subnets you want to create.
Suppose you have an IPv6 network with a prefix of /64 and you want to create 127 subnets on the network. You need to figure out how many bits to add to the existing prefix size to support that many subnets. Use the following formula to determine the number of subnets and bits:
Number of subnets = 2Number of bits added
For this example, 27 = 128, which provides the necessary 127 subnets, so add 7 bits to the previous prefix of /64. This results in a subnet prefix of /71. In this case, the first 71 bits of the IPv6 address are used for the network and subnet, leaving the remaining 57 bits for host addresses within each subnet.
Strategies for subnet creation
You can follow several strategies to create subnets in a network. In some cases, choosing the appropriate subnets comes down to making sure your chosen subnets provide the required number of IP addresses.
In other cases, subnet creation is more closely tied to traffic management. For example, an organization with several branch offices might use a different subnet for each branch office. Traffic generated within a given branch doesn't traverse the WAN link unless it needs to. As such, traffic destined for other hosts within the branch doesn't congest the WAN connection; only traffic that needs to travel to another branch crosses the WAN link.
Subnetting is also sometimes used within a single building. For example, an organization might create a separate subnet for each floor or create a dedicated subnet for each department.
Similarly, network administrators typically confine traffic that flows between network servers -- also known as backbone traffic -- to a dedicated subnet. This ensures that traffic flows across a high-speed link and doesn't traverse the general network. It also helps improve security because it prevents sensitive traffic from passing between servers and reaching the general network, where it could be intercepted by hackers.
Brien Posey is a 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.