An IP Subnet – The Building Blocks of Network Design

ip subnetWithout IP subnets, traditional IP networks that are now ubiquitous could never have scaled even locally across a large company. Without IP subnets, there would be no routers, only switched networks. Without routers, there would be no routing protocols, such as OSPF and BGP, which make finding and communicating with remote hosts possible. In short, without subnets there is no Internet, there would be only one big switched network. This article examines why we need subnets, how they came about, why they should be part of a well-designed, planned, and implemented network, and what additional benefits do they bring.

If you are new to networking, take an online class on the fundamentals of switching.

How subnets came about?

IP subnets were created to solve a simple technical problem with early hub and then later switched networks. Early hubs were simple dumb devices used for connectivity. They received packets and broadcasted those packets from every port. This type of network traffic is far from ideal. Switches evolved with built-in intelligence that could determine and learn which host sat on what port. Therefore, switches only send packets destined for a particular host. Switches greatly increased the efficiency of local area networks as it reduced wasted bandwidth. However, there was still a problem. Hosts and switches learn about each other by using broadcasts. The larger the range these broadcast have to travel the less efficient the network becomes.

Broadcasts are problematic because they can consume bandwidth limiting the practical size of any local area network. The reason for this is that hosts do not talk to each other on a LAN using IP addresses – IP is a relatively new protocol for LANs only becoming popular in the early nineties.

Instead, hosts communicate with one another using their media access control (MAC) addresses. These are globally unique identification numbers burned into every network interface card ensuring that every host on the network will be unique. A MAC address takes this format 00:0a:95:9d:68:16. So, the MAC is hardware – part of the network interface card – and IP is software, which means they have to cooperate. This is the problem — when the host wishes to transmit data on the network to another host, it packages it up and requests the network card to send it to, for example, 172.16.1.10.  The interface card has no idea who 172.16.1.10 is, so it has to broadcast to all hosts, “Who has got 172.16.1.10?” This is, in essence, broadcasting on the network.

Upon hearing its own IP address, the network card on the host 172.16.1.10 will reply with its MAC address. Both hosts then update a table called the ARP (address resolution table) cache with a mapping of IP to MAC. This works well on small-to-medium LANs, but there is still a problem. The ARP cache cannot remain indefinitely or there would be no way to change an IP address. Therefore, hosts periodically flush ARP caches and once again go through the relearning process by broadcasting, “Who has got 172.16.1.10?” With approximately 100 hosts or more, performance degradation starts to become noticeable and unpredictable. This means that broadcasting slows down network performance for your users.

On large LANs, loops can occur, which is when switches are linked together without proper consideration. In this scenario, a switch could learn each host address coming from different ports. This scenario leads to a broadcast storm, as the switch continually flushes its ARP cache and tries to update its ARP tables. Switch techniques such as VLANs and Spanning Tree mitigate some of these loops and broadcast problems. However, the best solution for scalability and manageability is to limit the range of these broadcasts by segregating LANs into smaller sub-networks.

Understand switching, VLANs and routing with a Udemy.com course in networking.

Designers achieved segregation by limiting the number of hosts in a network using subnets. Subnets are logical blocks derived from the overall IP network address space. By creating sub-networks, the network design contains broadcasts within its own logical boundaries. A network designer can split the larger network into logical sub-networks or broadcast domains. For example, a designer may separate the network by department such as finance, IT, sales and marketing. Subnets optimize the performance and scalability of the network by restricting the range of the ARP requests to the boundary of the subnet.

Given the above scenario, if a host in sales now wishes to communicate with a host in finance, it would be unable to as its ARP request would go unanswered. This is where routing comes into play. In the early nineties, routers appeared on the scene, which solved this problem. A router has two or more interfaces and these interfaces reside in different subnets. For example, a router would have one network interface in the sales subnet and another configured in the finance subnet. In this scenario, the router would then be a member of both departments and can participate in both subnets. The router acts like a traffic system and directs traffic from both departments to the right subnet. In this example, a router with four interfaces connecting sales, finance, IT and marketing would be a member of each subnet, which would allow inter subnet traffic to pass back and forth between all departments.

Subnets and routers increase network performance and scalability. However, they also provide other benefits. By segregating the network into logical subnets or domains of interest, the designer can then apply access control. A network administrator can configure access control lists on the routers to allow or deny packets from entering a subnet by examining its source IP address. For example, they might limit all access to the finance subnet to only trusted staff member’s source IP addresses. Initially, these access control lists were basic, though presently they have developed to inspect not just source and destination addresses, but also the time of day, the protocols being accessed, the source geographical location, and even the type of device being used. The advantages of these context-based security access lists are only obtainable when designers have planned subnets to maximize security.

Subnets are the fundament building blocks when building scaleable networks. If you are interested in learning how to design and build scalable networks, then a sound understanding of IP subnets is a pre-requisite to becoming a network designer.