Asubnetwork, orsubnet, is a logical subdivision of anIP network.[1]: 1, 16 The practice of dividing a network into two or more networks is calledsubnetting.
Computers that belong to the same subnet are addressed with an identical group of itsmost-significant bits of theirIP addresses. This results in the logical division of an IP address into two fields: thenetwork number orrouting prefix, and therest field orhost identifier. Therest field is an identifier for a specifichost or network interface.
Therouting prefix may be expressed as the first address of a network, written inClassless Inter-Domain Routing (CIDR) notation, followed by a slash character (/), and ending with the bit-length of the prefix. For example,198.51.100.0/24 is the prefix of theInternet Protocol version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. Addresses in the range198.51.100.0 to198.51.100.255 belong to this network, with198.51.100.255 as the subnetbroadcast address. TheIPv6 address specification2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix.
For IPv4, a network may also be characterized by itssubnet mask ornetmask, which is thebitmask that, when applied by abitwise AND operation to any IP address in the network, yields the routing prefix. Subnet masks are also expressed indot-decimal notation like an IP address. For example, the prefix198.51.100.0/24 would have the subnet mask255.255.255.0.
Traffic is exchanged between subnets throughrouters when the routing prefixes of the source address and the destination address differ. A router serves as a logical or physical boundary between the subnets.
The benefits of subnetting an existing network vary with each deployment scenario. In the address allocation architecture of the Internet using CIDR and in large organizations, efficient allocation of address space is necessary. Subnetting may also enhance routing efficiency or have advantages in network management when subnets are administratively controlled by different entities in a larger organization. Subnets may be arranged logically in a hierarchical architecture, partitioning an organization's network address space into a tree-like routing structure or other structures, such as meshes.
Computers participating in an IP network have at least onenetwork address. Usually, this address is unique to each device and can either be configured automatically by a network service with theDynamic Host Configuration Protocol (DHCP), manually by an administrator, or automatically by the operating system withstateless address autoconfiguration.
An address fulfills the functions of identifying the host and locating it on the network in destination routing. The most common network addressing architecture isInternet Protocol version 4 (IPv4), but its successor,IPv6, has been increasinglydeployed since approximately 2006. AnIPv4 address consists of 32 bits. AnIPv6 address consists of 128 bits. In both architectures, an IP address is divided into two logical parts, thenetwork prefix and thehost identifier. All hosts on a subnet have the same network prefix. This prefix occupies the most significant bits of the address. The number of bits allocated within a network to the prefix may vary between subnets, depending on the network architecture. The host identifier is a unique local identification and is either a host number on the local network or an interface identifier.
This addressing structure permits the selectiverouting of IP packets across multiple networks via special gateway computers, calledrouters, to a destination host if the network prefixes of origination and destination hosts differ, or sent directly to a target host on the local network if they are the same. Routers constitute logical or physical borders between the subnets, and manage traffic between them. Each subnet is served by a designated default router but may consist internally of multiple physicalEthernet segments interconnected bynetwork switches.
The routing prefix of an address is identified by thesubnet mask, written in the same form used for IP addresses. For example, the subnet mask for a routing prefix that is composed of the most-significant 24 bits of an IPv4 address is written as255.255.255.0.
The modern standard form of specification of the network prefix is CIDR notation, used for both IPv4 and IPv6. It counts the number of bits in the prefix and appends that number to the address after aslash (/) character separator. This notation was introduced withClassless Inter-Domain Routing (CIDR).[2]In IPv6 this is the only standards-based form to denote network or routing prefixes.
For example, the IPv4 network192.0.2.0 with the subnet mask255.255.255.0 is written as192.0.2.0/24, and the IPv6 notation2001:db8::/32 designates the address2001:db8:: and its network prefix consisting of the most significant 32 bits.
Inclassful networking in IPv4, before the introduction of CIDR, the network prefix could be directly obtained from the IP address, based on its highest-order bit sequence. This determined the class (A, B, C) of the address and therefore the subnet mask. Since the introduction of CIDR, however, the assignment of an IP address to a network interface requires two parameters, the address and a subnet mask.
Given an IPv4 source address, its associated subnet mask, and the destination address, a router can determine whether the destination is on a locally connected network or a remote network. The subnet mask of the destination is not needed, and is generally not known to a router.[3] For IPv6, however, on-link determination is different in detail and requires theNeighbor Discovery Protocol (NDP).[4][5] IPv6 address assignment to an interface carries no requirement of a matching on-link prefix and vice versa, with the exception oflink-local addresses.
Since each locally connected subnet must be represented by a separate entry in therouting tables of each connected router, subnetting increases routing complexity. However, by careful design of the network, routes to collections of more distant subnets within the branches of a tree hierarchy can be aggregated into asupernetwork and represented by single routes.
An IPv4 subnet mask consists of 32 bits; it is a sequence of ones (1) followed by a block of zeros (0). The ones indicate bits in the address used for the network prefix and the trailing block of zeros designates that part as being the host identifier.
The following example shows the separation of the network prefix and the host identifier from an address (192.0.2.130) and its associated/24 subnet mask (255.255.255.0). The operation is visualized in a table using binary address formats.
| Binary form | Dot-decimal notation | |
|---|---|---|
| IP address | 11000000.00000000.00000010.10000010 | 192.0.2.130 |
| Subnet mask | 11111111.11111111.11111111.00000000 | 255.255.255.0 |
| Network prefix | 11000000.00000000.00000010.00000000 | 192.0.2.0 |
| Host identifier | 00000000.00000000.00000000.10000010 | 0.0.0.130 |
The result of thebitwise AND operation of IP address and the subnet mask is the network prefix192.0.2.0. The host part, which is130, is derived by the bitwise AND operation of the address and theones' complement of the subnet mask.
Subnetting is the process of designating some high-order bits from the host part as part of the network prefix and adjusting the subnet mask appropriately. This divides a network into smaller subnets. The following diagram modifies the above example by moving 2 bits from the host part to the network prefix to form four smaller subnets each one quarter of the previous size.
| Binary form | Dot-decimal notation | |
|---|---|---|
| IP address | 11000000.00000000.00000010.10000010 | 192.0.2.130 |
| Subnet mask | 11111111.11111111.11111111.11000000 | 255.255.255.192 |
| Network prefix | 11000000.00000000.00000010.10000000 | 192.0.2.128 |
| Host part | 00000000.00000000.00000000.00000010 | 0.0.0.2 |
IPv4 uses specially designated address formats to facilitate recognition of special address functionality. The first and the last subnets obtained by subnetting a larger network have traditionally had a special designation and, early on, special usage implications.[6] In addition, IPv4 uses theall ones host address, i.e. the last address within a network, for broadcast transmission to all hosts on the link.
The first subnet obtained from subnetting a larger network has all bits in the subnet bit group set to zero. It is therefore calledsubnet zero.[7] The last subnet obtained from subnetting a larger network has all bits in the subnet bit group set to one. It is therefore called theall-ones subnet.[8]
The IETF originally discouraged the production use of these two subnets. When the prefix length is not available, the larger network and the first subnet have the same address, which may lead to confusion. Similar confusion is possible with the broadcast address at the end of the last subnet. Therefore, reserving the subnet values consisting of all zeros and all ones on the public Internet was recommended,[9] reducing the number of available subnets by two for each subnetting. This inefficiency was removed, and the practice was declared obsolete in 1995 and is only relevant when dealing with legacy equipment.[10]
Although the all-zeros and the all-ones host values are reserved for the network address of the subnet and itsbroadcast address, respectively, in systems using CIDR all subnets are available in a subdivided network. For example, a/24 network can be divided into sixteen usable/28 networks. Each broadcast address, i.e.*.15,*.31, …,*.255, reduces only the host count in each subnets.
The number of subnets available and the number of possible hosts in a network may be readily calculated. For instance, the192.168.5.0/24 network may be subdivided into the following four/26 subnets. The highlighted two address bits become part of the network number in this process.
| Network | Network (binary) | Broadcast address |
|---|---|---|
| 192.168.5.0/26 | 11000000.10101000.00000101.00000000 | 192.168.5.63 |
| 192.168.5.64/26 | 11000000.10101000.00000101.01000000 | 192.168.5.127 |
| 192.168.5.128/26 | 11000000.10101000.00000101.10000000 | 192.168.5.191 |
| 192.168.5.192/26 | 11000000.10101000.00000101.11000000 | 192.168.5.255 |
The remaining bits after the subnet bits are used for addressing hosts within the subnet. In the above example, the subnet mask consists of 26 bits, making it 255.255.255.192, leaving 6 bits for the host identifier. This allows for 62 host combinations (26−2).
In general, the number of available hosts on a subnet is 2h−2, whereh is the number of bits used for the host portion of the address. The number of available subnets is 2n, wheren is the number of bits used for the network portion of the address.
There is an exception to this rule for 31-bit subnet masks,[11] which means the host identifier is only one bit long for two permissible addresses. In such networks, usuallypoint-to-point links, only two hosts (the endpoints) may be connected and a specification of network and broadcast addresses is not necessary.
| Mask | IP addresses | Hosts | Netmask |
|---|---|---|---|
| /31 | 2 | 2 | 255.255.255.254 |
| /30 | 4 | 2 | 255.255.255.252 |
| /29 | 8 | 6 | 255.255.255.248 |
| /28 | 16 | 14 | 255.255.255.240 |
| /27 | 32 | 30 | 255.255.255.224 |
| /26 | 64 | 62 | 255.255.255.192 |
| /25 | 128 | 126 | 255.255.255.128 |
| /24 | 256 | 254 | 255.255.255.0 |
| /23 | 512 | 510 | 255.255.254.0 |
| /22 | 1024 | 1022 | 255.255.252.0 |
| /21 | 2048 | 2046 | 255.255.248.0 |
| /20 | 4096 | 4094 | 255.255.240.0 |
| /19 | 8192 | 8190 | 255.255.224.0 |
| /18 | 16384 | 16382 | 255.255.192.0 |
| /17 | 32768 | 32766 | 255.255.128.0 |
| /16 | 65536 | 65534 | 255.255.0.0 |
The design of theIPv6 address space differs significantly from IPv4. The primary reason for subnetting in IPv4 is to improve efficiency in the utilization of the relatively small address space available, particularly to enterprises. No such limitations exist in IPv6, as the large address space available, even to end-users, is not a limiting factor.
As in IPv4, subnetting in IPv6 is based on the concepts of variable-length subnet masking (VLSM) and theClassless Inter-Domain Routing methodology. It is used to route traffic between the global allocation spaces and within customer networks between subnets and the Internet at large.
A compliant IPv6 subnet always uses addresses with 64 bits in the host identifier.[12] Given the address size of 128 bits, it therefore has a /64 routing prefix. Although it is technically possible to use smaller subnets,[13] they are impractical for local area networks based on Ethernet technology, because 64 bits are required forstateless address autoconfiguration.[14] TheInternet Engineering Task Force recommends the use of/127 subnets for point-to-point links, which have only two hosts.[15][16]
IPv6 does not implement special address formats for broadcast traffic or network numbers,[17] and thus all addresses in a subnet are acceptable for host addressing. The all-zeroes address is reserved as the subnet-router anycast address.[18] The subnet router anycast address is the lowest address in the subnet, so it looks like the “network address”. If a router has multiple subnets on the same link, then it has multiple subnet router anycast addresses on that link.[19] The first and last address in any network or subnet is not allowed to be assigned to any individual host.
In the past, the recommended allocation for an IPv6 customer site was an address space with a 48-bit (/48) prefix.[20] However, this recommendation was revised to encourage smaller blocks, for example using 56-bit prefixes.[21] Another common allocation size for residential customer networks has a 64-bit prefix.
Traditionally, it was strongly recommended that subnet zero and the all-ones subnet not be used for addressing. [...] Today, the use of subnet zero and the all-ones subnet is generally accepted and most vendors support their use.
the first [...] subnet[...], known as subnet zero
[...] the last subnet[...], known as [...] the all-ones subnet
It is useful to preserve and extend the interpretation of these special addresses in subnetted networks. This means the values of all zeros and all ones in the subnet field should not be assigned to actual (physical) subnets.
This practice is obsolete! Modern software will be able to utilize all definable networks.(Informational RFC, demoted to categoryHistoric)
For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long and to be constructed in Modified EUI-64 format.(Updated by RFC 5952, RFC 6052, RFC 7136, RFC 7346, RFC 7371, RFC 8064.)
It is the responsibility of the system administrator to ensure that the lengths of prefixes contained in Router Advertisements are consistent with the length of interface identifiers for that link type. [...] an implementation should not assume a particular constant. Rather, it should expect any lengths of interface identifiers.(Updated by RFC 7527.)
The Interface Identifier [AARCH] for an Ethernet interface is based on the EUI-64 identifier [EUI64] derived from the interface's built-in 48-bit IEEE 802 address. [...] An IPv6 address prefix used for stateless autoconfiguration [ACONF] of an Ethernet interface must have a length of 64 bits.(Updated by RFC 6085, RFC 8064.)
On inter-router point-to-point links, it is useful, for security and other reasons, to use 127-bit IPv6 prefixes.
This document moves "Use of /127 Prefix Length Between Routers Considered Harmful" (RFC 3627) to Historic status to reflect the updated guidance contained in "Using 127-Bit IPv6 Prefixes on Inter-Router Links" (RFC 6164).
There are no broadcast addresses in IPv6, their function being superseded by multicast addresses. [...] In IPv6, all zeros and all ones are legal values for any field, unless specifically excluded.
This anycast address is syntactically the same as a unicast address for an interface on the link with the interface identifier set to zero.
All customers get one /48 unless they can show that they need more than 65k subnets. [...] If you have lots of consumer customers you may want to assign /56s to private residence sites.
APNIC, ARIN, and RIPE have revised the end site assignment policy to encourage the assignment of smaller (i.e., /56) blocks to end sites.
Authority control databases: National |
|---|