How-to subnet ipv4 networks

Lets start with the definition of subnetting to get a clear idea of what it is we are doing exactly

A subnetwork, or subnet, is a logical, visible subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.

With that established, what we are doing is the practice of dividing a network into multiple smaller networks. This is for a variety of reasons, some logical some technical. Logical reasons include having a different department or guest network on a different subnet to segmentation purposes, this can add security. Technical reasons include limiting the scope of broadcasts.


Before you arbitrarily pick a network address to start splitting up there are some basic things to understand first. You may have heard of network classes before, with your common 192.168.y.z being a class C network with the usual 255.255.255.0 netmask. For private networks that would be in a home or office you must pick a network address that falls within one the ranges for Private IPv4 address spaces (defined in RFC1918)

Network Range largest CIDR block
10.0.0.0 - 10.255.255.255 10.0.0.0/8
172.16.0.0 - 172.31.255.255 172.16.0.0/12
192.168.0.0 - 192.168.255.255 192.168.0.0/16

So you could pick 172.20.x.y as an example.


To divide a network you first need a network to split up. First you must take into consideration how many hosts your entire network must support, let's say you need to support in the area of ~500 devices spread across various subnets for various purposes. This comes awfully close to the upper amounts of what a /23 for the amount of hosts, a /22 network would be ideal as it would have room for future growth.

Now what am I meaning by /22? It is called CIDR notation as explained best below:

CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash ('/') character, and a decimal number. The number is the count of leading _1_bits in the routing mask, traditionally called the network mask.

This is significant because both the CIDR notation or netmask are able to tell you a lot about the subnet size, ranges, broadcast and network address, etc. Since the CIDR notation is representative of how many bits are active it can be shown like so:

111111111.111111111.111111100.00000000

What does this tell you? First you need to understand binary and binary conversions. Each octet which an ipv4 address has four of, has eight bits each totaling 32 bits for the entire address. Each octet has eight bits that can either be on or off, with 1 being on.

128 64 32 16 8 4 2 1

At each position within an octet the following values represent what the value at each position can be. In the case of the given /22 netmask that was expanded above it can be converted from binary like so by adding the values up:

111111111 = 255

111111111 = 255

111111100 = 252

00000000 = 0

This is because:

1st 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 equals 255
2nd 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 equals 255
3rd 128 + 64 + 32 + 16 + 8 + 4 equals 252
4th no bits active equals 0

By looking at and understanding the subnet mask in binary you can begin to understand a lot. Active bits (1) represent the network portion, with inactive (0) bits being the host portion.

111111111.111111111.111111100.00000000

With this subnet mask we have 22 network and 10 host bits. If 8 bits in an octet can add up to 255 (technically 256 since counting starts at 0), how much does 10 bits add up to? Each bit doubles its value as you move further to the left, it will next go to 512 (9 bits) and then 1024 (10 bits).

This means the host portion of the network can contain up to 1024 hosts, and 1022 assignable the reason for having less assignable addresses is explained in a moment.


Lets start with a 172.20.x.y address. This starts off as 172.20.x.y /22 being a single, large network containing all 1024 hosts, there is no subnetting done to it yet. With every network and subnet there are two nonassignable addresses, the network address and the broadcast address.

Network addresses are an identifier to your network, it is significant to routers for routing traffic to and from your network. A network address looks much like a regular address in some cases but it has a different meaning. That difference comes from where the network or subnet begins, the very first address is nonassignable and reserved for the network address.

The broadcast address is the very last address of the network or subnet that is outside the assignable range. Broadcast addresses are necessary within a network for broadcast functions required by certain protocols such as DHCP or ARP.

Going forward from here:

Network address 172.20.0.0
Broadcast address 172.20.3.255
Subnet address 255.255.252.0
Assignable range 172.20.0.1 - 172.20.3.254

Practice