IPv4 Addressing - Subnetting
What is Subnetting IPv4?
Subnetting in IPv4 is the process of dividing a larger IP network into smaller, more manageable subnetworks (subnets), each with its own range of IP addresses.
Why is Subnetting IPv4 useful?
Subnetting improves network performance and security by reducing broadcast domains, optimizing IP address usage, and simplifying routing.
How it works?
Subnetting uses subnet masks (e.g., /24) to define how many bits of the IP address are used for the network portion. The remaining bits are used for host addresses within that subnet.
Where is Subnetting IPv4 used?
It is used in enterprise networks, service provider networks, data centers, and any IP-based infrastructure requiring organized and efficient IP address management.
Which OSI layer does this protocol belong to?
Subnetting operates at the Network Layer (Layer 3) since it deals with IP addressing and routing.
Is Subnetting IPv4 Windows specific?
No, subnetting is not Windows specific. It is part of the IP protocol and is implemented across all platforms that use IPv4.
Is Subnetting IPv4 Linux specific?
No, subnetting is not Linux specific. It is universally supported across all operating systems that use IPv4 networking.
Which Transport Protocol is used by Subnetting IPv4?
Subnetting is not tied to any transport protocol. It affects IP addressing and routing, and works with both TCP, UDP, and other transport protocols.
Which Port is used by Subnetting IPv4?
Subnetting does not use any specific port. It is a method of structuring IP addresses, not a service or application.
Is Subnetting IPv4 using client-server model?
No, subnetting is not a communication protocol. It is a method of dividing IP address spaces and does not follow a client-server model.
What is a subnet mask?
A subnet mask is a 32-bit number that masks an IP address, dividing the IP address into network and host portions.
What is CIDR notation?
Classless Inter-Domain Routing (CIDR) notation represents the subnet mask as a suffix to the IP address, e.g., 192.168.1.0/24.
How many hosts are available in a /24 subnet?
A /24 subnet allows for 254 usable hosts (256 total minus network and broadcast addresses).
What is the difference between network address and broadcast address?
The network address identifies the subnet itself, and the broadcast address is used to send messages to all hosts within that subnet.
What is subnet zero?
Subnet zero is the first subnet in a subnetted network, traditionally avoided but now commonly used.
What is the formula to calculate the number of subnets?
Number of subnets = 2^n, where n is the number of bits borrowed for subnetting.
What is Variable Length Subnet Masking (VLSM)?
VLSM allows different subnet masks within the same network, optimizing IP space utilization.
Can subnetting reduce network congestion?
Yes, by reducing broadcast domains and limiting traffic scope within each subnet.
What is the difference between subnetting and supernetting?
Subnetting divides a network into smaller parts; supernetting combines multiple networks into a larger one.
How does subnetting improve security?
It isolates network segments, making it harder for attackers to access the entire network.
Can subnetting be applied to IPv6?
Yes, but IPv6 uses a different addressing scheme and typically does not require subnetting for address conservation.
What is a subnet broadcast domain?
The set of devices that receive broadcast traffic within a subnet.
How do you calculate the number of hosts per subnet?
Hosts per subnet = 2^h - 2, where h is the number of host bits.
What is the smallest subnet possible in IPv4?
A subnet with 2 usable IP addresses (/30 mask).
What is the largest subnet possible in IPv4?
A /8 subnet, allowing approximately 16 million hosts.
How does subnetting affect routing tables?
It allows routers to aggregate routes and improves routing efficiency.
What tools help with subnet calculations?
Subnet calculators and command-line tools like ipcalc.
How does subnetting help in IP address conservation?
By allocating IP space more precisely to subnet sizes based on need.
What is a subnetting example with a /26 mask?
A /26 subnet provides 64 IP addresses with 62 usable hosts.
Is subnetting mandatory in IPv4?
It is not mandatory but highly recommended for efficient network management.
In this section, you are going to learn
Terminology
Version Info
rfc details
Subnetting and Inter-Subnet Ping Test
Objective:
To demonstrate inter-subnet communication between two Linux VMs using:
IPv4 subnetting (/27)
Netplan-based IP assignment on Ubuntu VMs
Cisco router for routing between subnets
Manual default route configuration on VMs
ICMP (ping) to verify end-to-end connectivity
Subnet Details (/27 = 255.255.255.224)
Subnet A →
192.168.1.0/27- Range:192.168.1.1 – 192.168.1.30Subnet B →
192.168.1.32/27- Range:192.168.1.33 – 192.168.1.62
Step-1: IP Assignment (Ubuntu VMs via Netplan)
test1 –
192.168.1.10/27Netplan file:
test1:~$sudo nano /etc/netplan/.yaml network: version: 2 ethernets: eth0: addresses: [192.168.1.10/27] test1:~$sudo netplan apply
test2 –
192.168.1.40/27Netplan file:
test2:~$sudo nano /etc/netplan/.yaml network: version: 2 ethernets: eth0: addresses: [192.168.1.40/27] test2:~$sudo netplan apply
Step-2: Then add default route manually:
test1:~$sudo ip route add default via 192.168.1.1 test2:~$sudo ip route add default via 192.168.1.33Step-3: Cisco Router Configuration (R1)
enable configure terminal interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.224 no shutdown interface FastEthernet0/1 ip address 192.168.1.33 255.255.255.224 no shutdown ip routing exit write memory
Note
The router is configured to route traffic between the two /27 subnets.
Step-4: Ping Test Results
From test1 (
192.168.1.10) to test2 (192.168.1.40):Execute ping:
test1:~$ping 192.168.1.40Expected result: Successful ICMP replies confirming inter-subnet connectivity.
Step-5: Wireshark Capture
Deny Subnet1 Access to Subnet2 using UFW
To block all incoming traffic from Subnet1 (192.168.1.0/27) to Subnet2 (192.168.1.32/27) using ufw firewall on the VMs in Subnet2.
Network Setup:
Host | IP Address | Subnet | test1 | 192.168.1.10 | Subnet 1 (192.168.1.0/27) | test2 | 192.168.1.20 | Subnet 1 (192.168.1.0/27) | test3 | 192.168.1.40 | Subnet 2 (192.168.1.32/27) | test4 | 192.168.1.41 | Subnet 2 (192.168.1.32/27) |
Step-1: Apply the block on test3 and test4 (i.e., targets in Subnet2):
test3:~$sudo ufw deny from 192.168.1.0/27 to any test3:~$sudo ufw reload test3:~$sudo ufw status verbose test4:~$sudo ufw deny from 192.168.1.0/27 to any test4:~$sudo ufw reload test4:~$sudo ufw status verboseNote
This rule denies all incoming connections from any host in 192.168.1.0/27.
Step-2: Test Steps
Perform these tests from test1 or test2 (Subnet1):
Test SSH:
test1:~$ssh user@192.168.1.40 # Expected: Connection refused or timed out
Test HTTP (if running a service on VM3 or VM4):
test1:~$curl http://192.168.1.41 # Expected: Connection refused or timeout
Expected Result: All incoming traffic from Subnet1 should be denied on Subnet2 VMs.
Step-3: You can confirm this with:
test3:~$sudo tail -f /var/log/ufw.logStep-4: Cleanup
To remove the deny rule from test3 and test4:
test3:~$sudo ufw delete deny from 192.168.1.0/27 test3:~$sudo ufw reload test4:~$sudo ufw delete deny from 192.168.1.0/27 test4:~$sudo ufw reloadStep-5: Wireshark Capture
Allow Specific Traffic (HTTP) from Subnet1 to test3 (Subnet2)
To deny all incoming traffic from Subnet1 (192.168.1.0/27) to test3, but explicitly allow HTTP (TCP port 80) connections.
Network Setup
Host | IP Address | Subnet | test1 | 192.168.1.10 | Subnet 1 (192.168.1.0/27) | test2 | 192.168.1.20 | Subnet 1 (192.168.1.0/27) | test3 | 192.168.1.40 | Subnet 2 (192.168.1.32/27) |
Step-1: Firewall Configuration on VM3
Run these commands on test3 (the web server):
test3:~$sudo ufw deny from 192.168.1.0/27 test3:~$sudo ufw allow from 192.168.1.0/27 to any port 80 proto tcp test3:~$sudo ufw reload test3:~$sudo ufw status verboseStep-2: Test Steps from test1 or test2 (Subnet1)
Test ICMP (ping):
test1:~$ping 192.168.1.40 # Expected: Fail (blocked)
Test SSH:
test1:~$ssh user@192.168.1.40 # Expected: Fail (blocked)
Test HTTP:
test1:~$curl http://192.168.1.40 # Expected: Success (allowed)
Expected Results:
Attempt Result Ping test3 from test1/test2 Blocked SSH VM3 from test1/test2 Blocked HTTP VM3 from test1/test2 Allowed
Step-3: Cleanup on test3
Remove the firewall rules:
test3:~$sudo ufw delete allow from 192.168.1.0/27 to any port 80 proto tcp test3:~$sudo ufw delete deny from 192.168.1.0/27 test3:~$ sudo ufw reloadStep-4: Wireshark Capture
Block All Traffic from test1 to test2
Prevent any communication initiated from test1 (192.168.1.10) to test2 (192.168.1.11).
Step-1: Reset UFW to a clean state and enable it:
test2:~$sudo ufw reset test2:~$sudo ufw enable test2:~$sudo ufw allow ssh # Allow SSH for management test2:~$sudo ufw reloadStep-2: Block all traffic from test1:
test1:~$sudo ufw deny from 192.168.1.10 to any test1:~$sudo ufw reloadStep-3: Test connections from test1 to test2:
test2:~$nc -zv 192.168.1.11 80 # Expected: Fail (connection refused/timeout) test2:~$ssh user@192.168.1.11 # Expected: Fail (no connection)Expected Result: All connection attempts from test1 to test2 should be blocked by test2’s firewall.
Step-4: Cleanup (On test2)
Remove the deny rule and reload UFW:
test2:~$sudo ufw delete deny from 192.168.1.10 to any test2:~$ sudo ufw reloadStep-5: Wireshark Capture
Allow Only SSH from test1 to test2, Deny Others
Permit only SSH connections from test1 (192.168.1.10) to test2 (192.168.1.11), blocking all other traffic from test1.
Step-1: Reset UFW and enable it:
test2:~$sudo ufw reset test2:~$sudo ufw enable test2:~$sudo ufw allow ssh # Allow SSH globally for managementStep-2: Set firewall rules to allow SSH from test1, then deny everything else from test1:
test2:~$sudo ufw allow from 192.168.1.10 to any port 22 proto tcp test2:~$sudo ufw deny from 192.168.1.10 to any test2:~$sudo ufw reload > Note: Order matters. The allow rule is evaluated before the deny rule.Step-3: Test connectivity from test1 to test2:
test2:~$ssh user@192.168.1.11 # Expected: Success test2:~$ ping 192.168.1.11 # Expected: Fail (ICMP not allowed)
Expected Result: Only SSH connections from VM1 to VM2 are permitted; all other traffic from VM1 is blocked.
Step-4: Cleanup (On test2)
Remove the rules and reload UFW:
test2:~$sudo ufw delete allow from 192.168.1.10 to any port 22 proto tcp test2:~$sudo ufw delete deny from 192.168.1.10 to any test2:~$sudo ufw reload
Step-5: Wireshark Capture
setup
packet details
usecases
Subnetting - Testcases
Subnetting - Test Cases |
|||
|---|---|---|---|
# |
Test Case |
Description |
Expected Result |
1 |
Create Subnet with /24 |
Subnet mask 255.255.255.0 |
256 IPs, 254 usable |
2 |
Create Subnet with /30 |
Subnet mask 255.255.255.252 |
4 IPs, 2 usable |
3 |
Create Subnet with /32 |
Single host subnet |
Only one usable IP |
4 |
Create Subnet with /16 |
Subnet mask 255.255.0.0 |
65,536 IPs, 65,534 usable |
5 |
Create Subnet with /8 |
Subnet mask 255.0.0.0 |
16,777,216 IPs |
6 |
Invalid Subnet Mask /33 |
Beyond IPv4 range |
Subnet rejected |
7 |
Overlapping Subnets |
Two subnets share IPs |
Routing conflict detected |
8 |
Non-overlapping Subnets |
Distinct IP ranges |
No conflict |
9 |
Subnet with Reserved IPs |
Includes 0.0.0.0 or 255.255.255.255 |
Reserved IPs excluded |
10 |
Subnet with Private IP Range |
192.168.0.0/16 |
Valid private subnet |
11 |
Subnet with Public IP Range |
8.8.8.0/24 |
Routable on internet |
12 |
Subnet with Broadcast Address |
Last IP in subnet |
Used for broadcast only |
13 |
Subnet with Network Address |
First IP in subnet |
Reserved for network ID |
14 |
Subnet with Valid Gateway |
Assign gateway IP |
Host can reach external networks |
15 |
Subnet with Invalid Gateway |
Gateway outside subnet |
Routing fails |
16 |
Subnet with DHCP Scope |
DHCP assigns IPs within subnet |
Dynamic allocation works |
17 |
Subnet with Static IPs |
Manual IP assignment |
IPs remain fixed |
18 |
Subnet with VLAN Tagging |
Subnet scoped to VLAN |
Traffic isolated per VLAN |
19 |
Subnet with NAT |
Internal subnet mapped to public IP |
Address translation occurs |
20 |
Subnet with ACL |
Access control applied |
Traffic filtered by subnet |
21 |
Subnet with Firewall Rules |
Rules applied to subnet |
Traffic permitted or denied |
22 |
Subnet with Routing Table Entry |
Subnet added to route table |
Traffic routed correctly |
23 |
Subnet with Static Route |
Manual route to subnet |
Traffic follows defined path |
24 |
Subnet with Dynamic Route |
Learned via protocol |
Traffic routed dynamically |
25 |
Subnet with CIDR Notation |
Subnet defined as /27 |
32 IPs, 30 usable |
26 |
Subnet with Subnet Zero |
First subnet used |
Allowed in modern networks |
27 |
Subnet with All-Ones Subnet |
Last subnet used |
Allowed in modern networks |
28 |
Subnet with Class A Address |
10.0.0.0/8 |
Valid private subnet |
29 |
Subnet with Class B Address |
172.16.0.0/12 |
Valid private subnet |
30 |
Subnet with Class C Address |
192.168.1.0/24 |
Valid private subnet |
31 |
Subnet with Class D Address |
224.0.0.0/4 |
Reserved for multicast |
32 |
Subnet with Class E Address |
240.0.0.0/4 |
Reserved for experimental use |
33 |
Subnet with Loopback Address |
127.0.0.0/8 |
Used for local testing |
34 |
Subnet with Link-Local Address |
169.254.0.0/16 |
Used for auto-configuration |
35 |
Subnet with Fragmented Packets |
MTU exceeded |
Packet fragmented within subnet |
36 |
Subnet with ARP Resolution |
MAC resolved for IP |
Host reachable on LAN |
37 |
Subnet with ARP Conflict |
Duplicate IP detected |
Warning triggered |
38 |
Subnet with ICMP Echo |
Ping IP in subnet |
Host responds if reachable |
39 |
Subnet with ICMP Unreachable |
Ping unreachable IP |
ICMP error returned |
40 |
Subnet with SNMP Monitoring |
Subnet monitored |
Usage and status tracked |
41 |
Subnet with Logging Enabled |
Events logged |
IP assignments recorded |
42 |
Subnet with VPN |
Subnet scoped to VPN |
Traffic isolated and encrypted |
43 |
Subnet with MPLS |
Subnet tunneled via MPLS |
Efficient routing |
44 |
Subnet with QoS Policy |
Traffic prioritized |
Bandwidth managed per subnet |
45 |
Subnet with Load Balancer |
IPs distributed across servers |
Traffic balanced |
46 |
Subnet with Failover |
Redundant gateway |
Traffic rerouted on failure |
47 |
Subnet with IPv6 Transition |
Dual-stack configuration |
IPv4 subnet coexists with IPv6 |
48 |
Subnet with DNS Integration |
DNS resolves IPs in subnet |
Hostnames mapped correctly |
49 |
Subnet with Routing Loop |
Misconfigured routes |
TTL expires, ICMP sent |
50 |
Subnet with Route Summarization |
Multiple subnets aggregated |
Efficient routing table entry |
Reference links