This page is about IP Subnetting.

Some people may arrive here looking for a “subnetting chart”. If this is what's being sought, check out the Variable-Length Subnetting Chart and/or other VLSM charts in the section about making subnets.

[#ipsubnet]:

IP Subnetting

The terms “subnet” and “supernet” can both be used as a noun or a verb.

“subnet” and “supernet” as nouns

A IP “subnet” is a group (or “collection”) of network addresses. A “supernet” is also a group of addresses. A group of addresses can be a “subnet” and a “supernet” at the same time, similar to the concept that a woman can be a “daughter” and a “mother” at the same time. The differences between the term “subnet” and “supernet” will be described in more detail after describing what a subnet is.

A device that uses one of those network addresses may be described as being “part of the subnet”, or “on the subnet”. Many people use the word “subnet” to describe a group of devices that communicate using a single group of network addresses.

“subnet” and “supernet” as verbs

The term “subnet” can also be used as a verb, describing the action of splitting up addresses into groups of addresses that are subnets.

Why make subnets/supernets?

Lumping network addresses into groups can simplify the steps that network devices must follow to determine how to communicate with other networking equipment. For example, devices may need to send some network traffic by using an antenna, while other traffic may need to be sent out a specific Ethernet cable or a fiber-optic cable. Devices can often start sending network communications in the correct direction as soon as the device determines which group a network address is in. This can take less time, and less computer memory, then checking a bunch of nearly-identical rules for many possible destinations. In addition to speeding up network communications, grouping network addresses can allow firewalls to apply certain rules to groups of addresses, so groups can be used to help implement network security.

As an example, a device called a “router” may be given the task of relaying some information to a computer. That router may be able to determine that the network traffic needs to go to another building, and so the router sends information to the other building. Another router may be located on the first floor of that building, and might quickly determine that the network communications need to reach a device on the third floor of that building. There might be thirty computers in that room. Having just one process that works for all thirty computers in a group can simplify the steps that a router needs to perform.

The ability to work with groups, instead of individual network addresses, is the development in technology that allowed people to start making much larger networks, and to eventually create a giant world-wide network that we have named the Internet.

More overview about subnet/supernet groups

Devices follow certain rules when determining whether a IP network address is part of a specific subnet. As a very general rule, numbers that are closer togther are more likely to be in the same subnet, but that rule isn't always followed. 192.0.2.1 and 192.0.2.5 are often in the same subnet, but 192.0.2.127 and 192.0.2.128 are in the same subnet less frequently. 192.0.2.255 and 198.51.100.0 are in the same “subnet” (or “supernet”) far less frequently, but even numbers that far apart can be in the same subnet (such as when IPv4 classes tutorial describes some subnets that are “/4” subnets).

Examples of subnets

Here is a list of some network addresses:

  • 192.0.2.0
  • 192.0.2.1
  • 192.0.2.2
  • 192.0.2.3
  • 192.0.2.4
  • 192.0.2.5
  • 192.0.2.6
  • 192.0.2.7
  • 192.0.2.8
  • 192.0.2.9
  • 192.0.2.10
  • 192.0.2.11
  • 192.0.2.12
  • 192.0.2.13
  • 192.0.2.14
  • 192.0.2.15

(This text may show some of those addresses using certain text “decoration” styles, such as colors. That is simply helping to quickly identify addresses that are expected to be the first or the last address in a group.)

A group of addresses can be split into multiple evenly-sized groups. For example, a group of sixteen addresses may be placed into a single group, or they can be placed into 2 groups or four groups. In the following diagram, different group sizes are shown by the chart.

16 per group 8 per group 4 per group
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3

192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

Note that these subnets are not mutually exclusive. All of these subnets exist at the same time. For example, there is a group of 8 addresses that includes the 192.168.2.10 address. There is also a group of 16 addresses that includes the 192.168.2.10 address. Those are different groups (notably: the size of those groups are different). However, both of those groups are very real, existing groups. The 192.168.2.10 address belongs to both of those groups. For that matter, the 192.168.2.10 address also belongs to a group that contains only four addresses. Every one of those groups, just mentioned, is written out and shown in one of the above boxes.

In the above example, the group that goes from 192.0.2.4 through 192.0.2.15 is a subnet of the larger group that goes from 192.0.2.0 through 192.0.2.7. Furthermore, the group of addresses going from 192.0.2.4 through 192.0.2.15 is also a subnet of the group of addresses going from 192.0.2.0 through 192.0.2.15. This simply means that all of the addresses in the smaller group are also in the larger group. The term “supernet” refers to the opposite direction: the group of addresses going from 192.0.2.0 through 192.0.2.15 is a supernet of the group of addresses that goes from 192.0.2.8 through 192.0.2.11.

Sometimes people will refer to the action of “creating” a subnet. The idea/concept of “creating” a subnet is like taking a bunch of addresses (say, for example, the group of 16 addresses), and drawing lines on a piece of paper, creating rectangles or circles around bunches of addresses to identify a group of addresses. All that is really involved to “creating” a subnet is to figure out what the first address and last address of a subnet. Or, another way of describing this is to find the first address of the subnet and to figure out how big the subnet is. (Those two descriptions are not significantly different: if you have the first address, you could figure out how many addresses there are if you had the last address. Similarly, if you have the first address, you could figure out the last address if you know how many addresses there were.) So, “creating” a subnet really just means identifying which group (or “box”) of addresses is being talked about. In general, the act of “subnetting” refers to taking a group of addresses and splitting that up into smaller groups. The act of “supernetting” refers to taking multiple groups and combining them together into a larger group. Both subnetting and supernetting involve identifying the smaller groups and the larger group, so they aren't really very different activities. The only minor distinction is what a person started with: did the person start with a big group, and then end up with smaller groups also being identified; or did the person start with small groups, and then end up with a larger group also being identified. In both cases, the same groups are identified at the end of the process.

As a point of comparison: Here is a larger chart. It shows all of the same groups as the previous chart, but it shows 32 addresses, and the next chart shows more addresses than what the previous chart shows.

[#sbnet32a[:

32 per group 16 per group 8 per group 4 per group
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.16
192.0.2.17
192.0.2.18
192.0.2.19
192.0.2.20
192.0.2.21
192.0.2.22
192.0.2.23
192.0.2.24
192.0.2.25
192.0.2.26
192.0.2.27
192.0.2.28
192.0.2.29
192.0.2.30
192.0.2.31
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3

192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.16
192.0.2.17
192.0.2.18
192.0.2.19
192.0.2.20
192.0.2.21
192.0.2.22
192.0.2.23
192.0.2.24
192.0.2.25
192.0.2.26
192.0.2.27
192.0.2.28
192.0.2.29
192.0.2.30
192.0.2.31
192.0.2.16
192.0.2.17
192.0.2.18
192.0.2.19
192.0.2.20
192.0.2.21
192.0.2.22
192.0.2.23

192.0.2.24
192.0.2.25
192.0.2.26
192.0.2.27
192.0.2.28
192.0.2.29
192.0.2.30
192.0.2.31
192.0.2.16
192.0.2.17
192.0.2.18
192.0.2.19

192.0.2.20
192.0.2.21
192.0.2.22
192.0.2.23

192.0.2.24
192.0.2.25
192.0.2.26
192.0.2.27

192.0.2.28
192.0.2.29
192.0.2.30
192.0.2.31

(Note: The above is an example of IPv4 addresses. For an example showing IPv4, see: IPv6 subnetting. For now, this guide will continue to use IPv4 addresses. One reason is because standard dotted-quad IPv4 notation doesn't use hexadecimal, which some students may find easier.)

There can also be more than 16 addresses in a subnet. In fact, there are subnets with billions of network addresses. What this means, simply, is that those are very large groups of addresses. Those groups contain way more addresses than what we will bother to show on this chart. For instance, IPv4 classes describes some large groups of IPv4 addresses. That section of documentation may also have some tables that show subnets that contain many millions of network addresses.

For example, a larger chart is shown at: VLSM Chart. Go ahead and check out that chart, and especially the specific columns in that chart that are labelled IPv4 /27 through IPv4 /30, and compare the tops of those columns to the above boxes. The same basic layout is shown: a group (shown as a box/rectangle) can be broken down into smaller groups. That larger chart is showing the same concept.

That larger VLSM chart may look like it has less information. First of all, the larger chart only shows the first and last address of each group. This was just done to help make the actual chart a bit smaller. Also, the larger chart only shows partial addresses (such as .0 through .15) instead of fuller addresses (like 192.0.2.0 through 192.0.2.15). So, the chart is only showing the last octet. This was done to help make the chart smaller, and also to make the same chart useful for looking at different addresses. For instance, that chart can be used with the addresses 198.51.100.0 through 198.51.100.15. However, that same chart can be used for the addresses 198.51.100.0 through 198.51.100.15, and 203.0.113.0 through 203.0.113.15).

Other people have also made similar charts, which are described in the “VLSM charts” on the networking basics page.

Frequent Questions
A test question

A great question for creators of tests/exams is to ask whether addresses are in the same subnet. For example: are 192.0.2.2 and 192.0.2.5 in the same subnet? In other words, is 192.0.2.2 in the same group as the group that 192.0.2.5 is in?

Clearly, the answer is: “That depends on how big each group is.”

If these addresses are split into groups of four addresses (as shown in the column that says “4 groups”), then the answer is: “No.” If the addresses are split into larger groups (as shown in the column that says “2 groups”), then these examle addresses are in the same subnet.

Do all the subnets need to be the same size?

Some people may wonder if subnets may be different sizes. For example, could the sixteen addresses be split into three groups, by having one group of 8 addresses and then two groups of 4 addresses? To explain the question visually, can the addresses be split up like the following chart?

1 subnet 3 subnets
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

(See the chart to the right.)

If every subnet needed to be the same size, a group of 16 addresses could be split into 2 subnets (with 8 addresses in each subnet), or 4 subnets (with four addresses in each subnet). Using that chart, the basic question is: is it legal to split one subnet into three subnets (of different sizes), as shown by that chart?

The answer to that specific question is, “yes”, that can be done. So, to answer the other question, “No”, there is not a requirement that all subnets need to be the same size. However, some things can become more complicated when subnets are different sizes. Therefore, having subnets that are the same size is often a good/recommended idea.

To accomplish the example that was just described, some addresses need to be split off into a group. (For instance, the latter half of the sixteen addresses were split up into a group going from 192.0.2.8 through 192.0.2.15. Then, that group needs to be split into two smaller groups. So the step of placing an address (like 192.0.2.8) is a step that ends up occurring twice. That is technically more steps, and therefore a bit more complicated, but there's no rule that prevents that from happening. So, yes, you can do this.

Frequently, steps need to be taken for each individual subnet, like adding a network “route” to the subnet so that a nearby “router” knows how to handle the subnet. Although this is possible, this is not necessarily recommended. Having additional subnets can create more work for the networking equipment. Communications may be slower when network equipment needs to perform more work. Also, having additional subnets can create more work for people.

So, having a group of 12 addresses is possible, by having a subnet of eight addresses and also another subnet of four addresses is possible. However, in practice, that is often not the easiest way to go about things. Tasks might require less work overall if people try to split addresses into subnets that are equal in size. By the time people set up routes in a router, people may have enough experience to be able to understand that concept from experience.

There are other variations, but the examples shown above are the simplest possibilities for how to split up 16 IPv4 addresses.

How about making a subnet with 12 addresses in it?

For example, can a group of 16 addresses be split into a group of 12 addresses and then a group of 4 addresses?

So, since the last question indicated that this is legal:

1 subnet 3 subnets
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

... the current question is... does the following chart show legal subnets?

1 subnet 2 groups?!?
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

The answer is: No. The second chart (which shows 2 groups) is not proper subneting. A single subnet will not contain exactly 12 addresses.

A group of 4 addresses can be separated. This is shown in the first workable example, which shows 192.0.2.12 through 192.0.2.15 in a separate subnet. The remaining addresses could exist in a group of eight addresses and another group of four addresses, as shown in the earlier chart that shows 3 subnets and was created with valid subnetting technqieus. So, a person can use two subnets that are numerically right next to each other, and there may be 12 addresses contained in that combination of two subnets, while the remaining four addresses are in a seperate, third subnet.

A single subnet will not contain exactly twelve addresses because of the following specific rule about subnet sizes. Even though subnets of different sizes can exist on the same network, subnet sizes should always be a “power of two”. (Some powers of two include 4, 8, 16, 32, and 64.) This is the rule to remember.

Now, here is an explanation of why that is true. The reason that the number of network addresses in a subnet is always a “power of two” is related to the fact that each network address can be uniquely identified by using bits. For example, three bits can be used to identify 8 different individual unique addresses. If four bits are used, then 16 individual addresses can be unique. If five bits are used, then 32 individual addresses can be unique. There is no number of bits that can support a maximum of exactly twelve network addresses, but which cannot also support 16 network addresses. If you have at least four bits, which would be needed to identify at least twelve addresses, then you also have enough bits to be able to support sixteen addresses, so the subnet has at least sixteen addresses. (The subnet has sixteen addresses if you have exactly four bits, and more addresses if you have more bits.) Since each bit has two possible values, each additional bit doubles the number of addresses that are in a subnet. As a result, the number of addresses in a subnet will always be a power of two.

Recap: considering a group of 12 addresses

So, as just described by the prior two questions, a group of eight addresses and a group of four addresses could be made. Note that although this could be done, this is not necessarily preferred. Subnets of different sizes can be a bit more challenging to work with. One reason is because groups may need to get split multiple times to accomplish this. Another reason is that there are some costs for having multiple subnets. There may be a need to support more networking routes, which can take additional time. Also, more IPv4 addresses may be classified as “unusable”. For at least these reasons, creating a group of eight addresses and another group of four addresses may be less desirable than just using a group of sixteen addresses, if possible.

Could the addresses have been split into groups of two addresses each?

Some people may wonder if a group of sixteen addresses could be split into eight separate groups.

This is not generally supported for IPv4 addresses. Basically, there are some problems if people try to do this. These problems might not be ones that were absolutely technically necessary. However, the simple fact is that some software and some hardware might not like dealing with the first address of a group, or the last address of a group. As a result, using those addresses as standard IPv4 addresses is not recommended. Some courses may even describe such activity as being a violation of standard networking rules. So, to avoid problems, simply don't do this. (For anyone who is still remaining curious about the reasons why this is not recommended, some further information may be read by viewing the descriptions in the glossary entry for “network ID” and perhaps glossary entry for “broadcast address”.)

Do all of the splits need to be the same size?

Each time there is a split, all of the groups become the same size.

For instance, consider the example where there were three subnets:

1 subnet 3 subnetss
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

The way those results were obtained was by subnetting multiple times. The following chart will help to show the subnetting actions that were taken.

16 per group 8 per group 4 per group
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

So, that's the theory. Now, here's the question: was that legal.

Well... almost. Actually, some network professionals might not like the above grouping, because one of those groups has 12 addresses. That really means that group technically isn't a proper subnet, because subnets should always have a number of addresses which is a power of two. However, the following is legal:

16 per group 8 per group 4 per group
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7
192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3
192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11
192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15
192.0.2.0
192.0.2.1
192.0.2.2
192.0.2.3

192.0.2.4
192.0.2.5
192.0.2.6
192.0.2.7

192.0.2.8
192.0.2.9
192.0.2.10
192.0.2.11

192.0.2.12
192.0.2.13
192.0.2.14
192.0.2.15

The first split that occurred was splitting the 192.0.2.0 through 192.0.2.15 into two subnets, the subnet containing 192.0.2.0 through 192.0.2.7 and also the subnet containing 192.0.2.8 through 192.0.2.15. Then, the second split was going from 192.0.2.8 through 192.0.2.15 into two smaller subnets, which are the subnet going from 192.0.2.8 through 192.0.2.11 and the subnet going from 192.0.2.12 through 192.0.2.15.

Some people may prefer to take fewer steps, and may prefer to just perform one complex operation instead of performing two separate simple splits. Doing that really requires a bit more mental effort to keep track of things, similar to trying to keep track of dividend and a divisor and a partial quotient and subtraction results while performing “long division” all in a person's head. Although some people may be able to do some mental “long division” successfully (and that can get harder and harder as more non-repeating digits get calculated), other people probably struggle more with such tasks. Thinking of this as multiple simple splits is probably the simpler way to safely producing working results, and so that is the recommended process for people who are initially learning the technique. If some people start to feel comfortable with splitting numbers into subnets, and think they can do things faster, they are hereby recommended to be careful enough to not do the humiliating thing of getting incorrect results. Each person can judge their own comfort level and desire of how much they wish to mentally keep track of things, but errors are highly undesirable and so people should be very careful that trying to take shortcuts don't lead to making mistakes. If there's any doubt, do things the long way (even if it is slower) and gain the confort from verifying accuracy.

Types of destinations

Two common types of Internet Protocol communications are “unicast” communication and “broadcast” communication.

This is rather similar in concept to one person speaking in a normal-volumed speaking voice to another nearby person. If another person device tries to listen to the conversation, that person might be able to hear the conversion just fine.

“Broadcast” traffic is designed for all devices in a group to be listening to. This is similar to speaking loudly in front of a group, or maybe even using a megaphone.

Update: this may be covered more by network fm destinations.

Further IPv4 and IPv6 details

Each subnet has a “network ID” which looks just like the first address of the subnet.

So far, everything that this text has just explained has been true for both IPv4 and IPv6. (The example addresses are IPv4 addresses, but IPv6 addresses can also be split up into groups.)

Unusable IPv4

This next note does focus on details that are more specific to IPv4.

For IPv4, the last address on each network block is typically reserved to be a “broadcast address”. This standard was specified in September 1982 by Internet Experimental Note 212: “Internet Protocol - Local Area Networking Addressing Issues (a.k.a. “IEN 212”: “IP - LAN Addressing Issues”). Then, in October 1984, this was documented by RFC 919: Broadcasting Internet Datagrams really solidified this as a standard.

As a result of this standard, the last address is typically considered to be “unusable” for IPv4 traffic which is not broadcast traffic.

Prior to that, some pieces of networking equipment used the first address of each subnet as a “broadcasting” standard. (That may even have been the more common standard.) In order to be able to communicate with such old equipment, a decision was made to reserve the first address of each subnet so that communication with such older equipment could work.

This does seem rather wasteful. Most networks will typically not use any IPv4 broadcast traffic except for using the DHCP/IPv4 protocol. Reserving two addresses for every subnet, just for this feature (which can typically have the same benefits be effectively available, by using the global broadcast address of 255.255.255.255) does seem like a rather high cost for minimal benefit (often no benefit whatsoever).

Having a bunch of IPv4 broadcast addresses is not a design that provides a large number of benefits, although adherence to standards does help with ubiquitous (i.e., widespread) compatibility. When a bunch of (small) subnets are being used, then a bunch of addresses are reserved for standards compliance.

One way to waste less addresses is to use fewer subnets, by using larger subnets. Instead of using eight groups of four addresses, and having 16 out of 32 addresses be reserved for compatiblity, a single block of 32 addresses would only reserve 2 addresses (out of the same group of 32 addresses).

[#ip6sbnet]: IPv6 subnetting

Modern day IPv6 subnetting is done just like IPv4 subnetting.

A visual example was once helpful in trying to describe that point. So, just as the previous text had a chart showing 32 IPv4 addresses being split, here is a chart showing 32 IPv6 being split.

32 per group 16 per group 8 per group 4 per group
2001:db8::0
2001:db8::1
2001:db8::2
2001:db8::3
2001:db8::4
2001:db8::5
2001:db8::6
2001:db8::7
2001:db8::8
2001:db8::9
2001:db8::a
2001:db8::b
2001:db8::c
2001:db8::d
2001:db8::e
2001:db8::f
2001:db8::10
2001:db8::11
2001:db8::12
2001:db8::13
2001:db8::14
2001:db8::15
2001:db8::16
2001:db8::17
2001:db8::18
2001:db8::19
2001:db8::1a
2001:db8::1b
2001:db8::1c
2001:db8::1d
2001:db8::1e
2001:db8::1f
2001:db8::0
2001:db8::1
2001:db8::2
2001:db8::3
2001:db8::4
2001:db8::5
2001:db8::6
2001:db8::7
2001:db8::8
2001:db8::9
2001:db8::a
2001:db8::b
2001:db8::c
2001:db8::d
2001:db8::e
2001:db8::f
2001:db8::0
2001:db8::1
2001:db8::2
2001:db8::3
2001:db8::4
2001:db8::5
2001:db8::6
2001:db8::7

2001:db8::8
2001:db8::9
2001:db8::a
2001:db8::b
2001:db8::c
2001:db8::d
2001:db8::e
2001:db8::f
2001:db8::0
2001:db8::1
2001:db8::2
2001:db8::3

2001:db8::4
2001:db8::5
2001:db8::6
2001:db8::7

2001:db8::8
2001:db8::9
2001:db8::a
2001:db8::b

2001:db8::c
2001:db8::d
2001:db8::e
2001:db8::f
2001:db8::10
2001:db8::11
2001:db8::12
2001:db8::13
2001:db8::14
2001:db8::15
2001:db8::16
2001:db8::17
2001:db8::18
2001:db8::19
2001:db8::1a
2001:db8::1b
2001:db8::1c
2001:db8::1d
2001:db8::1e
2001:db8::1f
2001:db8::10
2001:db8::11
2001:db8::12
2001:db8::13
2001:db8::14
2001:db8::15
2001:db8::16
2001:db8::17

2001:db8::18
2001:db8::19
2001:db8::1a
2001:db8::1b
2001:db8::1c
2001:db8::1d
2001:db8::1e
2001:db8::1f
2001:db8::10
2001:db8::11
2001:db8::12
2001:db8::13

2001:db8::14
2001:db8::15
2001:db8::16
2001:db8::17

2001:db8::18
2001:db8::19
2001:db8::1a
2001:db8::1b

2001:db8::1c
2001:db8::1d
2001:db8::1e
2001:db8::31

Note: The VLSM chart provided by ][CyberPillar][ is not meant to be entirely IPv4 specific. The chart also shows network prefixes for IPv6 /120 subnets, and smaller subnets as well. The only difference is that the VLSM chart provided by ][CyberPillar][ shows numbers in decimal (which is more ideal for standard dotted-quad IPv4 notation), but the numbers in the chart (which represent last octet of an IPv4 address) would need to be converted to two hexadecimal digits to represent standard IPv6 notation. Keeping that in mind, the chart is perfectly accurate for IPv6 subnets that are /120 subnets and smaller.

Some people have suggested that IPv6 subnetting is more complicated. Really, it isn't. Err... umm... that is... it's not more complicated, anymore. Actually, there used to be more details about IPv6 addresses. In the original design of IPv6, there were more specific parts of an IPv6 address, RFC 2374 section 3.1: Aggregatable Global Unicast Address Structure had some specific rules related to the first 48 bits of an IPv6 address. (Also documented elsewhere, e.g. MSDN documentation of IPv6 address format.) However, a lot of those rules went by the wayside by August 2003 when RFC 3587 section 2 officially made those rules “Historic”. That RFC still had the recommendation of having 16 bits be reserved for identifying subnets that were /64 in size. The idea at the time was that end users would get /48 subnets. However, even having 16-bits as a subnetting ID is no longer the official active recommendation, since RFC 6177: IPv6 Address Assignment to End Sites became the updated IETF BCP 157: IPv6 Address Assignment to End Sites and went along with the practice of providing /56 subnets to end users (which would provide only 8 bits for subnetting different /64 subnets). So, what this boils down to is this: IPv6 had some extra details and rules compared to IPv4, but some of those results got rescinded before many network professionals bothered to learn those rules.

The main ideas of special meanings for IPv6 bits, which have still remained as active recommendations/ideas, are:

  • the last 64 bits represents a host ID,
  • and some number of bits (for example: 8 bits) are used for creating subnets. Those bits come just before the 64 bits that are used to identify the host ID.
Further discussion of IPv6 subnetting standards

(This section provides further details. These details are probably less critical for people to be needing to try to memorize, but this is provided as background information that might help to explain things for people who are curious, including people who may have previously heard some different details like how many bits are used for subnetting.)

(This section might be reptitive? Further review may be worthwhile...)

Some earlier documentation, widely taught as the new way to do things, indicating that the last 64 bits of an address be a host ID that is based on a system's MAC-48 address. An example is inserting 0xFF or 0xFE in between the first half of a MAC-48 address and the last half of a MAC-48 address, as ntoed by Appendix A of RFC 4291. However, there were some other approaches to calculating the last 64 bits of an IPv6 address, such as RFC 4193: section 3.2.2: Sample “for Pseudo-Random Global ID Algorithm”. RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration in IPv6 may also have had an impact (perhaps see also: Privacy notes found on ISOC).

The idea of leaving the last 64 bits of an address available for a host ID may be important for anyone planning to use SLAAC, an IPv6 automatic address configuration method. At least some software implementation(s) of SLAAC have been known to expect a subnet size of exactly /64. So, to remain compatible with any routers that use such an implementation, which uses behavior that is technically within official specifications, leaving the last 64 bits of an address for the host ID is a practice that may still have some benefit.

A lot of the other rules related to IPv6 subnetting are either really quite similar to IPv4 subnetting, or the rules no longer matter. They stopped mattering before the rules were really widely impactful. Perhaps the key exception is that the bits that come right before the final 64 bits are commonly used as subnetting bits. (These are the bits that appear just before bitgs 65 through 128, the last 64 bits which are the host ID bits.) Currently those are bits 57 through 64 (based on the idea of giving out /56 subnets, as mentioned by RFC 6177: IPv6 Address Assignment to End Sites.) However, there used to be 16 bits availablke for subnetting (which came just before the 64 host ID bits, so those subnetting bits were bits 49 through 64). That was based on the idea of giving out /48 subnets. So, recommendations have changed a number of times before.

Understanding VLSM/CIDR notation

A description of this should be provided (perhaps here...) The CIDR notations on Variable-Length Subnetting Chart may be helpful...

Choosing an optimal size

How big of a subnet is needed for 15 devices?

Well, for IPv6, a /64 is generally ideal.

Misc details

A “subnet” may also be called a “subnetwork”. The term “subnetwork” is technically a proper term, although people do use the term “subnet” far more frequently. The use of the word “subnetwork” is so uncommon that many trained network professionals may not have actually heard or seen the term “subnetwork”. Of those who have, some may think that “subnetwork” is not a valid term. However, the term “subnetwork” is a valid term, and means the exact same thing as “subnet”. For example, the end of page 2 and then the start of RFC 3819: “Advice for Internet Subnetwork Designers”: Page 3 provide a description of the term.

This guide described what subnets are: groups of IP addresses. This guide didn't really describe why subnets are used. The simple answer is: as a way to describe a group of addresses. A key reason that subnets are used is to create routing rules, which are used by routers to determine where traffic goes. Compared to creating multiple rules for nearby addresses, creating one rule for a subnet is quicker for humans, and quicker for devices to apply the rule. Using fewer rules, by referring to groups of addresses, can also reduce memory requirements for routing devices.

The guide didn't really describe creating minimally-sized IPv4 subnets: That may be covered more by making subnets. (Some further discussion, showing how to handle a /23, may be useful...)