IP subnets

Primary tabs

introduction

The LIC uses many IP addresses. Some of them are public and the rest are private. There are three groups of these addresses: one for the Internet, one for the LIC and one for the enterprise network.

Each group is made up of a continuous sequence of numbers, often called an IP address range. One sequence of numbers is used in one network. Everything in the network gets its own address. This IP address part of the network is called, with stunning clarity, the IP address network.

Network administrators like to fiddle with the IP address network, splitting it into smaller chunks and using different chunks for different tasks. Each of these chunks is called an IP subnet, short for IP address sub-network. The splitting is done using a technique called CIDR.

what it is

The LIC uses the 192.168.0.0/16 network for all its private addresses. This is split into subnets and subnets of subnets. We use each subnet as a LAN (Local Area Network), a little network that acts independantly of the other bits of the LIC but that is still connected to these other bits.

The big private block of IP addresses is split into several smaller blocks using a technique called CIDR. All the little blocks are the same size. Each little block can be further split into even smaller parts.

Figuring out CIDR and IP address ranges can fry the brain of a normal person. Use the handy IP calculator web site (http://jodies.de/ipcalc) and save your head.

network, subnets and sub-subnets

Any IP address network can be split into smaller subnets. Those subnets can be split into even smaller sub-subnets. A huge network may be split and split again many times. No-one bothers keeping track of how many times this happens so you will never hear anyone talking about a sub-subnet or a sub-sub-sub-sub-subnet.

The 192.168.0.0/16 network is huge. It contains 65,534 host IP addresses, far more than I need in the LIC. I can't afford to buy a warehouse and fill it with computers. Since most of the IPs will not be used, most of this IP space is wasted. Waste here does not matter. IP addresses aren't real so there is no overflowing trash can.

This range is split into smaller sub-networks and then split again.

LIC table: IP subnetting
                                         
192.168.0.0/16
                              ...
192.168.0.0/21 (internet DMZ) 192.168.8.0/21 192.168.16.0/21 192.168.24.0/21 192.168.32.0/21 ...
...                                  
192.168.0.0/24 (ifw to ilb) 192.168.1.0/24  ...  192.168.7.0/24                                  
                                         
IP subnets. How confusing?

I split this big fat 192.168.0.0/16 network into 32 small manageable chunks called subnets (an abbreviation of sub-network). These are named 192.168.0.0/21, 192.168.8.0/21 and so on up to 192.168.248.0/21. Can you see the sequence? The third octet goes up by 8 each time.

I then took the first subnet and split it again, into eight smaller chunks. These are named 192.168.0.0/24, 192.168.1.0/24 and so on up to 192.168.7.0/24. The third octet goes up by just 1 each time.

IP subnets in the LIC

  1. NAT IP addresses 192.168.23.x
  2. NAT IP addresses 192.168.25.x, an IP pool
  3. NAT IP addresses 200.0.0.x
  4. Internet DMZ: biz01: IP addresses 192.168.0.0/21
  5. Internet DMZ: biz02: 192.168.40.0/21
  6. Internet DMZ: adm01: 192.168.80.0/21