Internet Protocols  «Prev  Next»

Lesson 5Subnets
ObjectiveExplain the purpose of subnetting and subnet masks.

What is subnetting?

There is a scarcity of network addresses today. A viable solution to creating new network addresses is to divide the 32-bit address in a process called subnetting.
The process entails modifying the IP address by using the host (or client portion) address bits as network address bits. A more technical evaluation is that a subnet mask is applied to filter the bits not used in the network address.
A subnet mask is a 32-bit number, written in dotted decimal form, in much the same way an IP address is displayed. For example
only hosts IP addresses that are on the same subnet and can communicate with others without a router.

Two-Level and Three-Level Class Hierarchy
Two-Level and Three-Level Class Hierarchy

Subnetting is used when a company has more computers than can be connected to its network; it is also used as a traffic reduction mechanism. However, all devices on the subnet must be programmed with the correct mask value in order for the network to function properly.

Since subnetting tricks the IP Address by turning an unused portion of the Public Address into a Privated address (as discussed at the end of Lesson 4). Subnetting can only occur within a LAN setting, and required a great deal of caution. An incorrect subnetting scheme may violate IP addressing standards, which could cause the network address to be misinterpreted by Internet protocols. This would result in widespread communications problems.

Amazon VPC Subnet

A subnet is a segment of an Amazon VPC’s IP address range where you can launch
  1. Amazon EC2 instances,
  2. Amazon Relational Database Service (Amazon RDS) databases, and
  3. other AWS resources.
CIDR blocks define subnets (for example, and The smallest subnet that you can create is a /28 (16 IP addresses). AWS reserves the first four IP addresses and the last IP address of every subnet for internal networking purposes. For example, a subnet defined as a /28 has 16 available IP addresses; subtract the 5 IPs needed by AWS to yield 11 IP addresses for your use within the subnet.
After creating an Amazon VPC, you can add one or more subnets in each Availability Zone. Subnets reside within one Availability Zone and cannot span zones. This is an important point that can come up in the exam, so remember that one subnet equals one Availability Zone. You can, however, have multiple subnets in one Availability Zone.
Subnets can be classified as public, private, or VPN-only. A public subnet is one in which the associated route table (discussed later) directs the subnet’s traffic to the Amazon VPC’s IGW (also discussed later). A private subnet is one in which the associated route table does not direct the subnet’s traffic to the Amazon VPC’s IGW. A VPN-only subnet is one in which the associated route table directs the subnet’s traffic to the Amazon VPC’s VPG (discussed later) and does not have a route to the IGW. Regardless of the type of subnet, the internal IP address range of the subnet is always private (that is, non-routable on the Internet).
Default Amazon VPCs contain one public subnet in every Availability Zone within the region, with a netmask of /20.

Subnet masks

To subnet an IP network, you use a subnet mask, which splits IP networks into subgroups of networks or subnetworks by filtering unwanted bits so that only usable bits remain. Before using subnet masks, you must perform a decimal-to-binary conversion of the IP address. A subnet mask identifies how the bits of an IP address are used. In binary terms, 0 and 1 are the only functional digits. In binary notation, a 0 (zero) indicates that the bit is a host bit. A 1 (one) indicates that the bit is a network bit.
A subnet mask defines the network, the subnet, and the host.
The table below provides the default masks for IP address classes A to C.
Class Default mask

In the next lesson, you will learn about remote access protocols.