Casting an expanding net

or “IP Subnetting for dummies”

In work two locations previous joined by a hardware VPN (Sonicwall … eww) are getting their internet connections beefed up and will be getting bonded together at source by Virgin Media. Essentially, we’ll all be on the same LAN.

This is great, one active domain, one set of configurations, shared files from the designers straight to the printers; but the technicalities of it had me slightly worried.

At our end we’re all on 192.168.5.x, whilst the HQ uses 192.168.1.x – however if we’re all on the same LAN, might the DHCP server start handing out 192.168.1.x addresses to everyone ? And if it does, could we very quickly run out ?

Now I know the answer (in part) to this is IP subnet masks, that field in the IP configuration you would always set to and forget about. Despite having built (physically the machines and the wiring) and configured multiple IP based networks I’ve never really gotten to grips with subnets.

In preparation for the upgrade I decided to look into this further. There’s lots talk of IP address to binary and mask addition and other tidbits that whilst technically correct, don’t give a real world simplified view of the answer . Huge thanks has to go to engineer_comp_geek at for that.

Let’s suppose we work in a large office. We have one big network and its overloaded. So, we take all of the computers in the marketting department, and we put them all on one local network. Then we take all of the computers in the engineering department, and we put them on a different network. We make all of the computers in marketting have an IP address of 192.168.0.x (where x is an individual machine number). We make all of the computers in engineering have an IP address of 192.168.1.x. Our subnet mask is We tie these two networks together with a switch, and now we have two seperate subnets, engineering and marketting.

Let’s say we have 3 computers. Computer A is in engineering, and has an IP address of Computer B is in engineering, and has an IP address of Computer C is in marketting, and has an IP address of Computer A tries to access computer B. If all you look at are the bits that are a 1 in the subnet mask, they all match up. We don’t care that computer A ends in .3 and computer B ends in .4 because those bits aren’t set in our subnet mask. So, we know these computers are on the same subnet, and the network traffic between these computers stays on the engineering subnet. The marketting subnet never even gets these messages, so the marketting network traffic is reduced.

Now, computer A tries to access computer C. Now, there is a difference in the IP address for bits that are in the subnet. Computer A starts with 192.168.0 and computer B starts with 192.168.1. Now, the switches on the network know that the message goes to a different subnet, and the message goes over to the marketting subnet.

All messages between machines on the marketting network and other machines on the marketting network don’t go to engineering, and vice versa. Also, all messages from the outside world only go to their intended subnet, so the engineering subnet isn’t cluttered by messages going to and from marketting to the outside world.

If you went back and changed the subnet mask from to then engineering and marketting would both be on the same subnet, because their IP addresses would then only differ in bits that are not in the subnet mask.

Does that help?

Yes, enginner_comp_geek, it really does 🙂

Now the task becomes having some way for the DHCP server to identify the separate network segments, somehow individualising the two offices, perhaps by identifying the switch or cisco box they sit behind at either end ?

That’s the biggest problem with being a geek – you might know a lot about computers, but the expectation is that you know everything !