How to create subnets from given CIDR block

This is one of my favorite DevOps Interview questions asked in companies like Apple and others for their cloud engineering role

“Given a cidr block, please create subnets for this given use case”

---

Understanding CIDR Notation

A CIDR block is written as IP_Address/Prefix_Length.

• IP_Address: The network address.

• Prefix_Length: The number of bits in the IP address that represent the network portion. The remaining bits represent the host portion.

Network Address and Broadcast address:

For each subnet, the network address is the first address in the range, and the broadcast address is the last. Usable hosts are between these two.

The Subnet Mask as a Divider:

• The subnet mask's job is to divide an IP address into two parts: the network portion and the host portion.

• In binary, the '1's in the subnet mask represent the network portion, and the '0's represent the host portion.

---

Before we start, lets learn some basic binary math:

Shifting a binary number one position to the right is equivalent to dividing the number by 2 (integer division, meaning any remainder is dropped).

• Again, analogous to decimal: removing a zero from the right (e.g., 120 becomes 12) divides it by 10. In binary, removing a digit from the right divides by 2.

• Example:

  • Binary 1100 (Decimal 12)

  • Shift right by 1: 0110 (Decimal 6, which is 12 / 2)

  • Shift right by 2: 0011 (Decimal 3, which is 12 / 2 / 2, or 12 / 22)

Borrowing Bits is Like Shifting the "Division Point":

• When you "borrow" a bit from the host portion to create more subnets, what you're essentially doing is shifting the boundary between the network and host portions to the right by one position (or more, if borrowing more bits).

• Each time you shift that boundary one bit to the right (i.e., add another '1' to the network portion of the mask and subtract a '0' from the host portion), you effectively divide the total available host addresses in that original network segment by 2.

To divide a CIDR block you need to "borrow" bits from the host portion of the original subnet mask.

Each borrowed bit doubles the number of possible subnets.

• 1 borrowed bit = 2^1=2 subnets

• 2 borrowed bits = 2^2=4 subnets

• 3 borrowed bits = 2^3=8 subnets, and so on.

---

Example: Splitting 192.168.1.0/24 into two subnets

1. Analyze the Original CIDR Block:

• Network Address: 192.168.1.0

• Prefix Length: /24

• Subnet Mask (decimal): 255.255.255.0

• Subnet Mask (binary): 11111111.11111111.11111111.00000000

  • 24 bits for the network (1s)

  • 8 bits for the host (0s)

• Total IP addresses: 2^host_bits = 2^8 =256 addresses.

• Usable Host Addresses: 2^host_bits−2 = 256 − 2 = 254 (subtracting network and broadcast addresses).

2. Determine the New Prefix Length for Two Subnets:

To divide a network into two equal subnets, you need to borrow 1 bit from the host portion. This increases the prefix length by 1.

• New Prefix Length: 24+1=/25

3. Calculate the New Subnet Mask:

A /25 prefix means 25 network bits (1s) and 7 host bits (0s).

• New Subnet Mask (binary): 11111111.11111111.11111111.10000000

• New Subnet Mask (decimal): 255.255.255.128

4. Identify the Two New Subnet CIDR Blocks:

Now, you take the original network address and use the borrowed bit to create two distinct networks. The borrowed bit will either be a '0' or a '1'.

• Subnet 1: The first subnet will have the borrowed bit as '0'. Its network address will be the same as the original network address.

  • Network Address: 192.168.1.0

  • CIDR: 192.168.1.0/25

  • Host Range: 192.168.1.1 to 192.168.1.126

  • Broadcast Address: 192.168.1.127

  • Number of Addresses: 27=128

• Subnet 2: The second subnet will have the borrowed bit as '1'. This means the first available host IP address from the original network (the one after the first subnet's broadcast address) becomes the network address for the second subnet.

  • Network Address: 192.168.1.128

  • CIDR: 192.168.1.128/25

  • Host Range: 192.168.1.129 to 192.168.1.254

  • Broadcast Address: 192.168.1.255

  • Number of Addresses: 27=128

---

Let's use the same example: 192.168.1.0/24 and divide it into four subnets.

1. Analyze the Original CIDR Block:

• Network Address: 192.168.1.0

• Prefix Length: /24

• Subnet Mask (decimal): 255.255.255.0

• Subnet Mask (binary): 11111111.11111111.11111111.00000000

  • 24 bits for the network (1s)

  • 8 bits for the host (0s)

• Total IP addresses: 28=256 addresses.

2. Determine the New Prefix Length for Four Subnets:

To divide a network into four equal subnets, you need to borrow 2 bits from the host portion. This increases the prefix length by 2.

• New Prefix Length: 24+2=/26

3. Calculate the New Subnet Mask:

A /26 prefix means 26 network bits (1s) and 6 host bits (0s).

• New Subnet Mask (binary): 11111111.11111111.11111111.11000000

• New Subnet Mask (decimal): 255.255.255.192

4. Identify the Four New Subnet CIDR Blocks:

Now, we use the two borrowed bits to create the four distinct networks. The combinations for two bits are 00, 01, 10, and 11.

Each new subnet will have 2(32−26)=26=64 addresses.

• Subnet 1 (Borrowed Bits: 00)

  • Network Address: 192.168.1.0

  • CIDR: 192.168.1.0/26

  • Host Range: 192.168.1.1 to 192.168.1.62

  • Broadcast Address: 192.168.1.63

• Subnet 2 (Borrowed Bits: 01)

  • To find its network address, add the number of addresses in each subnet (64) to the previous network address: 192.168.1.0 + 64 = 192.168.1.64

  • Network Address: 192.168.1.64

  • CIDR: 192.168.1.64/26

  • Host Range: 192.168.1.65 to 192.168.1.126

  • Broadcast Address: 192.168.1.127

• Subnet 3 (Borrowed Bits: 10)

  • Add 64 to the previous network address: 192.168.1.64 + 64 = 192.168.1.128

  • Network Address: 192.168.1.128

  • CIDR: 192.168.1.128/26

  • Host Range: 192.168.1.129 to 192.168.1.190

  • Broadcast Address: 192.168.1.191

• Subnet 4 (Borrowed Bits: 11)

  • Add 64 to the previous network address: 192.168.1.128 + 64 = 192.168.1.192

  • Network Address: 192.168.1.192

  • CIDR: 192.168.1.192/26

  • Host Range: 192.168.1.193 to 192.168.1.254

  • Broadcast Address: 192.168.1.255

Summary of the Split into Four Subnets:

Original CIDR: 192.168.1.0/24

Subnet 1:

• Network Address: 192.168.1.0

• CIDR: 192.168.1.0/26

• Host Range: 192.168.1.1 - 192.168.1.62

• Broadcast Address: 192.168.1.63

Subnet 2:

• Network Address: 192.168.1.64

• CIDR: 192.168.1.64/26

• Host Range: 192.168.1.65 - 192.168.1.126

• Broadcast Address: 192.168.1.127

Subnet 3:

• Network Address: 192.168.1.128

• CIDR: 192.168.1.128/26

• Host Range: 192.168.1.129 - 192.168.1.190

• Broadcast Address: 192.168.1.191

Subnet 4:

• Network Address: 192.168.1.192

• CIDR: 192.168.1.192/26

• Host Range: 192.168.1.193 - 192.168.1.254

• Broadcast Address: 192.168.1.255

---

This process can be generalized:

• To get 'N' subnets, you need to borrow 'B' bits where 2^B≥N.

• The new prefix length will be Original_Prefix_Length + B.

• The number of addresses in each new subnet will be 2^(32−New_Prefix_Length).

• You then increment the network address by this number of addresses for each subsequent subnet.