Subnet
What is Subnet?
SubnetA contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
A subnet (subnetwork) groups IP addresses that share the most significant bits of their address into a single layer-3 network. The split between network and host bits is given by a subnet mask or, in CIDR, a prefix length such as /24. Hosts in the same subnet communicate directly via ARP or IPv6 Neighbor Discovery; traffic to other subnets is forwarded through a router. Subnetting supports efficient address allocation, isolates broadcast traffic, and underpins network segmentation. In security architectures it forms the boundary for VLANs, ACLs, firewall rules, and microsegmentation. Misconfigured subnets - too large, overlapping, or routed across trust zones - are a recurring source of lateral-movement risk.
● Examples
- 01
The /24 subnet 10.1.20.0/24 contains 256 addresses, with 10.1.20.255 reserved as broadcast.
- 02
Production servers live in 10.1.10.0/24 while build agents are isolated in 10.1.30.0/24.
● Frequently asked questions
What is Subnet?
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network. It belongs to the Network Security category of cybersecurity.
What does Subnet mean?
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
How does Subnet work?
A subnet (subnetwork) groups IP addresses that share the most significant bits of their address into a single layer-3 network. The split between network and host bits is given by a subnet mask or, in CIDR, a prefix length such as /24. Hosts in the same subnet communicate directly via ARP or IPv6 Neighbor Discovery; traffic to other subnets is forwarded through a router. Subnetting supports efficient address allocation, isolates broadcast traffic, and underpins network segmentation. In security architectures it forms the boundary for VLANs, ACLs, firewall rules, and microsegmentation. Misconfigured subnets - too large, overlapping, or routed across trust zones - are a recurring source of lateral-movement risk.
How do you defend against Subnet?
Defences for Subnet typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Subnet?
Common alternative names include: Subnetwork, IP subnet.
● Related terms
- network-security№ 168
CIDR Notation
Classless Inter-Domain Routing notation expresses an IP prefix as an address followed by a slash and the number of significant bits, e.g., 10.0.0.0/8.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1206
VLAN
A virtual LAN (IEEE 802.1Q) groups switch ports into separate broadcast domains by tagging Ethernet frames with a 12-bit VLAN ID.
- network-security№ 723
Network Segmentation
The practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege.
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 061
ARP
A link-layer protocol (RFC 826) that maps an IPv4 address to the MAC address of a host on the same broadcast domain so that frames can be delivered.
● See also
- № 311DHCP
- № 637MAC Address
- № 093BGP Route Leak