A network is a group of devices connected together to enable communication. Large networks are usually an interconnection of many smaller networks. For example, the internet is a connection of many private networks.
One of the units a network is usually divided into is the Local Area Network or LAN. A local area network is a network that connects devices that are together in one physical location, like an office, building, or campus.
However, having one big LAN spanning a whole building may not be a very smart and practical move, because it would pose security challenges and be hard to manage.
So, these LANs are broken down into smaller units. This can be done either by breaking it up into smaller LANs or making use of Virtual LANs (VLANs). Breaking it up into smaller LANs means using more switches and delineating these networks with more routers physically.
Physical delineation is, however, not enough. The devices also need to have a way of logically differentiating which devices are in their LAN and which devices aren't. This is where subnets come in.
Subnetting
IP addresses are made up of two parts: the network part and the host part. I always use the analogy of your name and family name. The network ID is like your last name which all your family members share, and the host ID is like your first name.
Every address with the same network ID is within the network, and every address with another network ID is from another network (or subnet). The boundary between the network and host IDs is marked by the subnet mask.
The process of differentiating between the network and host IDs with the subnet mask is called subnetting. And when you subnet, you divide the network into subnets.
Now, subnets
A subnet is basically a segment of the larger network. It logically defines the range of the network. A subnet is a layer 2 broadcast domain, usually with all the hosts (or devices) connected to one switch. Without dividing a LAN into subnets, you'd have a very large broadcast domain. That would eat up a lot of compute resources and make the network vulnerable.
Subnets in traditional networking are not thought of as containers in which your hosts reside, but rather as a network to which all hosts in it are connected; your hosts may however have to be assigned IP addresses from the pool of addresses available to a particular subnet.
In a subnet, each host has a network interface card with a MAC address that uniquely identifies it. This is what the switch(es) use to forward traffic. And, devices in the subnet cannot communicate with devices that belong to another subnet unless through a router.
Two IP addresses are also reserved in the subnet. The first address—which is the network address—and the last address, which is the broadcast address.
Subnets in cloud networking
In cloud networking, subnets are sub-divisions of the cloud networks or virtual networks where you deploy your resources like virtual machines, storage and databases. Different Cloud Service Providers (CSPs) call their cloud networks different names. In the case of AWS and GCP, such a network is called a Virtual Private Cloud (VPC), for Azure, it's called Virtual Network (VNet) and for OCI, it's called a Virtual Cloud Network (VCN). These networks are defined in software by lines of code, and not routers or switches.
The boundaries of a subnet in a cloud network are therefore not defined physically by routers, but virtually by lines of code (software).
Here, we also have two types of subnets:
Private subnets
Public subnets
Private subnets are subnets that cannot have access to the internet. They make use of private IP addresses (RFC 1918). Since they can only make use of private IP addresses, they need a NAT Gateway to perform Network Address Translation to enable them to access the internet.
Public subnets are subnets that can have access to the internet directly. They can make use of both private IP addresses and public IP addresses. And because they can use public IP addresses, they do not need Network Address Translation (NAT) to access the internet.
In cloud subnets, more than two IP addresses are reserved. For example, in AWS and Azure, five(5) addresses are reserved from every subnet, while in OCI three (3) addresses are reserved. These are the regular two addresses and some others for certain purposes.
Conclusion
Subnets are basically networks broken down into smaller bits. The differences between the implementation in cloud and traditional networking are:
Thanks for reading. Don't forget to share this post and subscribe to the newsletter.