Why Would an Administrator Use Subnetting?
- Administering a network can be a complex task, and that complexity increases with the number of computers and devices on the network. Especially for geographically dispersed networks, it's preferable to decentralize local network administration to where the computers physically reside. However, it's also preferable to maintain some control over network administration from a central point. Subnetting allows administrators to do this by creating subnetworks that can be administered locally but that are still subject to the central controls that come with a shared IP address space.
- When a router broadcasts traffic, it broadcasts to all computers that share the same network segment as the target computer. In addition, all computers on a network constantly talk to each other. With a single network, this means that routers broadcast all network traffic to every computer and that every computer talks to every other computer. This creates an enormous amount of unnecessary traffic on the network that slows the network down. With subnetting, routers broadcast only to the computers in the same subnet, who limit their conversations to one another.
- Even when using secure communication such as SSL, exposing confidential data to every computer on a network is not a best practice for network security. With a single network, every computer can listen to the traffic destined for any other computer on the network, which poses a security risk. It also makes it easier for viruses and worms to quickly infect an entire network. With subnetting, administrators can limit the exposure of secure communication to devices within a subnet and can isolate a subnet from the rest of the network if it becomes infected with a virus or worm.
- Computers are segmented into subnets by the router that serves them. This limits membership on a subnet to computers that are physically close to one another. Some administrators use virtual LANs, or VLANs, instead of subnets, to create network segments because of the ability to place two physically distanced machines on the same network segment. VLANs use switches rather than routers to create network segments by designating specific ports on a switch to carry traffic for a specific virtual LAN. Implementing a VLAN, however, may require purchasing additional equipment, such as a Layer 3 switch.
