You have probably heard of subnetting where the address space of a network is divided up with different pools reserved for segments of the network. There is another approach to managing large networks, which is called supernetting. The supernetting philosophy works from the bottom up and, effectively unites separate networks into one whole one.
Although supernetting is often portrayed as the opposite of subnetting, the end results of the two methodologies work out the same in terms of address pool usage – one large network that is segmented. The two strategies diverge in the way routing is implemented.
Essentially, both systems impose a theoretic structure on an existing network through their treatment of IP addresses. Supernetting is usually applied to contiguous networks and is an attempt to address routing issues. Effectively, it is similar to the concept of a software-defined WAN. However, while an SD-WAN reaches across the Internet to unite separate sites, the supernetting strategy is meant to be applied to one location.
What is a supernetwork?
Central to the topic of supernetting, the supernetwork is a combination of previously existing networks. It is a private Internet because it interlinks previously autonomous networks and imposes a common address pool on it. Network managers that already deal with one large network can also use the super network concept to break up the routing method used on the system.
Effectively, the Internet is a form of supernetwork. The main difference between the two concepts is that the supernetwork is under one single ownership.
There are other labels for supernetting, which you might already have heard of. These are route aggregation, route summarization, and prefix aggregation. The relationship between a supernetwork and the Internet is important because it provides one single access point to the Internet for a group of networks that previously might each have had individual Internet gateways. Within the supernetwork, there is one single address pool.
The supernetwork is defined by the way routing is implemented on the network. It has a single routing schema but a distributed routing algorithm. Each segment of the network is governed by a router and all of the routers on the system are coordinated by a master router. So, this is a hierarchical system.
Each segment of the network is treated as a black box and all the routers of other segments need to know is that traffic for any address within a specific range needs to go to the router for that segment. Other routers don’t need to know the specific path to each individual endpoint.
With supernetting, the routing tables of all of the routers on the network are shorter, and routing decisions can be made much more quickly. It doesn’t matter to the main network router how each segment is organized. That main router will also double up as the gateway to the internet.
Equipping a supernetwork
In terms of infrastructure, the supernetting strategy requires more routers than standard networking or subnetting. This is because each segment, which would normally be served by a switch, requires its own router.
On initial assessment, the idea of increasing the number of routers provisioned for a network seems to be an expensive proposition. However, the many routers deployed around the system do not need the large capacity of a typical network router. They only need to handle the throughput of a smaller section. The price of routers has come down a lot over recent years and, for the capacity required for each segment, it is possible to acquire a router for more or less the same price as a switch.
Switches still have a role in a supernetwork. However, they will be subordinate to an intermediate router. The presence of a router at the gateway of each network segment presents the possibility of aggregating or distributing other network services. For example, firewalls can be installed on each router, enabling variable security levels and demilitarized zones (DMZs) on the network. This distributed security strategy also acts as an aggregation method because endpoint protection can be implemented on the router, in one location that covers many endpoints rather than installing the security software on each device.
Cabling for a supernetwork
The formation of a supernetwork does not involve any new cabling of the network. All of the physical infrastructures of the contributing networks already exist and should be left as it is. Instead, the unity of networks is created through an addressing strategy and a change in routing algorithms.
Similarly, if an existing, single network is being split up so that it can be managed in segments through the supernetting strategy, there are no changes needed to cabling. However, some switches will need to be replaced by routers.
The big advantage to supernetting comes when you want to physically reorganize a segment. Adding on new endpoints, IoT devices, or network-connected equipment has no impact at all on the routers that control other parts of the network. As long as the IP addresses allocated within the segment don’t go outside of its current address pool allocation, there need be no alteration to the routing tables operating on other parts of the network.
Routing on as supernetwork
Each segment of the supernetwork has its own local router. Just as with subnetting, the supernetwork philosophy recognizes that a large proportion of network activity occurs within segments, such as communications between devices serving the same business department. This concept is termed regional route aggregation.
Under route aggregation, Router A doesn’t need to know where every endpoint is on the network. It just needs to know which router takes care of which segment, which is indicated by a Supernet ID contained in the IP address in the header of each incoming packet. For one range it needs to send the packet towards Router B, for a different ID it sends the packet to Router C, and so on.
If Router B controls 30 endpoints, Router A just needs to store the address of Router B for all of the addresses that fall within its control. The list of records held in a routing table is thus reduced to just a few rows.
Another benefit of this routing shortcut is that it removes the need for new IP address allocations to be propagated all around the network. A large organization that implements DHCP will see all of its IP address allocations change, requiring all routing tables to be updated. Although update data doesn’t take up bandwidth, it is an overhead and a busy network needs all of the spare capacity that it can get. Removing the need for frequent router table refreshing reduces superfluous network traffic.
Supernetwork routing can be implemented with the Border Gateway Protocol, the Enhanced Interior Gateway Routing Protocol, the Open Shortest Path First, the Intermediate System to Intermediate System, and the Routing Information Protocol v3 algorithms.
Supernetting vs subnetting
Both supernetting and subnetting are address management concepts. There is a small difference between the way that supernetting and subnetting are implemented in IP addressing. An IP address is composed of a part that represents a Host ID and a part that represents a Network ID. The diagram below shows how subnetting and supernetting treat these two sections of the address.
In subnetting, the higher-order bits of the Host ID are appropriated to denote the Subnet ID. In supernetting, the lower-order bits of the Network ID are used to indicate the Supernet ID. So, the segment identifier in subnetting is a prefix to the Host ID and in supernetting, it is a postfix to the Network ID. The results of these two methods are that, in both cases, the network segment can be identified by a number of bits that lie between the Network ID and the Host ID.
The indexing of IP addresses in a routing table can, in both cases, make record scans faster. However, the subnet strategy doesn’t take advantage of the fact that all devices within a subnet have a common address element. The full routing table for all devices is still included in every router on the network. Supernetting uses that common segment identifier to shortcut routing decisions. Look for the Supernet ID and just get that traffic to the router that is registered as the controller for that part of the network.
Supernetting shortens the routing table. Fewer records can be searched faster than long record lists, so router decision making, and thus, packet forwarding, happens a lot faster in supernetwork scenarios. To put it another way, cheaper routers with less processing power can achieve more at less cost under this system.
Supernetting addresses
Supernetting uses Classless Internet Domain Routing (CIDR). This address management concept is not unique to supernetting. It is also widely used in subnetting. For more information on CIDR in subnetting see The Ultimate Guide to Subnetting.
CIDR deploys “variable-length subnet masking” (VLSM). This is an efficient use of address space and reduces the chances of a network running out of IP addresses due to misallocation of large ranges of addresses to all of the network segments.
There is a conflict in the aims of supernetting here because the point of this system is to reduce the need for router table updates by locking in ranges of addresses to each router around the network. VLSM is lauded as a flexible method that allows segment IP address ranges to be adjusted easily in the face of changing demand.
Supernetting imposes a degree of rigidity in IP address allocation, while VLSM is supposed to enable variability. The reconciliation between these two opposing strategies lies in planning. When judging the size of each address pool, you need to take into account how that segment might change in size over time.
With supernetting, you need to aim for as little disruption as possible to the routing tables on the network. That, unavoidably, will lead to some segments being overallocated addresses to head off the problems of address exhaustion. A tight allocation would open the probability of those boundaries between address allocations needing to be changed at some point in the future. That would require all of the routing tables to be updated, which is an event that supernetting seeks to avoid.
Ultimately, how precisely you size each router’s IP allocation reservation is up to you. Be aware that your decision will influence future operations. One solution lies in leaving gaps between allocations to allow for future expansion. So, you could add on another slice and amalgamate the two allocations into one. For example, you can combine four /24 networks (254 addresses each) to create one /22 network (with 1022 addresses). However, this is only an efficient solution in terms of routing tables if those four reserved ranges are contiguous.
Leaving gaps in IP address sequences is against the rules of supernetting (though not a showstopper) as you will read in the next section. This takes us back to the solution of expanding address ranges so that they have enough space for future requirements and also bump up against each other to create a contiguous unified list of addresses.
The rules of supernetting
If you have mastered subnetting, you will have no problems with supernetting. The calculations involved in reserving IP address ranges per segment are the same in both cases.
Consider the following rules of supernetting:
- Make sure the networks have consecutive IP address ranges.
- The number of networks to be aggregated must be to the order of 2 (i.e. 2, 4, 8, 16 …).
- The first non-common octet of the lowest IP address block in the list of networks to be aggregated must be zero or an even number and a multiple of the number of networks to be aggregated.
This list of rules means that not all pre-existing networks can be merged without resequencing their IP address ranges. As most networks currently operate on the DHCP system, reorganizing their IP address allocations to make them fit shouldn’t be a problem.
The key sticking point for most is that it is only possible to merge an even number of networks, so you can’t merge three or five networks without splitting one of them up first.
Breaking the rules of supernetting
The idea of adjusting existing address allocations to make conditions fit could be seen as cheating or even breaking the rules. If people can just reorganize the address pools of existing networks to make them fit, is there any point in sticking to the rules?
The rules are not there to create some exclusive club of those who can implement supernetting. They are there because the addressing system you create won’t work if those preconditions are not in place. Think of them not specifically as rules but indicators that the supernetting system will work.
Adjusting addresses in existing networks to make them fit isn’t cheating; it is just an exercise in aligning the address pools with the indicators that ensure that the supernetting system will work and successfully create a supernetwork with no routing issues.
To understand why it is okay to adjust addresses and not okay to break the rules, you need to know how supernetting is done.
One reason that some combinations of address blocks work and others don’t is that part of the Network ID needs to be sacrificed to create a Supernet ID to identify the network area.
The Supernet ID distinguishes between each segment of the network and identifies its router, making the route to any endpoint on that segment easy to deduce.
The more networks that are being merged, the more bits need to be used from the Network ID for the Subnet ID. If only two networks are being merged then only one bit is needed for the Supernet ID; if eight networks are involved, three bits are needed. Truncating the Network ID and replacing its final bits with the Supernet ID means that part of the individual endpoint’s unique identifier gets wiped out.
The abbreviated address can advertise more addresses than a destination router actually manages. This would occur if there were gaps in between the blocks of addresses used for all of the segments to be merged. It would also occur if the rule of ensuring that the first non-common octet is divisible by the number of networks to be merged. This last rule is intended to ensure that the lowest IP address used for the total IP addressing scheme is sufficiently high that it can afford to lose a number of bits of its third octet and still be uniquely identifiable.
Consider the four networks with the following address blocks:
- 172.16.2.0/24
- 172.16.3.0/24
- 172.16.4.0/24
- 172.16.5.0/24
As there are four networks involved, rule number one is satisfied because it is an even number. Rule number two is also satisfied here because four is 2 to the power of 2. The third rule is not satisfied because the lowest IP address’s third octet is not divisible by the number of networks and still produces a whole number. So, if you went ahead and merged these networks anyway, you would need to wipe out the two lowest order bits of the Network ID in order to make room for the Supernet ID.
Without those last two bits in the third octet, the entire group would be advertised as 172.16.0.0/22. That would include addresses such as 172.16.0.0, 172.16.1.0, and 172.16.5.0, which are not part of the address block that the router can manage.
In practice, you could get away with the above scenario as long as you don’t intend to use the falsely advertised addresses elsewhere.
How to implement supernetting
Merge networks into a supernet by following these steps:
- Compare the lowest IP address in each block.
- Convert each address into binary.
- Write out the addresses in a row for each so that each bit of all addresses is lined up.
- Look along all the addresses bit by bit until you reach a column where all bits are not the same.
- From that first bit where there is no match (including that bit) down to the end, set all bits to zero.
- Create the subnet mask by placing ones in all of the positions up to the bit where you started writing zeros in the previous step and then copying down the zeros for the remaining positions.
- Mark off from the left enough zero-filled positions to be the Supernet ID. This should give a count of all the original networks. So, if you have two networks to merge, you need one bit, if you have four, you need two bits and if you have eight, you need three bits, and so on.
Express the route in CIDR notation with the address created in step five followed by the number of bits that are set in the subnet mask that you created in step six.
An example of supernetting
We will work through an example with the following four networks:
- 10.4.0.0/16
- 10.5.0.0/16
- 10.6.0.0/16
- 10.7.0.0/16
This exercise passes the three rules because the address blocks are consecutive, there are four networks to merge, which is to the order of 2 (2 to the power of 2). The first non-common octet of the lowest block is four, which is divisible by the number of networks to merge, which is also four.
In the image below, you can see the four starting addresses in each of these blocks laid out together.
Looking from left to right, all of the bits are the same in all four addresses until position 15. In the subnet mask at bottom of the picture, this bit is set to zero as are all of the remaining bits. Positions 1 to 14 in the mask are set to one.
The unified network has an address block of 10.4.0.0/14 and a subnet mask of 255.252.0.0.
Conclusion
Supernetting is very similar to subnetting. In fact, if you only deal with qualifying networks to merge that pass the three tests, supernetting is actually easier than subnetting.