Supernet is short for “Super Network”: an IP network made up by combining two or more networks or subnets with the same network prefix.
The concept of supernet emerged in the 1990s as a response to the limitations of the “classful” system that was introduced with the IPv4 protocol and that consisted of dividing IP addresses into fixed classes (A, B, C) with a predefined network size. This procedure often resulted in wasted IP addresses and inefficient use of available space.
With the growth and expansion of the Internet, the shortcomings of this system became increasingly evident and the fear arose that at some point the IP addresses would run out. Supernet replaced the concept of classes with a flexible routing model in which IP addresses are assigned based on the specific needs of each network.
What is a supernet for?
The main purpose of a supernet is to simplify network management. Supernets are commonly used in IT environments to monitor and manage the whole network from a single central location. Instead of handling multiple entries for each individual network, supernet administrators can manage broad groups of networks from a single entry in the routing table.
In addition, supernets offer greater design flexibility compared to the traditional classifying system. For example, a company can have a supernet that spans several small offices with different numbers of hosts and allocate blocks of IP addresses according to the requirements of each office, without having to stick to a predefined size.
Differences between supernets and subnets
Supernets and subnets are concepts used in IP address management. They differ both in their purpose and in the way they are created, implemented, and in the use cases.
Purpose
- Subnets aim to control network traffic by avoiding congestion.
- Supernets are created to reduce the complexity of routing tables and optimize IP address management.
Creation
- The process of grouping several subnets to create a supernet is commonly called “path aggregation” or “supernetting”. To create the new subnet mask, we will take bits from the network ID and add them to the host ID.
- “Subnetting” is precisely the opposite process. It consists of dividing an IP network into smaller subnets that can be managed independently. In this case, we will take bits from the host ID to add them to the network ID.
Implementation
- Subnets normally use VLSM (variable length subnet mask) to assign different subnet sizes to different segments of an IP network.
- Supernetworks do not typically use VLSM, as the subnet mask is fixed and applies to the entire IP address block. Instead they use the CIDR (Claseless Inter-Domain Routing) protocol to define more flexible subnet masks or the EIGRP (Enhanced Interior Gateway Routing Protocol) protocol, which also offers the possibility of implementing changes to the network topology dynamically.
Use Cases
- Subnets are mostly used in LAN environments to segment local networks and make resource management more efficient. Many companies turn to them to separate departments. For example, separate subnetworks can be created for the sales department, marketing department, and IT department. This makes it possible to apply specific security and management policies for each of them.
- In turn, supernets are more suitable in large networks such as WAN and geographically dispersed business environments. For example, a company that has multiple branches may implement a supernet to bundle IP addresses and simplify routing. Internet service providers (ISP) that manage thousands of networks with unique IP addresses for each customer can also use supernetworks to make monitoring easier and reduce system load.
Path aggregation and summarization
During route aggregation we combine multiple subnets to optimize routing.
Here are the steps involved in this process:
Decide on the necessary subnets
When starting to create a supernet, it is important to be clear that not all subnets can be added. That’s why we need to do a thorough analysis of IP addresses and routing loads first. For example, you need to look at how many IPs are allocated to each subnet and how they are distributed geographically across the network. Ideally, the subnets that make up the supernet should be contiguous and not have empty spaces between them.
In addition, it is important to make a future projection of the growth of the supernet to ensure that it will be able to scale without issues should the requirements increase.
Identify the Supernet ID
Once we have decided which subnets to combine, we need to identify the ID of the supernet. For that it is necessary to first determine the range of IP addresses of the subnets. Look at the routing table and follow a procedure called “summarization”:
1. We convert IP addresses into binary format.
2. We compare all the IP addresses in binary format and we identify the last bit in common from which some zeros differ./p>
3. We take the part of the IP address that precedes the last bit in common and complete with zeros to form the supernet ID.
4. Finally, we convert the address of the supernet back to decimal notation to express it legibly.
For example, if we have the following network addresses:
192.168.50.0/24 11000000.10101000.00 | 110010.00000000
192.168.10.0/24 11000000.10101000.00 | 001010.00000000
We see which is the last bit that matches and from there we switch to zero all the remaining bits of the IP address in binary format:
11000000.10101000.00 | 000000.00000000
Switching it to decimal notation would look like this:
192.168.0.0/18
This network ID of the supernet represents all subnets that are part of it.
Calculate the new supernet subnet mask
Once the supernet ID is identified, calculate the new subnet mask. This implies determining how many additional bits will be needed to cover the whole range.
The resulting subnet mask will be smaller (less restrictive) than the individual subnet masks that comprise it.
In the previous example, the new subnet mask of the supernet would be /18, indicating that the first 18 bits of the IP address represent the network, while the remaining bits are reserved for the hosts within the supernet.
Basic rules
To correctly perform the path aggregation procedure, it is important to follow a series of rules:
- We must ensure that the networks you are going to incorporate have consecutive IP address ranges.
- The number of networks must be by pairs of 2. It is not possible to combine 3 or 5 networks without first splitting one of them.
- The first uncommon octet of the lowest IP address block in the list of subnets to be added must be zero or an even number and multiple of the number of networks to be added.
Pros and Cons of Supernets
Before deploying a supernet, technical teams must do meticulous planning and assess the pros and cons of this new infrastructure regarding the specific needs of the network.
Next, we will name the main advantages and disadvantages of working with supernets.
Advantages of Supernets
- Optimize Routing: By reducing the number of entries in routing tables, supernetworks minimize the memory usage and processing capacity required for packet movement. When a packet is transmitted, routers analyze the target address and compare it to prefixes added to the supernet, thereby determining the optimal path for delivery. This results in reduced latency and improved overall network performance.
- Efficient use of IP addresses: By grouping multiple subnets into a single entity, supernets avoid wasting IP addresses and maximize available space, overcoming class system limitations.
- Simplify network management: They provide a single space from which to manage all networks. This in turn minimizes the risk of errors and misconfigurations.
- They offer flexibility in design: By deploying a supernet, companies can decide the size and features of the network based on their specific needs, without being constrained by the traditional class system.
- Improve safety: By saving processing resources, supernetworks strengthen protection against denial-of-service (DoS) attacks that rely on system overload.
- They are easily scalable: Supernets can be expanded or contracted by adding or removing subnets, without the need to make major changes to the network infrastructure. This feature allows you to adapt to the pace of growth of each company or organization.
Disadvantages of Supernets
- Complex Infrastructure: They require solid knowledge about IP addressing and subnets.
- Expensive Investment: They usually require a significant investment in specialized software and hardware.
- Potential Safety Hazards: By grouping multiple subnets with different configurations, the risk of unauthorized access is higher, especially if consistent security policies are not applied across the supernet.
- Incompatibility Issues: Some network devices may not support CIDR, which would cause interoperability issues within the supernet.
Supernetting Best Practices
As we mentioned in the previous sections, it is necessary to analyze the requirements of the IT infrastructure before deciding whether a supernet is the most appropriate solution. In addition, we must accurately calculate the number of IP addresses assigned to each subnet to effectively distribute the routing load.
Other important recommendations:
- Define the size of the supernet to avoid performance issues.
- Implement security measures, such as firewalls and other technologies, to protect the network from unauthorized access.
- Monitor the status of the supernet in real time to check that it works properly.
- Keep software up to date with the latest security patches to prevent vulnerabilities.
- Carry out periodic ethical hacking tests to detect potential security breaches.
- Plan for the scalability of the supernet in the future, for example, by making sure that the subnet mask has enough IP addresses to perform new additions if the supernet grows.
IP Addressing Management with Pandora FMS (IPAM)
We have seen that path aggregation is a complex process and requires careful planning to efficiently allocate IP addresses. For that reason, since version NG 731, Pandora FMS has a feature called “IPAM” (Internet Protocol Address Management) that allows us to hierarchically visualize the network structure, discover hosts in a subnet and detect changes in availability, host name and operating system.
It also has utilities such as IP address reservation, network IP usage statistics (with alerts and monitoring), as well as a subnet calculator for IPv4 and IPv6.
You may configure IP address detection to run automatically or manually using the Recon Server tool (NetScan).
From the view IPAM → Supernet config, you may create your supernet by specifying the name, the address that you obtained when summarizing the different subnets, the supernet mask, (which in this case is /16) and the subnet mask (which is /24 in this case). You may also specify a site and optionally a description:
Once the supernet has been created in your Pandora FMS console, the only step left is to define the subnets that are part of it:
For that, click on action “add network to supernet”.
Then click on “Next network”:
Complete the configuration of the subnet with the information necessary to scan the network for “live or operational” devices. You may automate the process to save time or force it manually:
In this case, activate the manual configuration from the address view:
On supernet map and supernet tree view screens you may see the hierarchy of our supernetworks in a graph view:
By clicking on each of them, you will get more information.
From supernet config you may check a statistical report of the supernet, with general information on all the subnets that make it up:
Do you need a comprehensive solution for IP address management? Contact our team to request information about Pandora FMS (IPAM) and its usefulness for managing all types of networks.
Enlaces referentes:
https://calculadoraip.org/supernetting/
https://pandorafms.com/manual/!current/es/documentation/pandorafms/monitoring/11_ipam
Can one tool have global visibility?