You touch on the skirts of it, but everyone involved in setting up private networks should be familiar with RFC1918. This defines the private subnets set aside for personal use, i.e. traffic from any device with one of these addresses will be dropped on the live Internet instead of forwarded on/processed. These subnets include 10.x.x.x, 172.16.10.x-172.16.31.x and 192.168.x.x.
Subnetting can be a tricky beast, misplacing one bit will make devices unreachable and drive you insane. If you're doing this for a living I found the Cisco books for their CCNA networking to be amazingly insightful (down to the bit level) even if you don't plan on pursuing the certification.
This is all beyond me. I doubt I will ever need to interact with a network containing more than 254 devices.
The one thing I don't quite understand is how for instance a router with an address of 192.168.1.1 is able to interact with something with an address of of 192.168.2.XXX. If that 3rd digit doesn't match, wouldn't it be unreachable by the router? Or does it become reachable when the subnet digit is changed?
The subnet mask determines which other addresses a device at a specific address can reach. For any bit in the subnet mask which is a "1", the reachable address must be identical to that of the device's specific address.
If you have a subnet mask of 255.255.255.0, a device at 192.168.1.1 would be able to reach devices at 192.168.1.2 to 192.168.1.254. [It's 254 since 255 is usually reserved.] The first three "octets" being 255 are all "1"s, so a reachable device's address must be identical to the first three octets of the device at 192.168.1.1, i.e., 192.168.1 .
If you changed the subnet mask to 255.255.252.0, a device at 192.168.1.1 would be able to reach devices at 192.168.1.2 to 192.168.3.254.
See Undisclosed #3's "Subnet mask quick reference" below and RFC1918 at tools.ietf.org. (if you are really interested).
Or does it become reachable when the subnet digit is changed?
Yes, this is the concept of subnet masks exactly.
When one device with an IP address wants to connect to another device with an IP address, one of the first things it needs to determine is if that other device is on the same LAN (meaning it can send packets to it directly), or if it on a remote network (meaning the packets need to be sent to a router, who can then route them to the appropriate remote network).
The subnet mask and local IP address are used to compute which IPs are local and which are remote.
If you use a subnet mask like 255.255.255.240, then even devices where the 3rd digit (octet) match won't necessarily be able to send packets directly to each other. (subnet masks where the 4th octet are non-zero are more common in datacenters where you might only be allocated 8 IP addresses for your specific use).
All devices on the same subnet are on the same broadcast domain talk directly and can not be firewall from EACH OTHER. A bad network card can cause issues on the entire broadcast domain. Routes between private subnets must be routed by a router. So you need real router such as Cisco Mikrotik, etc. Security mandates Like Hippa require network isolation via separate networks IE. subnets
You may never need to deal with networks containing more than 254 devices, but chances are that you will encounter networks that were setup to deal with less. The most common situation would be a small business that has requested a small block of public IP addresses in order to host something on their own network and provide access to the Internet. The ISP will issue the minimum amount of IP addresses that it can get away with (they charge pretty heftily for public IP addresses) and they will use IP subnetting to do this. In most cases a company will get a block of 8 public IP addresses which be a 255.255.255.240 subnet (of these only 6 are actually accessible, the first of the block is the "network" block and the the last of the block is the "broadcast" address, network is all 0's in the address, broadcast is all 1's)
It does get pretty complex, I still find myself working the bit chart -> 128 - 64 - 32 - 16 - 8 - 4 - 2 - 1, but I enjoy it.
You beat me to it! I was going to also add, that if there is even the minutest possibility of increasing the scope of your network, to be certain to place the critical/static addresses at the bottom of the address scope. For example, use x.x.x.1 for your Logical Default Gateway (assuming something like .2 and .3 will be the physical interfaces for redundant/failover routers) and reserve the rest of the single-digit last octet address for other network-specific devices. This way, if you ever have to expand, you don't have reprogram all your devices, and the network gear doesn't sit in the middle of your address scheme (I'm picky that way).
For a simple/small implementation, I always plan an addressing scheme based on the known Day-1 requirements, plus a 3 year out potential expansion forecast. Something like this -
x.x.x.0 - network address x.x.x.1 - Default G/W x.x.x.2 - x.x.x.10 - network devices, DNS, SNTP, etc. x.x.x.11 - x.x.x.30 - servers, storage, workstations (maybe) x.x.x.31 - x.x.x.40 - encoders, decoders, audio, I/O, intercoms x.x.x.41 - x.x.x.50 - reserved for who-knows-what may come x.x.x.51 - x.x.x.254 - cameras (bottom-up) and access control (top-down)
For a larger implementation, video and access (and intrusion?) might be on separate VLANs.
The sub vs super tag is about the relation to a standard subnet mask for a given network class. All networks are divided into subnets. The difference is whether it’s a bigger (super) or smaller (sub) subnet than the standard subnet.