Networking 101 #6. Subnets, CIDR & NAT
Source: Dev.to
Note: This series is not written by an expert — it’s a beginner learning out loud, sharing:
- what I understand,
- what confuses me,
- and what I learn along the way.
The goal is to build consistency, clarity, and invite discussion.
📌 What This Blog Covers
In this post, I’ll cover:
- What are subnets
- Public subnet vs Private subnet
- What is CIDR
- What is NAT
- Issues with subnets
📂 GitHub Repository
All my notes, diagrams, and learning resources for this series live here:
[GitHub repo link](add your URL)
The repo is updated as I continue learning.
📚 Learning Notes
1️⃣ First: Why do subnets even exist?
Question: Why don’t we just put all computers on one big network?
Answer:
- It would be insecure
- It would be chaotic
- It would not scale
Therefore networks are divided into smaller networks called subnets.
2️⃣ What is a subnet?
A subnet is a group of IP addresses that belong to the same internal network. That’s it.
Example:
10.0.0.0 – 10.0.0.255All machines in this range:
- Can talk to each other directly
- Are part of the same private network
3️⃣ Why cloud providers force you to use subnets
In cloud platforms (AWS, GCP, Azure) you don’t get a “flat” network. You must create:
- A VPC (virtual private cloud)
- Subnets inside it
Why?
- Security isolation
- Routing control
- Scalability
That’s why you always see subnet selection during VM creation.
4️⃣ What is CIDR (the scary /24 thing)?
CIDR looks scary but is simple.
Example:
10.0.0.0/24CIDR tells you how many IPs belong to this network.
4.1 CIDR without math (promise)
| CIDR | Approx. IPs |
|---|---|
| /24 | ~256 |
| /16 | ~65,000 |
| /8 | ~16 million |
- Smaller number after
/→ bigger network - Bigger number after
/→ smaller network
That’s enough for DevOps.
4.2 What /24 actually means
10.0.0.0/24- Network starts at
10.0.0.0 - Ends at
10.0.0.255 - Total ≈ 256 IPs (cloud providers reserve a few internally)
5️⃣ Why CIDR matters in real DevOps work
CIDR decides:
- How many servers you can run
- How isolated your network is
- Whether services can talk to each other
Common mistake: Choosing a subnet that’s too small → you run out of IPs.
6️⃣ Public vs Private subnets
6.1 Public Subnet
- Has a route to the internet
- Used for:
- Load balancers
- Bastion hosts
- Public‑facing services
6.2 Private Subnet
- No direct internet access
- Used for:
- Application servers
- Databases
- Internal services
Best practice: Only expose what must be public.
7️⃣ How do private subnets access the internet?
This is where NAT (Network Address Translation) comes in.
7.1 What is NAT?
NAT allows private IPs → Internet without exposing Internet → private IPs.
NAT is one‑way by default.
7.2 NAT explained simply
- Private server:
10.0.1.5 - Wants to access:
google.com
Flow:
10.0.1.5 → NAT Gateway → InternetThe internet sees the request coming from the public IP of the NAT gateway, and replies travel back through the NAT to the private server.
8️⃣ Why NAT is critical for security
- Without NAT: Every private server needs a public IP → everything is exposed.
- With NAT: Servers stay private; only outbound traffic is allowed.
That’s why databases are almost always placed in private subnets.
9️⃣ Common DevOps architecture
Internet
↓
Load Balancer (Public Subnet)
↓
App Servers (Private Subnet)
↓
Database (Private Subnet)- NAT allows:
- App → Internet (updates, external APIs)
- Database → No internet access
🔟 How subnet issues show up in real life
| Problem | Likely Cause |
|---|---|
| Can’t reach DB | Wrong subnet |
| App can’t access internet | Missing NAT |
| Server unreachable | Public IP missing |
| Only some services talk | Routing issue |
Most “network issues” are subnet or NAT misconfigurations.
1️⃣1️⃣ Mini hands‑on mental exercise
Ask yourself:
- Is this service public or private?
- Does it need inbound access?
- Does it need outbound internet access?
Those answers decide:
- Subnet type
- NAT requirement
- Security rules
1️⃣2️⃣ Mental model upgrade
Your networking stack now looks like:
Internet
↓
Public Subnet
↓
Private Subnet
↓
ServiceSubnets decide who can talk to whom.
✅ Key takeaways
- Subnets group IPs.
- CIDR controls subnet size.
- Public subnets face the internet.
- Private subnets stay hidden.
- NAT allows safe outbound access.
- Most cloud networking issues are subnet‑related.
💬 Feedback & Discussion
💡 I’d love your feedback!
If you notice:
- Missing tool categories,
- Incorrect assumptions,
- Better learning paths,
please comment below. I’m here to learn.
⭐ Support the Learning Journey
If you found this blog useful:
⭐ Give the GitHub repo a star — it really motivates me to keep learning and sharing publicly.
🐦 Stay Updated
Follow me on [Twitter/X] (add your handle) for updates on future posts in this series.
# 📚 Networking for DevOps – 101
## 👋 About Me
I’m a DevOps Engineer sharing my learning journey on **Twitter/X**. I post regular updates, notes, and progress.
---
## 🔜 What’s Next
In the next post, I’ll be covering:
- **Firewalls, Security Groups & Why “Connection Refused” Happens**
- Ongoing updates to the GitHub repo as I progress
---
## 📘 Learning in Public
- **Repo:**
- **Twitter/X:**
💬 *Feedback welcome* — please comment if anything feels off.
⭐ *Star the repo* if you find it useful.