Subnetting and CIDR Basics, with Worked Examples
A subnet is a slice of IP address space that shares the same network prefix. CIDR notation — like 192.168.1.0/24 — is the modern way to describe one: the /prefix says how many leading bits form the network portion; the rest is the host portion.
Prefix length and host count
The host part is 32 − prefix bits, and 2 to that power is the total number of addresses in the block. In IPv4, two of those are reserved (the network and broadcast addresses), so usable hosts = total − 2.
| CIDR | Netmask | Total | Usable hosts |
|---|---|---|---|
/24 |
255.255.255.0 |
256 | 254 |
/25 |
255.255.255.128 |
128 | 126 |
/26 |
255.255.255.192 |
64 | 62 |
/27 |
255.255.255.224 |
32 | 30 |
/28 |
255.255.255.240 |
16 | 14 |
/30 |
255.255.255.252 |
4 | 2 |
A handy mental model: each step in the prefix halves the block. /24 is 256 addresses; /25 is two halves of 128; /26 is four blocks of 64, and so on.
How the mask actually works
The netmask is just the address with the network bits set to 1 and host bits set to 0. To find the network address, you AND the IP with the mask. Worked example for 192.168.1.0/24:
IP 11000000.10101000.00000001.00000000 192.168.1.0
mask /24 11111111.11111111.11111111.00000000 255.255.255.0
AND 11000000.10101000.00000001.00000000 = network 192.168.1.0
From there, for 192.168.1.0/24:
- Network address:
192.168.1.0(all host bits 0) - Broadcast:
192.168.1.255(all host bits 1) - First usable host:
192.168.1.1 - Last usable host:
192.168.1.254
Doing this by hand gets tedious fast — paste any CIDR into the subnet calculator for instant network, broadcast, host range and count (IPv4 and IPv6).
Splitting a block (VLSM)
You often need to carve one block into smaller subnets of equal or varying size (Variable Length Subnet Masking). Splitting 192.168.1.0/24 into four /26s gives:
| Subnet | Range | Usable |
|---|---|---|
192.168.1.0/26 |
.0–.63 |
.1–.62 |
192.168.1.64/26 |
.64–.127 |
.65–.126 |
192.168.1.128/26 |
.128–.191 |
.129–.190 |
192.168.1.192/26 |
.192–.255 |
.193–.254 |
The CIDR tools can split a block automatically and test whether an address falls inside a given range. For cloud network design, see planning CIDR for AWS VPC.
Two special cases
/31— a 2-address block used for point-to-point links (RFC 3021). Both addresses are usable; there is no broadcast./32— a single host (one address), common in routing, allowlists and loopbacks.
IPv6 prefixes are different
IPv6 has no broadcast address and uses vastly larger blocks. The common allocations are clean powers of two on nibble boundaries:
| Prefix | Typical use |
|---|---|
/48 |
A site |
/56 |
A home/customer |
/64 |
A single subnet (standard LAN size) |
Host counts are astronomical, so IPv6 thinking is about prefix planning, not squeezing hosts. See IPv6 vs IPv4 and IPv6 address types. The subnet calculator accepts IPv6 CIDR too.
Note: "How many hosts do I need?" decides the prefix. Need ~50 hosts? A
/26(62 usable) fits with headroom; a/27(30) does not. Always size up — re-addressing a live network is painful.