Photography ๐ŸŸข Beginner ๐Ÿ“… February 16, 2026โฑ๏ธ 7 min read

Subnetting & CIDR: Finally Make Sense of IP Addressing

SubnettingCIDRIP AddressingNetworkingBeginner
Subnetting & CIDR: Finally Make Sense of IP Addressing
๐Ÿค–

AI Summary

30-second read
Subnetting is the process of dividing an IP address space into smaller networks. This guide explains binary, CIDR notation, subnet masks, and how to calculate usable host ranges โ€” with a method that makes it click without memorising tables.

Why Subnetting Exists

IPv4 addresses are 32-bit numbers โ€” about 4.3 billion total. That sounds like a lot until you consider that the internet has billions of connected devices. The solution, before IPv6 becomes universal, is to be efficient: break address space into appropriately-sized chunks rather than handing out large blocks to organisations that will waste most of them.

Subnetting also improves network design. A single flat network of 1,000 devices generates broadcast traffic that reaches all 1,000 devices simultaneously. Divided into subnets of 50โ€“100 devices each, broadcasts are contained. Routing becomes cleaner. Troubleshooting becomes faster. Security boundaries become possible.

The Binary Foundation

An IPv4 address like 192.168.1.100 is really four 8-bit numbers (octets) written in decimal for human convenience. In binary: 11000000.10101000.00000001.01100100. Every IP address is 32 bits.

A subnet mask defines which portion of the address is the network and which is the host. 255.255.255.0 in binary is 11111111.11111111.11111111.00000000 โ€” the first 24 bits are network, the last 8 are host. This is written in CIDR notation as /24.

CIDR Notation

CIDR (Classless Inter-Domain Routing) notation writes an address with a slash and the number of network bits: 192.168.1.0/24. The /24 means 24 bits are network, leaving 8 bits for hosts โ€” which gives 2โธ = 256 addresses, minus 2 (network address and broadcast) = 254 usable hosts.

Common subnet sizes:

  • /24 โ€” 254 hosts. Standard office network.
  • /25 โ€” 126 hosts. Half a /24.
  • /26 โ€” 62 hosts. Quarter of a /24.
  • /27 โ€” 30 hosts. Small segment.
  • /28 โ€” 14 hosts. Small VLAN or DMZ.
  • /30 โ€” 2 hosts. Point-to-point links between routers.
  • /32 โ€” 1 host. Loopback addresses, host routes.

The formula: 2^(32 - prefix) - 2 = usable hosts. For /26: 2^(32-26) - 2 = 2^6 - 2 = 64 - 2 = 62.

Network Address and Broadcast

Every subnet has two reserved addresses you cannot assign to hosts:

The network address is the first address โ€” all host bits set to zero. For 192.168.1.0/24, the network address is 192.168.1.0. It identifies the subnet itself in routing tables.

The broadcast address is the last address โ€” all host bits set to one. For 192.168.1.0/24, the broadcast is 192.168.1.255. Frames sent to this address are delivered to all devices in the subnet.

The usable range is everything in between: 192.168.1.1 โ†’ 192.168.1.254.

Subnetting a /24 โ€” A Practical Example

You have 192.168.10.0/24 and need to create 4 equal subnets. You need to borrow bits from the host portion. To create 4 subnets you need 2 bits (2ยฒ = 4). Move the prefix from /24 to /26.

The four /26 subnets:

  • 192.168.10.0/26 โ€” Network: .0, Broadcast: .63, Hosts: .1โ€“.62
  • 192.168.10.64/26 โ€” Network: .64, Broadcast: .127, Hosts: .65โ€“.126
  • 192.168.10.128/26 โ€” Network: .128, Broadcast: .191, Hosts: .129โ€“.190
  • 192.168.10.192/26 โ€” Network: .192, Broadcast: .255, Hosts: .193โ€“.254

The block size is 64 (256 รท 4). Each subnet starts 64 addresses after the previous one. This pattern is the shortcut: block size = 256 - subnet mask last octet. For /26, mask = 255.255.255.192, block size = 256 - 192 = 64.

Variable Length Subnet Masking (VLSM)

VLSM allows different subnets of different sizes within the same address space โ€” matching subnet size to actual need rather than assigning uniform blocks. A department of 100 users gets a /25 (126 hosts). A server segment of 10 gets a /28 (14 hosts). A point-to-point WAN link gets a /30 (2 hosts). No addresses wasted.

VLSM requires that your routing protocol supports it โ€” OSPF, EIGRP, and BGP all do. RIPv1 does not (legacy, avoid).

Private Address Ranges

RFC 1918 defines three ranges reserved for private use โ€” not routable on the public internet:

  • 10.0.0.0/8 โ€” 16.7 million addresses. Large enterprises.
  • 172.16.0.0/12 โ€” 1 million addresses. Medium organisations.
  • 192.168.0.0/16 โ€” 65,536 addresses. Home and small office.

These addresses require NAT to reach the internet. Use 10.0.0.0/8 for large enterprise designs โ€” it gives you maximum flexibility. Avoid 192.168.1.0/24 in enterprise contexts (it clashes with home routers and creates VPN headaches).

The Mental Model That Makes It Stick

Think of an IP address space as a street. /8 is the city. /16 is the neighbourhood. /24 is the street. /28 is a few houses on that street. The prefix length tells you how specific the address is โ€” longer prefix, smaller block, more specific location. This hierarchy is what makes routing work: routers match the longest (most specific) prefix in their table to forward packets efficiently.

๐ŸŽ‰
LEVEL UP!
2
Explorer
๐ŸŒฑ Newcomer Lv.1
0 / 100 XP
0
Read
0
Streak
0
Certs
Daily Challenges