What subnetting is
Subnetting is the practice of dividing one IP network into smaller, self-contained networks called subnets. Every IPv4 address is 32 bits long, and a subnet mask decides where the address stops describing the network and starts describing individual hosts. Splitting a large block into subnets lets you separate departments, limit broadcast traffic, and apply security boundaries without requesting more address space.
CIDR notation: what "/24" means
Modern networks use CIDR (Classless Inter-Domain Routing) notation, written as an address followed by a slash and a number — the prefix length. That number is simply how many leading bits belong to the network. A /24 means the first 24 bits are the network and the remaining 8 are for hosts, which is the same as the mask 255.255.255.0. A larger prefix (/26, /30) means a smaller subnet with fewer hosts; a smaller prefix (/16, /8) means a bigger one.
How to read the results
- Network address — the first address in the block (all host bits 0). It names the subnet and isn't assigned to a host.
- Netmask — the mask form of the prefix; 1-bits are network, 0-bits are host.
- Wildcard — the inverse of the netmask, used in places like Cisco ACLs and OSPF.
- Broadcast address — the last address (all host bits 1); traffic sent here reaches every host in the subnet.
- First / last host — the usable range you can actually assign to devices.
- Usable hosts — total addresses minus the network and broadcast, i.e.
2^(32 − prefix) − 2.
CIDR cheat sheet
| Prefix | Netmask | Total addresses | Usable hosts |
|---|---|---|---|
| /30 | 255.255.255.252 | 4 | 2 |
| /29 | 255.255.255.248 | 8 | 6 |
| /28 | 255.255.255.240 | 16 | 14 |
| /27 | 255.255.255.224 | 32 | 30 |
| /26 | 255.255.255.192 | 64 | 62 |
| /25 | 255.255.255.128 | 128 | 126 |
| /24 | 255.255.255.0 | 256 | 254 |
| /23 | 255.255.254.0 | 512 | 510 |
| /22 | 255.255.252.0 | 1,024 | 1,022 |
| /16 | 255.255.0.0 | 65,536 | 65,534 |
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 |
The /31 and /32 exceptions
Two prefixes break the "minus 2" rule. A /31 (per RFC 3021) is meant for point-to-point links and treats both of its 2 addresses as usable — there's no separate broadcast. A /32 describes a single host with one address, commonly used for loopbacks and host routes.
Private (RFC 1918) ranges
Three IPv4 ranges are reserved for private networks and never routed on the public internet. You'll recognise them from home and corporate LANs:
10.0.0.0/8— 10.0.0.0 – 10.255.255.255172.16.0.0/12— 172.16.0.0 – 172.31.255.255192.168.0.0/16— 192.168.0.0 – 192.168.255.255