Subnetting & CIDR
IPv4 Address Structure
An IPv4 address is a 32-bit number typically written as four decimal octets separated by dots — for example, 192.168.10.25. Each octet represents 8 bits, giving values from 0 to 255. The full 32-bit space theoretically supports about 4.3 billion unique addresses, but that pool was effectively exhausted years ago — which is exactly why subnetting and private addressing exist.
Address Classes (Classful Networking)
Before CIDR, IP addresses were divided into fixed classes based on the leading bits of the first octet. Understanding classes helps you recognize IP ranges at a glance.
| Class | First Octet Range | Default Mask | Usage |
|---|---|---|---|
| A | 1 – 126 | 255.0.0.0 (/8) | Large enterprises, ISPs |
| B | 128 – 191 | 255.255.0.0 (/16) | Medium organizations |
| C | 192 – 223 | 255.255.255.0 (/24) | Small networks |
| D | 224 – 239 | N/A | Multicast groups |
| E | 240 – 255 | N/A | Reserved / experimental |
Loopback Range
Private Address Ranges (RFC 1918)
- 10.0.0.0 – 10.255.255.255 (10.0.0.0/8) — large private networks
- 172.16.0.0 – 172.31.255.255 (172.16.0.0/12) — medium private networks
- 192.168.0.0 – 192.168.255.255 (192.168.0.0/16) — home/small office networks
Private addresses are not routable on the public internet. Routers at your ISP drop packets sourced from these ranges, which is why NAT (Network Address Translation) is required for private hosts to access the internet.
What Is Subnetting and Why Does It Matter?
Subnetting is the practice of dividing a large IP network into smaller, more manageable sub-networks called subnets. Instead of giving an entire Class B network to a single organization, you carve it into dozens of smaller pieces aligned to actual team sizes.
The three core reasons for subnetting are:
Conserve IP address space: Allocate only as many addresses as a segment needs, rather than wasting a full class block.
Reduce broadcast domains: Broadcasts are confined to their subnet. Smaller domains mean less noise and better performance on large networks.
Improve security: Subnets create natural boundaries. Firewalls and ACLs can enforce policy between subnets — servers on one subnet can be isolated from workstations on another.
CIDR Notation
Classless Inter-Domain Routing (CIDR) replaced the rigid class system. In CIDR, a prefix length (written after a slash) tells you how many bits belong to the network portion. The remaining bits identify hosts.
Reading CIDR
Subnet Mask Binary Math
A subnet mask is a 32-bit number where every network bit is 1 and every host bit is 0. To find the network address, apply a bitwise AND between the IP and the subnet mask.
IP address: 192.168.10.200
11000000.10101000.00001010.11001000
Subnet mask /26: 255.255.255.192
11111111.11111111.11111111.11000000
Network addr: 192.168.10.192
11000000.10101000.00001010.11000000
Broadcast: 192.168.10.255
11000000.10101000.00001010.11111111
Usable hosts: 192.168.10.193 – 192.168.10.254 (62 hosts)Calculating Key Values
Given a prefix length n, the host portion has (32 – n) bits. Useful formulas:
- Total addresses = 2^(32 - n)
- Usable hosts = 2^(32 - n) - 2 (subtract network address and broadcast)
- Number of subnets from a block = 2^(bits borrowed)
Common Subnet Reference
| CIDR | Subnet Mask | Total Addresses | Usable Hosts | Common Use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | Large ISP / Class A |
| /16 | 255.255.0.0 | 65,536 | 65,534 | Campus / data center |
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN segment |
| /25 | 255.255.255.128 | 128 | 126 | Split /24 into two halves |
| /26 | 255.255.255.192 | 64 | 62 | Small department |
| /27 | 255.255.255.224 | 32 | 30 | Small team or VLAN |
| /28 | 255.255.255.240 | 16 | 14 | Small server cluster |
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point WAN links |
| /32 | 255.255.255.255 | 1 | 0 | Host route / loopback |
Point-to-Point Links
VLSM — Variable Length Subnet Masking
VLSM lets you use different prefix lengths within the same network block. Instead of carving every subnet to the same size, you right-size each one.
VLSM Example
You are given 192.168.1.0/24 and need to allocate subnets for:
- Engineering: 60 hosts → needs /26 (62 usable) → 192.168.1.0/26
- Sales: 28 hosts → needs /27 (30 usable) → 192.168.1.64/27
- Finance: 12 hosts → needs /28 (14 usable) → 192.168.1.96/28
- Management: 5 hosts → needs /29 (6 usable) → 192.168.1.112/29
- WAN link Router1–Router2: 2 hosts → needs /30 → 192.168.1.120/30
VLSM is the foundation of efficient IP design. Without it, every subnet wastes unused addresses even when the next subnet is just one address away.
Introduction to IPv6
IPv6 uses 128-bit addresses, written as eight groups of four hexadecimal digits separated by colons — for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The 128-bit space provides approximately 3.4 × 10^38 unique addresses — effectively unlimited for any foreseeable future.
IPv6 Simplification Rules
- Leading zeros within each group can be omitted: 0db8 → db8
- One consecutive run of all-zero groups can be replaced with :: (used only once per address)
- Loopback: ::1 (equivalent to 127.0.0.1 in IPv4)
- Unspecified: :: (all zeros, equivalent to 0.0.0.0)
IPv6 Address Types
| Type | Prefix | Description |
|---|---|---|
| Global Unicast | 2000::/3 | Publicly routable, similar to IPv4 public addresses |
| Link-Local | fe80::/10 | Automatically assigned, valid only on local link |
| Unique Local | fc00::/7 | Private IPv6 addresses (similar to RFC 1918) |
| Multicast | ff00::/8 | One-to-many delivery |
| Loopback | ::1/128 | Local loopback address |
IPv6 Subnetting