IP Subnetting Explained — CIDR, VLSM, and IP Addressing Complete Guide

What Is IP Addressing?

Every device connected to a network needs a unique identifier — an IP address. Think of it as a postal address for your computer. Without it, data has no idea where to go.

An IPv4 address is a 32-bit number, written as four groups of decimal numbers separated by dots. Each group is called an octet because it represents 8 bits.

Example: 192.168.1.100

Binary:  11000000.10101000.00000001.01100100

Each octet can range from 0 to 255 (since 8 bits can represent 2^8 = 256 values). That gives IPv4 a total address space of 2^32 = 4,294,967,296 addresses — roughly 4.3 billion. That sounds like a lot, but it ran out years ago.

IPv4 Address Classes

In the early days of networking, IP addresses were divided into classes. This is called classful addressing.

| Class | First Octet Range | Default Mask | Network/Host Split | Purpose | |-------|--------------------|--------------------|---------------------|------------------------| | A | 1 – 126 | 255.0.0.0 (/8) | 8 net / 24 host | Large networks | | B | 128 – 191 | 255.255.0.0 (/16) | 16 net / 16 host | Medium networks | | C | 192 – 223 | 255.255.255.0 (/24) | 24 net / 8 host | Small networks | | D | 224 – 239 | — | — | Multicast | | E | 240 – 255 | — | — | Reserved/Experimental |

Note: 127.0.0.0/8 is reserved for loopback (localhost). That is why Class A starts at 1 and skips 127.

Class A gives you 16,777,214 usable hosts per network — way more than any single organization needs. Class C gives you only 254 hosts — too few for many businesses. This inflexibility is exactly why classful addressing was eventually replaced.

Private vs Public IP Ranges

Not all IP addresses are routable on the public internet. Three ranges are reserved for private networks (defined in RFC 1918):

| Class | Private Range | CIDR Notation | Number of Addresses | |-------|--------------------------------|-----------------|---------------------| | A | 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | | B | 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | | C | 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | 65,536 |

If you have ever connected to a home Wi-Fi network and seen an address like 192.168.1.x or 10.0.0.x, you were using a private IP. Your router performs NAT (Network Address Translation) to map your private address to a public one when communicating with the internet.

Public IPs are globally unique and assigned by regional authorities (ARIN, RIPE, APNIC, etc.). Private IPs can be reused across millions of networks without conflict because they never appear on the public internet.

What Is Subnetting?

Subnetting is the process of dividing a large network into smaller, more manageable pieces called subnets (short for sub-networks).

Imagine you have been assigned the network 10.0.0.0/8. That is over 16 million addresses in one flat network. Every broadcast would hit every single device. Performance would be terrible. Security would be nonexistent. Troubleshooting would be a nightmare.

Subnetting solves all of these problems.

Why We Need Subnetting

1. Reduced broadcast traffic — Broadcasts stay within their subnet instead of flooding the entire network.
2. Improved security — You can isolate departments (HR, Engineering, Finance) into separate subnets and control traffic between them with firewalls and ACLs.
3. Better organization — Assign logical address blocks to floors, buildings, or departments.
4. Efficient IP usage — Allocate only the number of addresses each segment actually needs, instead of wasting huge blocks.
5. Easier troubleshooting — When a problem occurs, you can narrow it down to a specific subnet.

How Subnetting Works

Every IP address has two parts:

• Network portion — Identifies which network the device belongs to.
• Host portion — Identifies the specific device within that network.

The subnet mask tells you where the split happens.

IP Address:   192.168.1.100
Subnet Mask:  255.255.255.0

Binary IP:    11000000.10101000.00000001.01100100
Binary Mask:  11111111.11111111.11111111.00000000
              |-------- Network --------|- Host -|

The 1s in the mask mark the network portion. The 0s mark the host portion. Subnetting works by "borrowing" bits from the host portion and reassigning them to the network portion, creating more subnets with fewer hosts each.

Subnet Mask Explained

A subnet mask is always a contiguous sequence of 1s followed by a contiguous sequence of 0s. You will never see a valid mask like 255.0.255.0 because the 1s and 0s would be mixed.

Here is how to read a subnet mask:

255.255.255.0   = 11111111.11111111.11111111.00000000 → 24 network bits, 8 host bits
255.255.0.0     = 11111111.11111111.00000000.00000000 → 16 network bits, 16 host bits
255.255.255.128 = 11111111.11111111.11111111.10000000 → 25 network bits, 7 host bits

The key formulas:

• Number of subnets = 2^(borrowed bits)
• Number of hosts per subnet = 2^(host bits) - 2

Why minus 2? Because the first address in every subnet is the network address (identifies the subnet itself) and the last address is the broadcast address (sends packets to all hosts in the subnet). Neither can be assigned to a device.

CIDR Notation

CIDR (Classless Inter-Domain Routing) was introduced in 1993 to replace the rigid classful system. Instead of being locked into /8, /16, or /24 boundaries, CIDR lets you define any prefix length from /0 to /32.

The notation is simple: an IP address followed by a slash and the number of network bits.

192.168.1.0/24   → 24 network bits → 256 addresses → 254 usable hosts
10.0.0.0/20      → 20 network bits → 4,096 addresses → 4,094 usable hosts
172.16.0.0/28    → 28 network bits → 16 addresses → 14 usable hosts

Why Classful Addressing Was Replaced

Under classful addressing, if your company needed 500 hosts:

• Class C (/24) gives you 254 hosts — too small.
• Class B (/16) gives you 65,534 hosts — way too big.

You would be forced to take a Class B, wasting over 65,000 addresses. Multiply this by thousands of organizations worldwide and you can see why IPv4 addresses ran out.

CIDR solved this. Need 500 hosts? Use a /23 (512 addresses, 510 usable). Need 2,000 hosts? Use a /21 (2,048 addresses, 2,046 usable). No waste.

CIDR also enabled route aggregation (supernetting), where multiple small networks can be advertised as a single route, shrinking global routing tables.

Subnetting Step by Step

Let us walk through subnetting a /24 network into smaller subnets.

Example: Subnet 192.168.1.0/24 into 4 Equal Subnets

Step 1: Determine how many bits to borrow.

We need 4 subnets. Since 2^2 = 4, we borrow 2 bits from the host portion.

Step 2: Calculate the new prefix length.

Original prefix: /24. Borrowed bits: 2. New prefix: /26.

Step 3: Calculate the new subnet mask.

/26 = 11111111.11111111.11111111.11000000 = 255.255.255.192

Step 4: Calculate the block size.

Block size = 2^(host bits) = 2^6 = 64. Each subnet contains 64 addresses.

Step 5: List all subnets.

| Subnet | Network Address | First Usable | Last Usable | Broadcast Address | Usable Hosts | |--------|------------------|------------------|------------------|-------------------|--------------| | 1 | 192.168.1.0 | 192.168.1.1 | 192.168.1.62 | 192.168.1.63 | 62 | | 2 | 192.168.1.64 | 192.168.1.65 | 192.168.1.126 | 192.168.1.127 | 62 | | 3 | 192.168.1.128 | 192.168.1.129 | 192.168.1.190 | 192.168.1.191 | 62 | | 4 | 192.168.1.192 | 192.168.1.193 | 192.168.1.254 | 192.168.1.255 | 62 |

Each subnet has 62 usable host addresses (64 total minus 2 for network and broadcast).

Example: Subnet 10.1.0.0/16 into 8 Subnets

Step 1: 8 subnets → 2^3 = 8 → borrow 3 bits.

Step 2: /16 + 3 = /19.

Step 3: /19 = 255.255.224.0.

Step 4: Host bits = 32 - 19 = 13 → Block size = 2^13 = 8,192 addresses per subnet.

Step 5: Usable hosts per subnet = 8,192 - 2 = 8,190.

| Subnet | Network Address | Broadcast Address | Usable Range | |--------|-----------------|-------------------|-------------------------------| | 1 | 10.1.0.0/19 | 10.1.31.255 | 10.1.0.1 – 10.1.31.254 | | 2 | 10.1.32.0/19 | 10.1.63.255 | 10.1.32.1 – 10.1.63.254 | | 3 | 10.1.64.0/19 | 10.1.95.255 | 10.1.64.1 – 10.1.95.254 | | 4 | 10.1.96.0/19 | 10.1.127.255 | 10.1.96.1 – 10.1.127.254 | | 5 | 10.1.128.0/19 | 10.1.159.255 | 10.1.128.1 – 10.1.159.254 | | 6 | 10.1.160.0/19 | 10.1.191.255 | 10.1.160.1 – 10.1.191.254 | | 7 | 10.1.192.0/19 | 10.1.223.255 | 10.1.192.1 – 10.1.223.254 | | 8 | 10.1.224.0/19 | 10.1.255.255 | 10.1.224.1 – 10.1.255.254 |

VLSM — Variable Length Subnet Masking

With standard subnetting, every subnet is the same size. But real networks rarely have equal needs. Your server room might need 10 addresses while your employee LAN needs 200.

VLSM lets you use different prefix lengths for different subnets within the same network. This eliminates waste by right-sizing each subnet.

VLSM Example

Your company has the network 172.16.0.0/24 (256 addresses) and needs to create subnets for:

• Sales: 100 hosts
• Engineering: 50 hosts
• Management: 25 hosts
• Point-to-point link: 2 hosts

Rule: Always allocate the largest subnet first to avoid fragmentation.

Step 1: Sales — 100 hosts

Next power of 2 >= 102 (100 hosts + network + broadcast) = 128 → 7 host bits → /25

Subnet: 172.16.0.0/25
Range:  172.16.0.1 – 172.16.0.126
Broadcast: 172.16.0.127
Usable hosts: 126

Step 2: Engineering — 50 hosts

Next power of 2 >= 52 = 64 → 6 host bits → /26

Subnet: 172.16.0.128/26
Range:  172.16.0.129 – 172.16.0.190
Broadcast: 172.16.0.191
Usable hosts: 62

Step 3: Management — 25 hosts

Next power of 2 >= 27 = 32 → 5 host bits → /27

Subnet: 172.16.0.192/27
Range:  172.16.0.193 – 172.16.0.222
Broadcast: 172.16.0.223
Usable hosts: 30

Step 4: Point-to-point link — 2 hosts

Next power of 2 >= 4 = 4 → 2 host bits → /30

Subnet: 172.16.0.224/30
Range:  172.16.0.225 – 172.16.0.226
Broadcast: 172.16.0.227
Usable hosts: 2

Summary:

| Subnet | Purpose | Usable Hosts | Addresses Used | Wasted | |----------------|---------------|--------------|----------------|--------| | 172.16.0.0/25 | Sales | 126 | 128 | 26 | | 172.16.0.128/26| Engineering | 62 | 64 | 12 | | 172.16.0.192/27| Management | 30 | 32 | 5 | | 172.16.0.224/30| Point-to-point| 2 | 4 | 0 |

Total addresses used: 228 out of 256. Remaining: 28 addresses (172.16.0.228 – 172.16.0.255) available for future use.

Without VLSM, we would have needed equal-sized /26 subnets (4 subnets of 62 hosts each), and Sales would not have had enough addresses.

Subnetting Cheat Sheet

This is the table you will reference most often. Bookmark it.

IPv4 Subnet Reference Table

| CIDR | Subnet Mask | Wildcard Mask | Total Addresses | Usable Hosts | Number of /24s | |------|---------------------|---------------------|-----------------|---------------|----------------| | /32 | 255.255.255.255 | 0.0.0.0 | 1 | 1* | 1/256 | | /31 | 255.255.255.254 | 0.0.0.1 | 2 | 2* | 1/128 | | /30 | 255.255.255.252 | 0.0.0.3 | 4 | 2 | 1/64 | | /29 | 255.255.255.248 | 0.0.0.7 | 8 | 6 | 1/32 | | /28 | 255.255.255.240 | 0.0.0.15 | 16 | 14 | 1/16 | | /27 | 255.255.255.224 | 0.0.0.31 | 32 | 30 | 1/8 | | /26 | 255.255.255.192 | 0.0.0.63 | 64 | 62 | 1/4 | | /25 | 255.255.255.128 | 0.0.0.127 | 128 | 126 | 1/2 | | /24 | 255.255.255.0 | 0.0.0.255 | 256 | 254 | 1 | | /23 | 255.255.254.0 | 0.0.1.255 | 512 | 510 | 2 | | /22 | 255.255.252.0 | 0.0.3.255 | 1,024 | 1,022 | 4 | | /21 | 255.255.248.0 | 0.0.7.255 | 2,048 | 2,046 | 8 | | /20 | 255.255.240.0 | 0.0.15.255 | 4,096 | 4,094 | 16 | | /19 | 255.255.224.0 | 0.0.31.255 | 8,192 | 8,190 | 32 | | /18 | 255.255.192.0 | 0.0.63.255 | 16,384 | 16,382 | 64 | | /17 | 255.255.128.0 | 0.0.127.255 | 32,768 | 32,766 | 128 | | /16 | 255.255.0.0 | 0.0.255.255 | 65,536 | 65,534 | 256 | | /15 | 255.254.0.0 | 0.1.255.255 | 131,072 | 131,070 | 512 | | /14 | 255.252.0.0 | 0.3.255.255 | 262,144 | 262,142 | 1,024 | | /13 | 255.248.0.0 | 0.7.255.255 | 524,288 | 524,286 | 2,048 | | /12 | 255.240.0.0 | 0.15.255.255 | 1,048,576 | 1,048,574 | 4,096 | | /11 | 255.224.0.0 | 0.31.255.255 | 2,097,152 | 2,097,150 | 8,192 | | /10 | 255.192.0.0 | 0.63.255.255 | 4,194,304 | 4,194,302 | 16,384 | | /9 | 255.128.0.0 | 0.127.255.255 | 8,388,608 | 8,388,606 | 32,768 | | /8 | 255.0.0.0 | 0.255.255.255 | 16,777,216 | 16,777,214 | 65,536 |

/32 is a host route (single address). /31 is a special case used for point-to-point links (RFC 3021) where no broadcast address is needed.

Quick Mental Math

• /24 = 256 addresses, 254 hosts (the "standard" subnet)
• Every bit you add to the prefix halves the number of addresses
• Every bit you remove from the prefix doubles the number of addresses
• /30 = 4 addresses, 2 hosts (used for router-to-router links)

Common Subnet Calculations

Given an IP address and subnet mask, you should be able to calculate five things:

1. Network address — The first address in the subnet (all host bits set to 0)
2. Broadcast address — The last address in the subnet (all host bits set to 1)
3. First usable host — Network address + 1
4. Last usable host — Broadcast address - 1
5. Number of usable hosts — 2^(host bits) - 2

Worked Example: 192.168.10.75/26

Step 1: Find the block size.

/26 means 32 - 26 = 6 host bits. Block size = 2^6 = 64.

Step 2: Find the network address.

Divide the fourth octet by the block size: 75 / 64 = 1 remainder 11.

The subnet starts at: 1 x 64 = 64. Network address: 192.168.10.64

Step 3: Find the broadcast address.

Next subnet starts at 64 + 64 = 128. Broadcast = 128 - 1 = 127. Broadcast address: 192.168.10.127

Step 4: Determine the usable range.

Network address:   192.168.10.64
First usable host: 192.168.10.65
Last usable host:  192.168.10.126
Broadcast address: 192.168.10.127
Usable hosts:      62

Worked Example: 10.50.140.200/21

This one crosses octet boundaries, which trips up many beginners.

Step 1: /21 means 32 - 21 = 11 host bits. Block size = 2^11 = 2,048.

Since 2,048 = 8 x 256, the block size in the third octet is 8.

Step 2: Find the network address.

Third octet: 140 / 8 = 17 remainder 4. Subnet starts at: 17 x 8 = 136.

Network address: 10.50.136.0

Step 3: Find the broadcast address.

Next subnet starts at third octet 136 + 8 = 144. Broadcast: 10.50.143.255

Step 4: Usable range.

Network address:   10.50.136.0
First usable host: 10.50.136.1
Last usable host:  10.50.143.254
Broadcast address: 10.50.143.255
Usable hosts:      2,046

Worked Example: Using Binary (The Foolproof Method)

For any subnetting problem, converting to binary always works. Let us solve 172.16.45.130/20.

IP in binary:   10101100.00010000.00101101.10000010
Mask (/20):     11111111.11111111.11110000.00000000

Network address: AND the IP with the mask (keep bits where mask is 1, zero out where mask is 0):

IP:             10101100.00010000.00101101.10000010
Mask:           11111111.11111111.11110000.00000000
Network (AND):  10101100.00010000.00100000.00000000 = 172.16.32.0

Broadcast address: Set all host bits (where mask is 0) to 1:

Broadcast:      10101100.00010000.00101111.11111111 = 172.16.47.255

Result:

Network address:   172.16.32.0
First usable host: 172.16.32.1
Last usable host:  172.16.47.254
Broadcast address: 172.16.47.255
Usable hosts:      4,094

IPv6 Subnetting Basics

IPv6 addresses are 128 bits long, written as eight groups of four hexadecimal digits:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

The subnetting concept is the same as IPv4 — a prefix defines the network portion, and the rest identifies the host. But the scale is vastly different.

Key Differences from IPv4

| Feature | IPv4 | IPv6 | |-----------------------|-------------------------|---------------------------------------| | Address size | 32 bits | 128 bits | | Total addresses | ~4.3 billion | ~340 undecillion (3.4 x 10^38) | | Standard subnet | /24 (254 hosts) | /64 (2^64 hosts per subnet) | | Notation | Dotted decimal | Colon-separated hexadecimal | | Broadcast | Yes | No (uses multicast instead) |

Standard IPv6 Allocation

The typical allocation model for IPv6:

• ISP receives a /32 from a Regional Internet Registry
• Organization receives a /48 from the ISP (65,536 subnets)
• Each subnet is a /64 (standard for all LANs)

2001:db8:abcd:0001::/64
|--- 48 bits ---|16|--- 64 bits for host (Interface ID) ---|
   Global Routing  Subnet
     Prefix         ID

With a /48, an organization gets 65,536 /64 subnets. Each /64 subnet supports 2^64 host addresses — more than enough for any LAN. In practice, you will never run out.

Because the address space is so enormous, there is no need for NAT in IPv6. Every device can have a globally unique public address.

Practical Subnetting Problems

These are the types of questions you will encounter in real-world planning, job interviews, and certification exams like CCNA.

Problem 1: "Your company has 200 hosts. What subnet do you need?"

Solution:

You need at least 200 usable hosts. Add 2 for network and broadcast: 202.

Find the smallest power of 2 that is >= 202: 256 (2^8). That means 8 host bits.

Prefix length: 32 - 8 = /24. Subnet mask: 255.255.255.0.

Usable hosts: 256 - 2 = 254. This gives you 54 spare addresses for growth.

Problem 2: "Subnet 192.168.5.0/24 to support 6 departments of 30 hosts each."

Solution:

Each department needs at least 30 hosts. 30 + 2 = 32 → 2^5 = 32 → 5 host bits → /27.

A /27 gives 32 addresses (30 usable) per subnet. From a /24 you get 256 / 32 = 8 subnets — enough for 6 departments with 2 spare.

| Department | Subnet | Usable Range | |------------|--------------------|---------------------------------| | Dept 1 | 192.168.5.0/27 | 192.168.5.1 – 192.168.5.30 | | Dept 2 | 192.168.5.32/27 | 192.168.5.33 – 192.168.5.62 | | Dept 3 | 192.168.5.64/27 | 192.168.5.65 – 192.168.5.94 | | Dept 4 | 192.168.5.96/27 | 192.168.5.97 – 192.168.5.126 | | Dept 5 | 192.168.5.128/27 | 192.168.5.129 – 192.168.5.158 | | Dept 6 | 192.168.5.160/27 | 192.168.5.161 – 192.168.5.190 | | Reserved | 192.168.5.192/27 | 192.168.5.193 – 192.168.5.222 | | Reserved | 192.168.5.224/27 | 192.168.5.225 – 192.168.5.254 |

Problem 3: "What subnet contains the host 10.20.77.200/22?"

Solution:

/22 → 32 - 22 = 10 host bits → Block size = 2^10 = 1,024.

In the third octet, block size = 1,024 / 256 = 4.

Third octet: 77 / 4 = 19 remainder 1 → Subnet starts at 19 x 4 = 76.

Network address:   10.20.76.0/22
Broadcast address: 10.20.79.255
Usable range:      10.20.76.1 – 10.20.79.254
Usable hosts:      1,022

The host 10.20.77.200 falls within the 10.20.76.0/22 subnet.

Problem 4: "How many /28 subnets can you get from a /24?"

Solution:

A /24 has 256 addresses. A /28 has 2^(32-28) = 16 addresses.

256 / 16 = 16 subnets.

Each /28 supports 14 usable hosts.

Problem 5: VLSM Design Challenge

"Design a network using 192.168.100.0/24 for: HQ (120 hosts), Branch A (60 hosts), Branch B (28 hosts), and 2 point-to-point WAN links."

Solution (largest first):

| Segment | Required | CIDR | Subnet | Usable Range | Hosts | |-----------------|----------|------|---------------------|------------------------------------|-------| | HQ | 120 | /25 | 192.168.100.0/25 | 192.168.100.1 – .126 | 126 | | Branch A | 60 | /26 | 192.168.100.128/26 | 192.168.100.129 – .190 | 62 | | Branch B | 28 | /27 | 192.168.100.192/27 | 192.168.100.193 – .222 | 30 | | WAN Link 1 | 2 | /30 | 192.168.100.224/30 | 192.168.100.225 – .226 | 2 | | WAN Link 2 | 2 | /30 | 192.168.100.228/30 | 192.168.100.229 – .230 | 2 |

Addresses used: 128 + 64 + 32 + 4 + 4 = 232 out of 256. Remaining: 24 addresses for future growth.

Quick Reference: Subnetting Formulas

Here is everything you need to solve any subnetting problem:

Number of subnets        = 2^(bits borrowed)
Number of hosts/subnet   = 2^(host bits) - 2
Host bits                = 32 - prefix length
Block size               = 2^(host bits)
Network address          = First address in the block (host bits all 0)
Broadcast address        = Last address in the block (host bits all 1)
First usable host        = Network address + 1
Last usable host         = Broadcast address - 1
Wildcard mask            = 255.255.255.255 - subnet mask

Powers of 2 (Memorize These)

2^1  = 2       2^5  = 32      2^9  = 512
2^2  = 4       2^6  = 64      2^10 = 1,024
2^3  = 8       2^7  = 128     2^11 = 2,048
2^4  = 16      2^8  = 256     2^12 = 4,096

Try It Yourself

Practice makes perfect with subnetting. Use our Subnet Calculator and other networking tools to verify your calculations and build confidence before your next exam or network design project.

Summary

Subnetting is one of those foundational networking skills that every IT professional, network engineer, and system administrator needs to master. Here is what we covered:

• IP addressing uses 32-bit IPv4 addresses divided into network and host portions
• Classful addressing (A/B/C/D/E) was rigid and wasteful — replaced by CIDR
• CIDR notation allows flexible prefix lengths like /20 or /27 for right-sized subnets
• Subnetting divides large networks into smaller, more efficient segments
• VLSM takes this further by allowing different-sized subnets within the same network
• IPv6 uses 128-bit addresses with /64 as the standard LAN subnet
• The key to subnetting is understanding binary math, block sizes, and the relationship between prefix length and available hosts

The more you practice subnetting by hand, the faster you will get. Start with /24 networks, work up to cross-octet problems, and you will have it mastered in no time.