Classless Inter-Domain Routing (CIDR) is the standard method for allocating IP addresses and routing traffic on the internet. Introduced in 1993 (RFC 4632), CIDR replaced the rigid classful addressing system (Class A, B, C) with a flexible, prefix-length-based approach.
In CIDR notation, a network is written as 192.168.1.0/24, where the /24 indicates that the first 24 bits are the network prefix. The remaining 8 bits are used for host addresses. CIDR allows any prefix length from /0 (the entire internet, 0.0.0.0/0) to /32 (a single host address).
| Prefix | Subnet Mask | Addresses | Usable Hosts |
|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 |
| /16 | 255.255.0.0 | 65,536 | 65,534 |
| /24 | 255.255.255.0 | 256 | 254 |
| /25 | 255.255.255.128 | 128 | 126 |
| /26 | 255.255.255.192 | 64 | 62 |
| /28 | 255.255.255.240 | 16 | 14 |
| /30 | 255.255.255.252 | 4 | 2 |
| /32 | 255.255.255.255 | 1 | 1 |
A subnet mask is a 32-bit number that separates the IP address into network and host portions. It works like a filter: where the mask has 1 bits, those bits belong to the network; where it has 0 bits, those bits identify the host.
To find the network address, perform a bitwise AND between the IP address and the subnet mask. For example, with IP 192.168.10.50 and mask 255.255.255.0 (/24):
IP Address: 11000000.10101000.00001010.00110010
Subnet Mask: 11111111.11111111.11111111.00000000
Network Addr: 11000000.10101000.00001010.00000000 = 192.168.10.0The broadcast address is the network address with all host bits set to 1: 192.168.10.255. The first usable host is 192.168.10.1 and the last is 192.168.10.254. These boundaries are critical for routing and network configuration.
The number of available host addresses in a subnet is determined by the formula:
Available Hosts = 2^(host bits) - 2The exponent is 32 - prefix_length. We subtract 2 because the first address (all host bits = 0) is the network identifier and the last address (all host bits = 1) is the broadcast address. Neither can be assigned to a host.
/24 network: 2^8 - 2 = 256 - 2 = 254 hosts
/25 network: 2^7 - 2 = 128 - 2 = 126 hosts
/26 network: 2^6 - 2 = 64 - 2 = 62 hosts
/30 network: 2^2 - 2 = 4 - 2 = 2 hosts (commonly used for point-to-point links)
/31 network: Special case per RFC 3021, allows 2 hosts on a point-to-point link without wasting addresses on network/broadcast.
Before VLSM, networks used Fixed Length Subnet Masking (FLSM), where all subnets within a network had the same size. This was wasteful—a point-to-point WAN link needs only 2 addresses, but FLSM might force you to allocate an entire /24 (254 addresses) for it.
VLSM solves this by allowing different subnets within the same network to have different prefix lengths. This is called subnetting a subnet. The key rule: start with the largest subnets first and work down to the smallest to avoid address overlap.
Imagine you have the network 10.0.0.0/24 and need to accommodate:
1LAN A (100 hosts): Need 2^7 = 128 ≥ 100, so use /25. Subnet: 10.0.0.0/25 (hosts: .1–.126)
2LAN B (50 hosts): Need 2^6 = 64 ≥ 50, so use /26. Subnet: 10.0.0.128/26 (hosts: .129–.190)
3LAN C (25 hosts): Need 2^5 = 32 ≥ 25, so use /27. Subnet: 10.0.0.192/27 (hosts: .193–.222)
4P2P links (2 hosts each): Use /30. Subnets: 10.0.0.224/30, 10.0.0.228/30, 10.0.0.232/30
Without VLSM, you would waste hundreds of addresses. With VLSM, you use exactly 228 of your 254 available addresses—a 90% utilization rate.
Subnetting is not just an academic exercise. It directly impacts network performance, security, and management in real-world environments.
Smaller broadcast domains mean less broadcast traffic. In a flat /16 network with 65,000 hosts, every broadcast packet reaches every device. By subnetting into /24s, you limit broadcast traffic to 254 devices per segment. This reduces CPU load on hosts and improves overall network efficiency.
Subnets create natural security boundaries. You can place servers in one subnet (10.0.1.0/24), workstations in another (10.0.2.0/24), and IoT devices in a third (10.0.3.0/24). Firewall rules and access control lists (ACLs) can then restrict traffic between subnets, containing breaches and limiting lateral movement.
Enterprise networks should plan their address space carefully. Document your subnet allocation scheme, reserve ranges for future growth, and use a consistent numbering convention. Many organizations adopt a scheme where the third octet indicates the function: 10.x.1.0/24 for management, 10.x.2.0/24 for servers, 10.x.10.0/24 for floor 1 workstations, and so on.
Enter any IP address and CIDR prefix to get network details, host ranges, broadcast address, and binary breakdown.
Try Subnet Calculator →A subnet (sub-network) is a logically visible subdivision of an IP network. It allows network administrators to divide a large network into smaller, more efficient segments for better performance, security, and organization.
Use the formula 2^(32 - prefix_length) - 2. For a /24 subnet, that is 2^8 - 2 = 254 available hosts. The -2 accounts for the network address and broadcast address.
CIDR (Classless Inter-Domain Routing) notation expresses a subnet using a prefix length after the IP address, like 192.168.1.0/24. The number after the slash indicates how many bits are used for the network portion.
VLSM (Variable Length Subnet Masking) allows networks to be divided into subnets of different sizes. This is more efficient than fixed-length subnetting because you can allocate exactly the number of addresses each segment needs.
A subnet mask (e.g., 255.255.255.0) uses 1s for network bits and 0s for host bits. A wildcard mask is the inverse (0.0.0.255), used primarily in access control lists (ACLs) on Cisco routers.