Why subnets
IPv4 uses 32-bit addresses; IPv6 uses 128 bits. A network is divided into blocks (subnets) to:
- isolate broadcast domains (broadcast-domain)
- control routing (route aggregation)
- apply security policies (firewall at the subnet boundary)
- allocate addresses to different organizations or departments
Bits and addresses
An address splits into two parts: network prefix + host part.
Example 192.168.1.42/24:
/24= first 24 bits = network =192.168.1.0- remaining 8 bits = host =
42
192.168.1.42 -> 11000000.10101000.00000001.00101010
/24 mask 11111111.11111111.11111111.00000000
network 11000000.10101000.00000001.00000000 = 192.168.1.0
host 00101010 = 42
Common subnet sizes
| CIDR | Mask | Addresses | Usable | Use case |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16M | 16M-2 | large corporate, public block |
| /16 | 255.255.0.0 | 65 536 | 65 534 | data center, VPN |
| /24 | 255.255.255.0 | 256 | 254 | standard LAN |
| /29 | 255.255.255.248 | 8 | 6 | small office / few servers |
| /30 | 255.255.255.252 | 4 | 2 | point-to-point links |
| /31 | 255.255.255.254 | 2 | 2 | p2p (RFC 3021, no broadcast) |
| /32 | 255.255.255.255 | 1 | 1 | host route, loopback |
The "-2" in the usable column accounts for two reserved addresses: the network address (all host bits set to 0) and the broadcast address (all host bits set to 1).
Why -2 (network + broadcast)
The network address (192.168.1.0) identifies the subnet and is never assigned to
a host. The broadcast address (192.168.1.255) is used to reach all hosts in the
subnet and is also never assigned.
A /24 has 256 addresses, leaving 254 usable (.1 through .254). Typically .1
is the gateway and .255 is the broadcast address.
One prefix, one L2 segment
Hosts sharing the same [[ipv4-addressing|IP prefix]] can communicate at L2 directly (via [[arp|ARP]]). Hosts with different prefixes must go through the [[default-gateway|gateway]], even if they are on the same physical cable.
This is a common source of mysterious bugs: two hosts in 192.168.1.0/24 and
192.168.1.128/25 are on the same physical network, but host .50 (in /24)
thinks .200 is on its subnet, while .200 (in /25) has a different network mask.
They cannot communicate.
VLSM: variable-length subnets
In the old classful model, network sizes were fixed: A=/8, B=/16, C=/24. VLSM (Variable Length Subnet Mask) and CIDR allow any prefix length.
Example: you are given 10.0.0.0/16 (65,536 addresses). You divide it:
10.0.0.0/24- office 1 (254 hosts)10.0.1.0/24- office 210.0.10.0/24- DMZ10.0.20.0/24- VPN pool10.0.100.0/30- p2p link to ISP 110.0.100.4/30- p2p link to ISP 2
All of these summarize back to 10.0.0.0/16 for external advertisement
(one route instead of six).
Mental arithmetic
A mask /N means (32-N) host bits, which gives 2^(32-N) addresses.
| /N | host bits | addresses | usable |
|---|---|---|---|
| /30 | 2 | 4 | 2 |
| /29 | 3 | 8 | 6 |
| /28 | 4 | 16 | 14 |
| /27 | 5 | 32 | 30 |
| /26 | 6 | 64 | 62 |
| /25 | 7 | 128 | 126 |
| /24 | 8 | 256 | 254 |
For /N where (32-N) % 8 != 0 (for example /27), the last-octet step is
256 / 2^(32-N) = 256 / 32 = 8: /27 subnets increment by 8:
.0, .32, .64, .96, .128, .160, .192, .224.
Special RFC 1918 blocks (private)
10.0.0.0/8172.16.0.0/12(= 172.16.0.0 - 172.31.255.255)192.168.0.0/16
These are not routed on the public internet and are used behind NAT.
Also notable:
127.0.0.0/8- loopback169.254.0.0/16- link-local (when no DHCP is available)224.0.0.0/4- multicast100.64.0.0/10- CGNAT (carrier-grade NAT, mobile operators)
IPv6 subnetting
The same principle applies, with different bit counts. The standard allocation is /64 per LAN. Organizations receive /48; ISPs typically assign customers /56-/60. IPv6 subnets do not count usable hosts: 2^64 addresses is always sufficient.
Troubleshooting
- Cannot ping a host on the same network. Check the masks on both hosts; they may not match.
- "Network full" on a /29. Only 6 usable addresses. Move up to /28 or /27.
- Duplicate routes. Check aggregation: you may be able to advertise a /16 instead of 256 /24s.
- DHCP pool exhausted. Check subnet size with
ipcalc. A /24 may be too small; consider a /23.