1. Library
  2. Computer Networks
  3. IP Addresses
  4. Network Addressing

Understanding Subnets and CIDR Notation

Updated 8 hours ago

When a packet arrives at your network, the first question it faces isn't "where are you going?" It's "do you belong here?"

Every device needs to know where "here" ends and "there" begins. That boundary is a subnet. And the way we draw that boundary—with startling precision—is CIDR notation.

The Belonging Question

An IP address encodes two pieces of information as one number: identity and membership. Part of the address identifies the network you belong to. The rest identifies you within that network.

Before you can deliver a message to someone's desk, you need to know if they're in your building. Before a router can forward a packet, it needs to know: is this destination local, or do I need to send it somewhere else?

This is what subnetting solves. Not as an abstraction, but as the fundamental mechanism that makes the Internet's 5 billion devices findable.

CIDR: Counting from the Left

In 1993, the Internet was running out of addresses. Not because we'd used 4 billion of them—because we'd wasted 4 billion of them.

The old system had three rigid classes. Need 300 addresses? Take 65,534. Need 1,000? Take 65,534 or 16,777,214. There was no in-between. Networks were dividing a pie with a cleaver.

CIDR (Classless Inter-Domain Routing, pronounced "cider") replaced the cleaver with a laser: count from the left.

An IPv4 address is 32 bits. CIDR notation tells you exactly how many of those bits define the network. The notation 192.168.1.0/24 means "the first 24 bits are the network, the remaining 8 are for hosts."

Convert the subnet mask to binary and count the ones:

255.255.255.0  =  11111111.11111111.11111111.00000000
                  |———————— 24 ones ————————||— 8 zeros —|

Twenty-four consecutive ones. That's your /24.

What the Counting Gives You

The slash number tells you instantly:

  • Network bits: How many bits identify the network
  • Host bits: What's left for individual devices (32 minus network bits)
  • Total addresses: 2 raised to the power of host bits
  • Usable addresses: Total minus two (network address and broadcast address)

For 10.20.4.8/29:

  • 29 network bits, 3 host bits
  • 2³ = 8 total addresses
  • 8 - 2 = 6 usable for devices
  • Range: 10.20.4.8 through 10.20.4.15
  • Usable: 10.20.4.9 through 10.20.4.14

Small subnets are precise. A /30 gives you exactly 4 addresses: network, broadcast, and 2 usable hosts—perfect for a point-to-point link between routers. Nothing wasted.

Large subnets are spacious. A /16 gives you 65,534 usable addresses—enough for a mid-sized company's entire infrastructure.

Notice the pattern in the table below: each time you subtract 1 from the prefix, you double the addresses.

CIDRSubnet MaskTotal IPsUsable Hosts
/32255.255.255.25511 (single host)
/30255.255.255.25242
/29255.255.255.24886
/28255.255.255.2401614
/27255.255.255.2243230
/26255.255.255.1926462
/25255.255.255.128128126
/24255.255.255.0256254
/23255.255.254.0512510
/22255.255.252.01,0241,022
/16255.255.0.065,53665,534
/8255.0.0.016,777,21616,777,214

How Devices Use This

Every device on a network has two pieces of information: its IP address and its subnet mask. Together, these answer the belonging question.

Your computer at 192.168.1.50/24 receives a packet destined for 192.168.1.75. It performs a binary AND operation between each address and the subnet mask:

Your IP:      192.168.1.50  →  192.168.1.0/24
Target IP:    192.168.1.75  →  192.168.1.0/24
Result:       Same network, deliver directly

But for 8.8.8.8:

Your IP:      192.168.1.50  →  192.168.1.0/24
Target IP:    8.8.8.8       →  8.0.0.0/8 (different)
Result:       Different network, send to gateway

This calculation happens billions of times per second, on every networked device. It's how your laptop knows to shout across the room versus passing a message through your router to the wider Internet.

Routers use the same logic. When a packet arrives, the router compares the destination against every route in its table. The most specific match wins—a /28 route beats a /16 for addresses in both ranges. This specificity is why CIDR enables the Internet to scale: routers can aggregate thousands of networks into a single routing entry.

Why You Divide Networks

Subnetting isn't just about math. It's about creating useful boundaries.

Performance: A flat network with 1,000 devices means broadcast traffic reaches everyone. Divide it into ten /26 subnets of ~60 devices each, and broadcasts stay local. Less noise, faster networks.

Security: Put web servers in 10.0.10.0/24, databases in 10.0.20.0/24, employee workstations in 10.0.30.0/24. Firewall rules between subnets limit what can talk to what. When one segment is compromised, the breach is contained.

Cloud infrastructure: AWS VPCs start with a CIDR block like 10.0.0.0/16, then subdivide into smaller subnets across availability zones. Public-facing servers in one subnet, private databases in another, each with distinct routing and security policies.

Efficiency: Give each network segment exactly what it needs. Two routers linking together? /30 with 2 usable IPs. A branch office with 50 devices? /26 with 62 usable IPs. A data center with 500 servers? /23 with 510 usable IPs.

Before CIDR, you'd allocate 65,534 addresses to a network that needed 100. Now you allocate 126 and move on.

A Real Example

You run a company with three offices: New York, London, Tokyo. You've been allocated 192.168.0.0/24—256 addresses.

Without subnetting, everyone shares one network. Broadcasts from New York flood Tokyo. A network issue in London affects everyone. Management is chaos.

With subnetting, you divide the space:

  • New York: 192.168.0.0/26 (62 usable addresses)
  • London: 192.168.0.64/26 (62 usable addresses)
  • Tokyo: 192.168.0.128/26 (62 usable addresses)
  • Reserved: 192.168.0.192/26 (future growth)

Each office is isolated. Routers forward traffic between them. Firewalls control what crosses boundaries. The network reflects the organization's structure because that's how humans think.

CIDR in IPv6

IPv6 has so many addresses that subnetting becomes about hierarchy, not scarcity.

CIDR notation works identically: 2001:db8:1234::/48 means the first 48 bits are the network. But the scale is different:

  • Organizations typically receive /48 allocations
  • Each /48 can be divided into 65,536 /64 subnets
  • Each /64 subnet has 18 quintillion addresses
  • Single devices use /128

You don't subnet IPv6 to conserve addresses. You subnet to create structure—different buildings, different departments, different purposes. The abundance changes the strategy but not the mechanism.

Key Takeaways

  • Subnets define "here" versus "there"—the boundary between local delivery and routing
  • CIDR notation counts bits from the left: /24 means 24 network bits, 8 host bits
  • The calculation is simple: 2^(32 - prefix) total addresses, minus 2 for network and broadcast
  • Devices use binary AND operations with subnet masks to determine if destinations are local
  • Subnetting creates performance, security, and management boundaries that match how networks are actually used
  • IPv6 uses the same notation but with 128 bits, enabling vast hierarchical structures
  • Before CIDR, IP allocation was wasteful and rigid; after CIDR, it's precise and flexible

Frequently Asked Questions About Subnets and CIDR

Sources

Was this page helpful?

😔
🤨
😃
Understanding Subnets and CIDR Notation • Library • Connected