This page explains how IP subnetting works, what CIDR notation actually means, how to calculate network and broadcast addresses by hand, how VLSM packs multiple sub-networks inside a parent, and why IPv6 doesn't need a broadcast address. If you came here from a search engine looking for a quick answer, scroll to the FAQ section. If you want the full picture, read it through.
You can plug any of the worked examples below directly into the live geeksubnet calculator to verify the numbers.
An IPv4 address is a 32-bit number written as four 8-bit octets separated by dots. The address 192.168.1.42 in binary is:
11000000.10101000.00000001.00101010 192 . 168 . 1 . 42
Each octet is a number from 0 to 255 because 8 bits give 28 = 256 possible values. The full address space is 232 ≈ 4.3 billion unique addresses — which sounded like plenty in 1981 and turned out to be the reason IPv6 exists.
Historically IPv4 addresses were grouped into classes (A, B, C, D, E) based on the leading bits, which fixed the size of the network portion. Classful addressing was abandoned in 1993 in favor of CIDR. Today the only thing left of "class" is a label some calculators still display.
CIDR — Classless Inter-Domain Routing — replaced classful addressing with a flexible prefix length approach. Instead of assuming the network/host split is fixed, you write it explicitly: 192.168.1.0/24 means "the first 24 bits identify the network, the remaining 8 are for hosts".
A /24 has 8 host bits → 28 = 256 total addresses, of which 2 are reserved (network and broadcast), leaving 254 usable host addresses. A /16 has 16 host bits → 65,536 total. A /30 has 2 host bits → 4 total, 2 usable (perfect for point-to-point links between two routers).
The prefix can range from /0 (the entire IPv4 space, used as the default route) up to /32 (a single host).
The subnet mask is the same idea expressed in dotted-decimal: a 32-bit number where leftmost bits are 1 (network) and rightmost are 0 (host). /24 as a mask is 255.255.255.0; /16 is 255.255.0.0; /30 is 255.255.255.252.
To find the network address from any IP and mask, you AND them bit by bit. Take 192.168.1.42 / 255.255.255.0:
IP : 11000000.10101000.00000001.00101010 mask : 11111111.11111111.11111111.00000000 AND : 11000000.10101000.00000001.00000000 → 192.168.1.0
The wildcard mask is the bitwise NOT of the subnet mask. For /24 it's 0.0.0.255. Cisco ACLs use wildcards instead of regular masks, which trips up everyone exactly once.
Inside any subnet, two addresses are reserved:
For 192.168.1.0/24: network = 192.168.1.0, broadcast = 192.168.1.255, usable host range = 192.168.1.1 to 192.168.1.254.
Two important corner cases: a /31 has no broadcast and no network — both addresses are usable for two-hosts point-to-point links (RFC 3021). A /32 identifies a single host with no usable range.
VLSM (Variable Length Subnet Masking) means subnetting with different prefix lengths inside one parent network — the right way to allocate address space without waste.
Suppose you have 10.0.0.0/16 and four departments needing 500, 100, 50 and 25 hosts. Naïvely giving each department a /24 wastes thousands of addresses. With VLSM:
| Department | Hosts needed | Allocated | Range |
|---|---|---|---|
| Engineering | 500 | 10.0.0.0/23 | 10.0.0.1 – 10.0.1.254 (510 usable) |
| Sales | 100 | 10.0.2.0/25 | 10.0.2.1 – 10.0.2.126 (126 usable) |
| Ops | 50 | 10.0.2.128/26 | 10.0.2.129 – 10.0.2.190 (62 usable) |
| Guest WiFi | 25 | 10.0.2.192/27 | 10.0.2.193 – 10.0.2.222 (30 usable) |
Total used: 728 addresses out of 65,536 in the /16. The rest stays free for future growth. Try the worked example in the geeksubnet VLSM solver.
Supernetting is the inverse of subnetting: combining several adjacent networks into a single shorter prefix. Routing protocols love this because it reduces the size of routing tables.
Example: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 all share the prefix 192.168.0.0/22. Advertising one /22 instead of four /24s is what BGP route aggregation does at internet scale.
Aggregation only works when the networks are contiguous and on a power-of-two boundary. 192.168.0.0/24 + 192.168.2.0/24 can't be supernetted because 192.168.1.0/24 is in the middle.
IPv6 is 128 bits instead of 32. Written as eight 16-bit groups in hexadecimal separated by colons: 2001:0db8:85a3:0000:0000:8a2e:0370:7334. Compression rules let you collapse leading zeros and replace one run of zero groups with ::: 2001:db8:85a3::8a2e:370:7334.
IPv6 has no broadcast — multicast handles all one-to-many delivery. The address space is 2128 ≈ 3.4 × 1038, big enough that wasting a /64 per LAN is the norm rather than the exception.
Common prefix scopes:
::1/128 — loopback (the IPv6 equivalent of 127.0.0.1)fe80::/10 — link-local, auto-configured per interface, never routedfc00::/7 — unique local addresses (private, like RFC1918 in v4)ff00::/8 — multicast2000::/3 — global unicast, routable on the public internet| CIDR | Mask | Total | Usable | Typical use |
|---|---|---|---|---|
| /30 | 255.255.255.252 | 4 | 2 | point-to-point links |
| /29 | 255.255.255.248 | 8 | 6 | tiny subnet, lab, mgmt |
| /28 | 255.255.255.240 | 16 | 14 | small office segment |
| /27 | 255.255.255.224 | 32 | 30 | small VLAN |
| /26 | 255.255.255.192 | 64 | 62 | medium VLAN |
| /25 | 255.255.255.128 | 128 | 126 | half a /24 |
| /24 | 255.255.255.0 | 256 | 254 | "the classic LAN" |
| /23 | 255.255.254.0 | 512 | 510 | large department |
| /22 | 255.255.252.0 | 1024 | 1022 | building / floor |
| /16 | 255.255.0.0 | 65536 | 65534 | "a class B" |
| /8 | 255.0.0.0 | 16777216 | 16777214 | "a class A" |
It means the first 24 bits of the 32-bit address identify the network, leaving 8 bits for hosts. A /24 has 256 addresses, of which 254 are usable (network and broadcast are reserved).
Take the network address and set every host bit to 1. For 192.168.1.0/24, the host bits are the last 8 — set them all to 1 and you get 192.168.1.255.
A /30 gives you 4 addresses with 2 usable hosts plus network and broadcast. A /31 gives 2 addresses with both usable per RFC 3021, designed specifically for two-host point-to-point links to save addresses.
A /22 has 10 host bits → 1024 total addresses. Subtract 2 (network + broadcast) = 1022 usable hosts.
255.255.255.224. The 224 in the last octet is binary 11100000 — the leading three 1s are part of the network prefix that extends past the third octet boundary.
RFC 1918 defines three private IPv4 ranges that are never routed on the public internet: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They're used for internal networks behind NAT.
Classless Inter-Domain Routing. It's the system that replaced classful IP allocation in 1993, letting prefixes be any length from /0 to /32 instead of fixed at /8, /16, or /24.
The entire 127.0.0.0/8 block is reserved for loopback. By convention everyone uses 127.0.0.1, but any address in that range refers to the local host.
VLSM lets you subdivide a network into pieces of different sizes. Use it whenever your subnets need different host counts — e.g. a 500-host department and a 4-router point-to-point link shouldn't both consume a /24.
Find the longest prefix length that's still common to all networks. 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 all share the first 22 bits, so they aggregate to 192.168.0.0/22. The networks must be contiguous and aligned to a power-of-two boundary.
No. IPv6 dropped broadcast entirely. One-to-many delivery is handled by multicast (ff00::/8), which is more efficient because hosts only process traffic for groups they've joined.
It's the link-local block (169.254.0.0/16). Hosts auto-configure a 169.254 address when DHCP fails. Seeing one usually means: your DHCP server is unreachable, or the network cable is unplugged, or the WiFi associated but couldn't get a lease.
It represents the entire IPv4 address space — the "default route" in routing tables. A packet matched by 0.0.0.0/0 is sent toward the upstream gateway when no more specific route exists.