This page explains how IP subnetting works, what CIDR notation actually means, how to calculate network and broadcast addresses by hand, how VLSM packs multiple sub-networks inside a parent, why IPv6 doesn't need a broadcast address, how MAC addresses become EUI-64 IPv6 interface IDs, and how MTU and TCP MSS interact with tunnel overhead. If you came here from a search engine looking for a quick answer, scroll to the FAQ section. If you want the full picture, read it through.
You can plug any of the worked examples below directly into the live geeksubnet calculator to verify the numbers. For focused, example-heavy walkthroughs of individual topics, see the networking guides.
An IPv4 address is a 32-bit number written as four 8-bit octets separated by dots. The address 192.168.1.42 in binary is:
11000000.10101000.00000001.00101010 192 . 168 . 1 . 42
Each octet is a number from 0 to 255 because 8 bits give 28 = 256 possible values. The full address space is 232 ≈ 4.3 billion unique addresses — which sounded like plenty in 1981 and turned out to be the reason IPv6 exists.
Historically IPv4 addresses were grouped into classes (A, B, C, D, E) based on the leading bits, which fixed the size of the network portion. Classful addressing was abandoned in 1993 in favor of CIDR. Today the only thing left of "class" is a label some calculators still display.
CIDR — Classless Inter-Domain Routing — replaced classful addressing with a flexible prefix length approach. Instead of assuming the network/host split is fixed, you write it explicitly: 192.168.1.0/24 means "the first 24 bits identify the network, the remaining 8 are for hosts".
A /24 has 8 host bits → 28 = 256 total addresses, of which 2 are reserved (network and broadcast), leaving 254 usable host addresses. A /16 has 16 host bits → 65,536 total. A /30 has 2 host bits → 4 total, 2 usable (perfect for point-to-point links between two routers).
The prefix can range from /0 (the entire IPv4 space, used as the default route) up to /32 (a single host).
Going the other direction is just as common: I need at least N usable hosts — what's the smallest prefix that fits? The math is 2(32−N) − 2 ≥ hosts, solved for N. For 50 hosts you want a /26 (62 usable); for 254 a /24 (254 usable); for 1022 a /22 (1022 usable). It's the calculation you do every time you size a new VLAN.
The subnet mask is the same idea expressed in dotted-decimal: a 32-bit number where leftmost bits are 1 (network) and rightmost are 0 (host). /24 as a mask is 255.255.255.0; /16 is 255.255.0.0; /30 is 255.255.255.252.
To find the network address from any IP and mask, you AND them bit by bit. Take 192.168.1.42 / 255.255.255.0:
IP : 11000000.10101000.00000001.00101010 mask : 11111111.11111111.11111111.00000000 AND : 11000000.10101000.00000001.00000000 → 192.168.1.0
The wildcard mask is the bitwise NOT of the subnet mask. For /24 it's 0.0.0.255. Cisco ACLs use wildcards instead of regular masks, which trips up everyone exactly once.
Inside any subnet, two addresses are reserved:
For 192.168.1.0/24: network = 192.168.1.0, broadcast = 192.168.1.255, usable host range = 192.168.1.1 to 192.168.1.254.
Two important corner cases: a /31 has no broadcast and no network — both addresses are usable for two-hosts point-to-point links (RFC 3021). A /32 identifies a single host with no usable range.
Membership testing — does this IP belong to that subnet? — is the same operation in reverse. AND the candidate IP with the netmask; if the result equals the network address, the IP is inside. That's how a router decides whether the destination of a packet is on a directly connected interface or has to be forwarded.
VLSM (Variable Length Subnet Masking) means subnetting with different prefix lengths inside one parent network — the right way to allocate address space without waste.
Suppose you have 10.0.0.0/16 and four departments needing 500, 100, 50 and 25 hosts. Naïvely giving each department a /24 wastes thousands of addresses. With VLSM:
| Department | Hosts needed | Allocated | Range |
|---|---|---|---|
| Engineering | 500 | 10.0.0.0/23 | 10.0.0.1 – 10.0.1.254 (510 usable) |
| Sales | 100 | 10.0.2.0/25 | 10.0.2.1 – 10.0.2.126 (126 usable) |
| Ops | 50 | 10.0.2.128/26 | 10.0.2.129 – 10.0.2.190 (62 usable) |
| Guest WiFi | 25 | 10.0.2.192/27 | 10.0.2.193 – 10.0.2.222 (30 usable) |
Total used: 728 addresses out of 65,536 in the /16. The rest stays free for future growth. Try the worked example in the geeksubnet VLSM solver.
Supernetting is the inverse of subnetting: combining several adjacent networks into a single shorter prefix. Routing protocols love this because it reduces the size of routing tables.
Example: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 all share the prefix 192.168.0.0/22. Advertising one /22 instead of four /24s is what BGP route aggregation does at internet scale.
Aggregation only works when the networks are contiguous and on a power-of-two boundary. 192.168.0.0/24 + 192.168.2.0/24 can't be supernetted because 192.168.1.0/24 is in the middle.
The opposite question — I have an arbitrary IP range like 10.0.0.5 through 10.0.0.42, what's the minimum list of CIDRs that covers exactly those addresses? — comes up constantly when writing firewall rules, ACLs or BGP prefix lists. Because CIDRs must align to power-of-2 boundaries and span a power-of-2 size, an irregular range almost always needs several blocks. The 38-address range above breaks into seven: /32 + /31 + /29 + /28 + /29 + /31 + /32. The greedy algorithm is: at each step, pick the largest block aligned to the current start that doesn't overshoot the end, then advance.
IPv6 is 128 bits instead of 32. Written as eight 16-bit groups in hexadecimal separated by colons: 2001:0db8:85a3:0000:0000:8a2e:0370:7334. Compression rules let you collapse leading zeros and replace one run of zero groups with ::: 2001:db8:85a3::8a2e:370:7334.
IPv6 has no broadcast — multicast handles all one-to-many delivery. The address space is 2128 ≈ 3.4 × 1038, big enough that wasting a /64 per LAN is the norm rather than the exception.
Common prefix scopes:
::1/128 — loopback (the IPv6 equivalent of 127.0.0.1)fe80::/10 — link-local, auto-configured per interface, never routedfc00::/7 — unique local addresses (private, like RFC1918 in v4)ff00::/8 — multicast2000::/3 — global unicast, routable on the public internetA common way to auto-assign an IPv6 address is SLAAC (Stateless Address Autoconfiguration): the host derives its 64-bit interface ID from its 48-bit MAC using the EUI-64 algorithm.
Take a MAC like B8:27:EB:01:02:03. The first 24 bits, B8:27:EB, are the OUI assigned by IEEE to the manufacturer (in this case Raspberry Pi Foundation; you can look up any OUI in the IEEE MA-L registry). To make the EUI-64:
B8 becomes BA.FFFE in the middle: BA:27:EB:FF:FE:01:02:03.Combined with the link-local prefix fe80::/64, the resulting address is fe80::ba27:ebff:fe01:0203. Modern operating systems prefer privacy extensions (RFC 4941) over EUI-64 to avoid leaking the MAC, but EUI-64 is still the canonical derivation and what link-local addresses default to in many embedded stacks.
The MTU (Maximum Transmission Unit) is the largest L2 frame your link can carry. Standard Ethernet is 1500 bytes; jumbo frames push it to 9000.
But not all of that MTU is payload — each layer of headers takes its share:
So a 1500-byte Ethernet frame carrying IPv4 + TCP gives you 1500 − 20 − 20 = 1460 bytes of TCP payload. This is the MSS (Maximum Segment Size) — the value each peer advertises in its TCP SYN, telling the other side "don't send me segments bigger than this".
Tunneling and encapsulation eat further bytes off the top:
| Layer | Overhead | Notes |
|---|---|---|
| VLAN tag (802.1Q) | +4 B | per tag; Q-in-Q is 8 |
| PPPoE | +8 B | typical DSL |
| GRE | +24 B | plus inner IP |
| IPsec ESP | +50–60 B | varies by cipher and ICV size |
| WireGuard | +60 B | fixed |
| VXLAN over IPv4/UDP | +50 B | data-center fabric |
Mismatched MTU between segments is a common cause of "TCP works for small requests, hangs on large ones" — large packets get fragmented or, worse, silently dropped when they hit a link with PMTUD broken. The classic fix is MSS clamping: rewrite the MSS in the SYN to tunnel-MTU − 40 so neither peer sends segments that would exceed the path.
| CIDR | Mask | Total | Usable | Typical use |
|---|---|---|---|---|
| /30 | 255.255.255.252 | 4 | 2 | point-to-point links |
| /29 | 255.255.255.248 | 8 | 6 | tiny subnet, lab, mgmt |
| /28 | 255.255.255.240 | 16 | 14 | small office segment |
| /27 | 255.255.255.224 | 32 | 30 | small VLAN |
| /26 | 255.255.255.192 | 64 | 62 | medium VLAN |
| /25 | 255.255.255.128 | 128 | 126 | half a /24 |
| /24 | 255.255.255.0 | 256 | 254 | "the classic LAN" |
| /23 | 255.255.254.0 | 512 | 510 | large department |
| /22 | 255.255.252.0 | 1024 | 1022 | building / floor |
| /16 | 255.255.0.0 | 65536 | 65534 | "a class B" |
| /8 | 255.0.0.0 | 16777216 | 16777214 | "a class A" |
It means the first 24 bits of the 32-bit address identify the network, leaving 8 bits for hosts. A /24 has 256 addresses, of which 254 are usable (network and broadcast are reserved).
Take the network address and set every host bit to 1. For 192.168.1.0/24, the host bits are the last 8 — set them all to 1 and you get 192.168.1.255.
A /30 gives you 4 addresses with 2 usable hosts plus network and broadcast. A /31 gives 2 addresses with both usable per RFC 3021, designed specifically for two-host point-to-point links to save addresses.
A /22 has 10 host bits → 1024 total addresses. Subtract 2 (network + broadcast) = 1022 usable hosts.
255.255.255.224. The 224 in the last octet is binary 11100000 — the leading three 1s are part of the network prefix that extends past the third octet boundary.
RFC 1918 defines three private IPv4 ranges that are never routed on the public internet: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They're used for internal networks behind NAT.
Classless Inter-Domain Routing. It's the system that replaced classful IP allocation in 1993, letting prefixes be any length from /0 to /32 instead of fixed at /8, /16, or /24.
The entire 127.0.0.0/8 block is reserved for loopback. By convention everyone uses 127.0.0.1, but any address in that range refers to the local host.
VLSM lets you subdivide a network into pieces of different sizes. Use it whenever your subnets need different host counts — e.g. a 500-host department and a 4-router point-to-point link shouldn't both consume a /24.
Find the longest prefix length that's still common to all networks. 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 all share the first 22 bits, so they aggregate to 192.168.0.0/22. The networks must be contiguous and aligned to a power-of-two boundary.
No. IPv6 dropped broadcast entirely. One-to-many delivery is handled by multicast (ff00::/8), which is more efficient because hosts only process traffic for groups they've joined.
It's the link-local block (169.254.0.0/16). Hosts auto-configure a 169.254 address when DHCP fails. Seeing one usually means: your DHCP server is unreachable, or the network cable is unplugged, or the WiFi associated but couldn't get a lease.
It represents the entire IPv4 address space — the "default route" in routing tables. A packet matched by 0.0.0.0/0 is sent toward the upstream gateway when no more specific route exists.
AND the IP with the subnet mask. If the result equals the network address, the IP is inside. 192.168.1.42 AND 255.255.255.0 = 192.168.1.0, which matches the network — so the IP belongs to 192.168.1.0/24. The same operation is what every host does to decide whether a destination is on the local link or has to go through the default gateway.
Greedily pick the largest CIDR block aligned to the current start address that doesn't overshoot the end, then advance. The example breaks into seven blocks: /32 + /31 + /29 + /28 + /29 + /31 + /32, totalling exactly 38 addresses. This is the conversion you need when expressing a non-aligned range in a firewall rule, an ACL, or a BGP prefix list — most ranges from the real world are not power-of-two aligned.
EUI-64 turns a 48-bit MAC into a 64-bit IPv6 interface identifier. Take the MAC, flip the U/L bit (the second-from-lowest bit of the first byte), and insert FFFE in the middle. B8:27:EB:01:02:03 → flip → BA:27:EB:01:02:03 → insert → BA:27:EB:FF:FE:01:02:03, written as ba27:ebff:fe01:0203. Combined with fe80::/64 you get the link-local IPv6 address. Privacy extensions (RFC 4941) replace this on most modern OSes to avoid leaking the MAC.
1500 − 20 (IPv4 header) − 20 (TCP header) = 1460 bytes. Over IPv6 the IP header is 40 bytes, so the MSS drops to 1440. If you're inside a tunnel, subtract the tunnel header too — VPN configs often need MSS clamping (e.g. PPPoE → 1452, IPsec → 1380–1410, WireGuard → 1380) to avoid PMTUD black holes where large packets get silently dropped.
The IANA service-name and port-number registry is the authoritative source. Most-asked: HTTP=80 (TCP), HTTPS=443 (TCP/UDP for QUIC), SSH=22 (TCP), DNS=53 (UDP and TCP), SMTP=25/465/587, IMAP=143/993, POP3=110/995, RDP=3389 (TCP/UDP), MySQL=3306, PostgreSQL=5432, Redis=6379. Ports 0–1023 are the "well-known" range; 1024–49151 are registered to specific services; 49152–65535 are dynamic / ephemeral, picked by the OS for outbound connections.
Try the calculator → Networking guides → ← back to geeksubnet