Subnet masks and CIDR notation are fundamental to IP networking. Whether you are designing a cloud VPC, configuring a home router, or preparing for a networking exam, understanding how subnet masks divide IP addresses into network and host portions is essential. This guide covers everything from binary basics to a complete CIDR reference table.
1. What Is a Subnet Mask?
A subnet mask is a 32-bit number that separates an IP address into a network portion and a host portion. The network bits are set to 1, and the host bits are set to 0.
Binary breakdown of 255.255.255.0:
255 . 255 . 255 . 0
11111111.11111111.11111111.00000000
|-------- Network --------|- Host-|
24 bits 8 bitsThe subnet mask is applied via a bitwise AND operation with the IP address. The result is the network address. Bits set to 1 in the mask identify the network; bits set to 0 identify host addresses within that network.
Example: IP 192.168.1.100 with mask 255.255.255.0
IP Address: 192.168.1.100 = 11000000.10101000.00000001.01100100
Subnet Mask: 255.255.255.0 = 11111111.11111111.11111111.00000000
─────────────────────────────────────────────────────
Network (AND): 192.168.1.0 = 11000000.10101000.00000001.00000000
Broadcast: 192.168.1.255 = 11000000.10101000.00000001.11111111
Host Range: 192.168.1.1 — 192.168.1.254 (254 usable hosts)2. CIDR Notation: /24, /16, /8
CIDR (Classless Inter-Domain Routing) notation appends a slash and the number of network bits to the IP address. It replaced the old classful addressing system (Class A, B, C) in 1993.
/24/24 = 255.255.255.0 — 24 network bits, 8 host bits, 254 usable hosts/16/16 = 255.255.0.0 — 16 network bits, 16 host bits, 65,534 usable hosts/8/8 = 255.0.0.0 — 8 network bits, 24 host bits, 16,777,214 usable hostsThe /number indicates how many leading bits of the 32-bit address are the network prefix. The remaining bits are for host addresses.
192.168.1.0/24
│ │
│ └── 24 network bits (slash notation)
└── Network prefix
Binary view:
11000000.10101000.00000001 . 00000000
|---- 24 network bits ----| |8 host |3. Complete CIDR Reference Table: /8 to /32
This table shows every CIDR prefix from /8 to /32 with the corresponding subnet mask, wildcard mask, total addresses, and usable host count.
| CIDR | Subnet Mask | Wildcard | Total IPs | Usable Hosts | Typical Use |
|---|---|---|---|---|---|
/8 | 255.0.0.0 | 0.255.255.255 | 16,777,216 | 16,777,214 | Class A |
/9 | 255.128.0.0 | 0.127.255.255 | 8,388,608 | 8,388,606 | |
/10 | 255.192.0.0 | 0.63.255.255 | 4,194,304 | 4,194,302 | |
/11 | 255.224.0.0 | 0.31.255.255 | 2,097,152 | 2,097,150 | |
/12 | 255.240.0.0 | 0.15.255.255 | 1,048,576 | 1,048,574 | 172.16.0.0/12 |
/13 | 255.248.0.0 | 0.7.255.255 | 524,288 | 524,286 | |
/14 | 255.252.0.0 | 0.3.255.255 | 262,144 | 262,142 | |
/15 | 255.254.0.0 | 0.1.255.255 | 131,072 | 131,070 | |
/16 | 255.255.0.0 | 0.0.255.255 | 65,536 | 65,534 | Class B / VPC |
/17 | 255.255.128.0 | 0.0.127.255 | 32,768 | 32,766 | |
/18 | 255.255.192.0 | 0.0.63.255 | 16,384 | 16,382 | |
/19 | 255.255.224.0 | 0.0.31.255 | 8,192 | 8,190 | |
/20 | 255.255.240.0 | 0.0.15.255 | 4,096 | 4,094 | Large subnet |
/21 | 255.255.248.0 | 0.0.7.255 | 2,048 | 2,046 | |
/22 | 255.255.252.0 | 0.0.3.255 | 1,024 | 1,022 | |
/23 | 255.255.254.0 | 0.0.1.255 | 512 | 510 | Small office |
/24 | 255.255.255.0 | 0.0.0.255 | 256 | 254 | Class C / LAN |
/25 | 255.255.255.128 | 0.0.0.127 | 128 | 126 | |
/26 | 255.255.255.192 | 0.0.0.63 | 64 | 62 | |
/27 | 255.255.255.224 | 0.0.0.31 | 32 | 30 | Small segment |
/28 | 255.255.255.240 | 0.0.0.15 | 16 | 14 | Tiny subnet |
/29 | 255.255.255.248 | 0.0.0.7 | 8 | 6 | Point-to-point |
/30 | 255.255.255.252 | 0.0.0.3 | 4 | 2 | Router link |
/31 | 255.255.255.254 | 0.0.0.1 | 2 | 2* | RFC 3021 P2P |
/32 | 255.255.255.255 | 0.0.0.0 | 1 | 1* | Host route |
* /31 uses both addresses per RFC 3021 (point-to-point). /32 is a single host route.
4. How Subnetting Works
An IPv4 address is 32 bits. The subnet mask determines which bits belong to the network and which to the host. Visualizing this in binary makes it clear:
Example: 172.16.10.0/20
IP: 10101100.00010000.00001010.00000000
Mask: 11111111.11111111.11110000.00000000
|---- Network bits (1s in mask) ----|--- Host bits (0s in mask) ---|
|<-------- 20 bits -------->|<- 12 bits ->|
Network: 172.16.0.0 (host bits all 0)
Broadcast: 172.16.15.255 (host bits all 1)
Range: 172.16.0.1 — 172.16.15.254
Hosts: 2^12 - 2 = 4,094Key rules:
- The first address (all host bits = 0) is the network address.
- The last address (all host bits = 1) is the broadcast address.
- Usable hosts = 2^(host bits) - 2 (subtract network and broadcast).
- For /31 and /32, special rules apply (point-to-point links and single hosts).
5. Calculating Subnets: Step-by-Step
Given 10.0.0.0/22, find the network details:
10.0.0.0/22
Binary mask: 11111111.11111111.11111100.00000000 = 255.255.252.0
Wildcard: 00000000.00000000.00000011.11111111 = 0.0.3.255
Network: 10.0.0.0
First host: 10.0.0.1
Last host: 10.0.3.254
Broadcast: 10.0.3.255
Total: 1,024 addresses
Usable: 1,022 hosts6. Private IP Ranges (RFC 1918)
These three IP ranges are reserved for private networks and are not routable on the public internet:
10.0.0.0/810.0.0.0/8 — 16,777,216 addresses — Large enterprise networks172.16.0.0/12172.16.0.0/12 — 1,048,576 addresses — Medium networks192.168.0.0/16192.168.0.0/16 — 65,536 addresses — Home and small office networksAdditionally, 169.254.0.0/16 is used for link-local (APIPA) and 127.0.0.0/8 is the loopback range.
Private Ranges (RFC 1918):
┌─────────────────┬───────────────────────────┬──────────────┐
│ 10.0.0.0/8 │ 10.0.0.0 – 10.255.255.255│ 16,777,216 │
│ 172.16.0.0/12 │ 172.16.0.0 – 172.31.255.255│ 1,048,576 │
│ 192.168.0.0/16 │ 192.168.0.0 – 192.168.255.255│ 65,536 │
└─────────────────┴───────────────────────────┴──────────────┘
Other reserved:
127.0.0.0/8 Loopback
169.254.0.0/16 Link-local (APIPA)
100.64.0.0/10 Carrier-grade NAT (RFC 6598)7. Common Subnets in Practice
Different environments use different subnet sizes:
/24/24 (256 IPs) — Home networks: Most routers default to 192.168.1.0/24/23/23 (512 IPs) — Small office: When a single /24 is not enough/16/16 (65,536 IPs) — Cloud VPC: AWS, GCP, and Azure default VPC sizes/30/30 (4 IPs) or /31 (2 IPs) — Point-to-point links between routers/32/32 (1 IP) — Single host route, used in firewalls and routing tablesK8s/12 or /16 — Kubernetes pod and service CIDR ranges# AWS VPC example
VPC: 10.0.0.0/16 (65,536 IPs)
├── Public-1a: 10.0.1.0/24 (256 IPs)
├── Public-1b: 10.0.2.0/24 (256 IPs)
├── Private-1a: 10.0.10.0/24 (256 IPs)
├── Private-1b: 10.0.11.0/24 (256 IPs)
├── DB-1a: 10.0.20.0/24 (256 IPs)
└── DB-1b: 10.0.21.0/24 (256 IPs)
# Kubernetes (default)
Pod CIDR: 10.244.0.0/16
Service CIDR: 10.96.0.0/128. IPv6 CIDR Basics
IPv6 addresses are 128 bits long, giving vastly larger address spaces. CIDR notation works the same way:
/64/64 — Standard subnet size. 2^64 host addresses per subnet (the most common assignment)./48/48 — Typical site allocation. Contains 65,536 /64 subnets./128/128 — Single host address (equivalent to IPv4 /32)./32/32 — ISP allocation. Contains 4 billion /64 subnets.Unlike IPv4, IPv6 does not use broadcast addresses. The /64 boundary is significant because Stateless Address Autoconfiguration (SLAAC) requires it.
IPv6 Address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334/64
|---- 64-bit Network Prefix ----|---- 64-bit Interface ID ----|
2001:0db8:85a3:0000 :0000:8a2e:0370:7334
Common allocations:
/32 → ISP allocation (65,536 × /48 sites)
/48 → Site allocation (65,536 × /64 subnets)
/64 → Single subnet (18,446,744,073,709,551,616 hosts)
/128 → Single host (loopback, host routes)9. Supernetting (Route Aggregation)
Supernetting combines multiple smaller subnets into a single larger prefix to reduce routing table entries. This is also called route summarization or aggregation.
Example: Combining four /24 networks into one /22:
Before (4 routes):
192.168.0.0/24 → 192.168.0.0 – 192.168.0.255
192.168.1.0/24 → 192.168.1.0 – 192.168.1.255
192.168.2.0/24 → 192.168.2.0 – 192.168.2.255
192.168.3.0/24 → 192.168.3.0 – 192.168.3.255
After (1 route):
192.168.0.0/22 → 192.168.0.0 – 192.168.3.255
Binary proof:
192.168.0.0 = 11000000.10101000.000000|00.00000000
192.168.1.0 = 11000000.10101000.000000|01.00000000
192.168.2.0 = 11000000.10101000.000000|10.00000000
192.168.3.0 = 11000000.10101000.000000|11.00000000
^^^^^^
22 common bits → /22Benefits: Smaller routing tables, faster lookups, reduced BGP announcements, and simpler ACLs.
Rule: Subnets must be contiguous and aligned to the supernet boundary. You cannot aggregate 192.168.1.0/24 and 192.168.5.0/24 into a single prefix.
10. Subnet Calculation Tools
These tools help you calculate subnets quickly:
ipcalc — CLI tool for Linux. Install with apt install ipcalc. Shows network, broadcast, host range, and wildcard.
sipcalc — Advanced CLI tool with IPv6 support. Install with apt install sipcalc.
Online calculators — Our IP Calculator tool lets you compute subnets directly in the browser.
Python ipaddress module — Built-in library for subnet math in scripts.
# ipcalc example
$ ipcalc 192.168.1.0/24
Address: 192.168.1.0 11000000.10101000.00000001. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
Network: 192.168.1.0/24
HostMin: 192.168.1.1
HostMax: 192.168.1.254
Broadcast: 192.168.1.255
Hosts/Net: 254
# Python ipaddress
import ipaddress
net = ipaddress.ip_network('10.0.0.0/22')
print(net.network_address) # 10.0.0.0
print(net.broadcast_address) # 10.0.3.255
print(net.num_addresses) # 1024
print(list(net.subnets())) # [10.0.0.0/23, 10.0.2.0/23]Try our IP Calculator tool
IP Calculator →FAQ
What is the difference between a subnet mask and CIDR notation?
They represent the same information in different formats. A subnet mask like 255.255.255.0 is equivalent to /24 in CIDR notation. CIDR is more compact and is the modern standard.
How many usable hosts are in a /24 subnet?
A /24 subnet has 256 total addresses (2^8). Subtract the network address and broadcast address, leaving 254 usable host addresses.
What does /32 mean?
A /32 represents a single IP address with no host bits. It is used in routing tables, firewall rules, and ACLs to specify an exact host.
Can I subnet a /24 into smaller subnets?
Yes. A /24 can be split into two /25s (126 hosts each), four /26s (62 hosts each), eight /27s (30 hosts each), and so on. Each additional bit doubles the number of subnets while halving the hosts.
What is a wildcard mask?
A wildcard mask is the inverse of a subnet mask. For 255.255.255.0, the wildcard is 0.0.0.255. Wildcard masks are used in Cisco ACLs and OSPF configurations to match IP address ranges.
Why do cloud providers recommend /16 for VPCs?
A /16 provides 65,534 usable IPs, which is enough to accommodate multiple subnets for different availability zones, services, and future growth without renumbering. AWS, GCP, and Azure all recommend /16 as the default VPC size.