Your company allocated an IP block 192.168.0.0/22. At first glance, it seems simple: you have 1024 addresses to distribute. But here's the complexity: division A has 200 devices, division B has 500, and division C has only 50. Handing out one large network to everyone means losing control, mixing traffic, and complicating security. You need to divide the block into pieces, each appropriately sized, and manage them separately. That's subnetting.
Subnetting is not magic—it's a practical engineering skill. You need it to efficiently plan address space, isolate traffic between departments, reduce broadcast domains, and implement security policies. Without subnetting, your network grows into chaos. With subnetting, it's structured, scalable, and manageable.
IP Address Structure: Network and Host Portions
Every IPv4 address consists of 32 bits, divided into two logical parts:
Network portion — determines the network itself that the address belongs to. All hosts on the same network share the same network portion.
Host portion — unique identifier for the device within that network. Each device on the network has its own host portion value.
Example: address 192.168.1.42 on network 192.168.1.0/24:
192.168.1 — network portion (/24)
.42 — host portion (8 bits)
How do you divide 32 bits between network and hosts? That's what the subnet mask does.
Subnet Masks: From Decimal to Binary
A subnet mask is a number that indicates how many bits are allocated for the network portion of an address. It's written either in decimal form (dotted decimal) or in CIDR notation.
/24 — CIDR notation. Means: 24 first bits = network, remaining 8 = hosts.
255.255.255.0 — classic decimal format of the same thing. Let's break down why:
255 = 11111111 (8 network bits)
255 = 11111111 (8 network bits)
255 = 11111111 (8 network bits)
0 = 00000000 (8 host bits)
Total: 24 ones + 8 zeros = /24
Each octet (part between dots) is 8 bits. If an octet contains ones, those are network bits. Zeros are host bits. That's why 255 = all eight bits in network, and 0 = all eight in hosts.
CIDR Notation and Standard Masks
CIDR (Classless Inter-Domain Routing) is the modern standard for writing network addresses. Instead of unwieldy notation like 255.255.255.0, we simply write /24.
The most common masks:
| CIDR | Decimal Mask | Usable Hosts | Typical Use |
|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,214 | Entire large corporation |
| /16 | 255.255.0.0 | 65,534 | Division or department |
| /20 | 255.255.240.0 | 4,094 | Large office building |
| /24 | 255.255.255.0 | 254 | LAN, office floor, data center rack |
| /25 | 255.255.255.128 | 126 | Half a /24 |
| /26 | 255.255.255.192 | 62 | Subnet for 50-60 devices |
| /28 | 255.255.255.240 | 14 | Small office, IoT devices |
| /30 | 255.255.255.252 | 2 | Point-to-point link (router-to-router) |
| /32 | 255.255.255.255 | 1 | Single host, loopback address |
Remember the key rule: the higher the CIDR number (for example, /28 instead of /24), the fewer hosts in the network. /24 gives 254 hosts, /28 gives 14. Using a smaller block saves addresses.
Practical Example: Calculating Subnet Mask
Given: network 192.168.10.0/26. Find: network address, broadcast address, usable host range.
Step 1: Understand CIDR
/26 = 26 network bits, 32-26=6 host bits
6 host bits = 2^6 = 64 total addresses in network
Usable hosts = 64 - 2 = 62 (excluding network and broadcast)
Step 2: Find Network Address
The network address is the address with zeros in the host portion. For /26, the step between networks is 256 / 4 = 64. If the start is 192.168.10.0, then this is network 192.168.10.0/26 (next is 192.168.10.64/26).
Network: 192.168.10.0
Step 3: Find Broadcast Address
The broadcast address is the last address in the network (all host bits = 1). For /26 with step 64: broadcast = network + 63.
Broadcast: 192.168.10.63
Step 4: Find Usable Range
First usable host = network address + 1. Last usable = broadcast - 1.
First usable host: 192.168.10.1
Last usable host: 192.168.10.62
Total usable: 62 addresses
Reverse Calculation: Choosing a Mask by Host Count
Common scenario: you need a network with 50 hosts. Which mask should you choose?
Rule: 2^n - 2 ≥ required number of hosts, where n is the number of host bits.
/24: 2^8 - 2 = 254 ✓ (too many, wasteful)
/25: 2^7 - 2 = 126 ✓ (still many)
/26: 2^6 - 2 = 62 ✓ (fits 50 hosts)
/27: 2^5 - 2 = 30 ✗ (too few)
Conclusion: for 50 hosts, use /26 (62 usable addresses).
Private IP Ranges: Internal Networks
Not all IP addresses are routed to the internet. There are three reserved blocks for internal use:
10.0.0.0/8 (10.0.0.0 – 10.255.255.255) — 16 million addresses, the largest private block, used in large corporate networks.
172.16.0.0/12 (172.16.0.0 – 172.31.255.255) — 1 million addresses, popular in cloud infrastructures (AWS, Kubernetes).
192.168.0.0/16 (192.168.0.0 – 192.168.255.255) — 65k addresses, home and small office networks.
These addresses never go to the internet — routers filter them. So you can safely use the same private addresses in different networks without fear of conflicts.
VLSM: Variable Length Subnet Masking
VLSM (Variable Length Subnet Masking) is a technique that allows you to divide one block into subnets of different sizes. Instead of dividing 10.0.0.0/24 into four equal /26 blocks, you can allocate:
10.0.0.0/25 (126 hosts for main department)
10.0.0.128/26 (62 hosts for branch)
10.0.0.192/28 (14 hosts for point-to-point)
This is more efficient than dividing equally, but requires careful planning. Each subblock must be clearly separated from others by boundary addresses.
Common Subnetting Mistakes
Mistake 1: Forget about network and broadcast addresses. If you allocate /26 (64 addresses), that doesn't mean you have 64 hosts. The first address is network, the last is broadcast, neither is assigned to devices. You're left with 62.
Mistake 2: Overcomplicate masks. /23, /22, /19 all work, but they're non-standard. Stick to classic masks (/8, /16, /24, /26, /28, /30) — easier to work with, fewer errors.
Mistake 3: Overlapping subnets. If you assigned 192.168.1.0/25 and 192.168.1.128/25, these blocks don't overlap — good. But if you assigned 192.168.1.0/25 and 192.168.1.64/26, they overlap, routing gets confused.
Mistake 4: Don't plan for growth. You allocated /28 (14 hosts) to a department; in 6 months they need 50. Replanning is stressful. Better to first determine the maximum for 3 years ahead.
Calculation Tools
Calculating by hand on paper is useful practice, but in real work use a calculator. AtomPing provides a free Subnet Calculator — just enter the address and mask, get network, broadcast, and host range.
Alternatives: ipcalc (command line), online calculators like ipaddressguide.com. Most important — verify results before production deployment.
Monitoring Network Issues
Subnetting protects you from address space fragmentation, but not from sudden network failures. If routes collapse and subnet 192.168.10.0/26 becomes inaccessible from other subnets — that's not a subnetting error, that's a routing problem.
AtomPing helps monitor network segments and routers: ICMP checks (ping), TCP checks (port availability), traceroute diagnostics. If you know your network topology and subnet plan, you'll immediately notice when packets start being lost on a segment.
Summary
Subnetting is the art of efficiently dividing IP space. Remember:
• CIDR /X = X bits network, 32-X bits hosts
• Usable hosts = 2^(host_bits) - 2
• Private ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
• Classic masks (/8, /16, /24, /26, /28, /30) — use them
• Plan 3 years ahead, don't allocate tightly
Related Resources
- Subnet Calculator — quick online calculations
- DNS Record Types Explained — related topic: how traffic is routed on the internet
- Traceroute Explained — how to trace packet paths through networks
FAQ
What is subnetting and why do I need it?
Subnetting divides a large IP address range into smaller, manageable pieces called subnets. You need it to efficiently allocate IP addresses, improve network security by isolating traffic, reduce broadcast domains, and implement network segmentation. Without subnetting, you'd waste IP addresses and lose control over your network structure.
What's the difference between subnet mask and CIDR notation?
Subnet mask (e.g., 255.255.255.0) and CIDR notation (e.g., /24) describe the same thing in different formats. The /24 means 24 bits are network, 8 bits are host. Both 255.255.255.0 and /24 are equivalent. CIDR is more compact and easier to work with in modern networking.
How do I calculate how many hosts fit in a subnet?
Subtract the CIDR number from 32 (in IPv4). This gives you host bits. Raise 2 to that power, then subtract 2 (for network and broadcast addresses). For example, /26 means 32-26=6 host bits, so 2^6-2=62 usable hosts. For /30, that's 32-30=2 host bits, so 2^2-2=2 usable hosts.
What are private IP address ranges?
Private IP ranges are reserved for internal use and never routed on the public internet: 10.0.0.0/8 (10.0.0.0 – 10.255.255.255), 172.16.0.0/12 (172.16.0.0 – 172.31.255.255), and 192.168.0.0/16 (192.168.0.0 – 192.168.255.255). They let you build internal networks without fear of conflicts.
What is VLSM and when do I use it?
VLSM (Variable Length Subnet Masking) lets you create subnets of different sizes from the same network. Instead of splitting 192.168.0.0/24 into equal /26 subnets, you could carve out a /28 for a point-to-point link and a /25 for a large LAN. It's more efficient but requires careful planning.
Can I use an IP address or a hostname as a subnet?
No. Never point a subnet mask (or MX record) directly to an IP address — always use a hostname (FQDN). Routers and mail servers need to resolve the hostname to an IP, and hostnames can change IPs without updating all configurations. Using IPs creates a single point of failure.