Subnetting Explained: CIDR and Network Masks

Why Subnetting Exists

In the early days of the internet, IP addresses were assigned in fixed classes. Class A networks had millions of addresses, Class B had thousands, and Class C had 254. This rigid system wasted enormous numbers of addresses because organizations received far more than they needed. Subnetting was developed to divide these large address blocks into smaller, more manageable pieces that matched actual network requirements.

Today, subnetting is a fundamental networking skill used to segment networks for performance, security, and organizational purposes. A company might subnet its network to separate departments, isolate guest traffic from internal systems, or create dedicated segments for servers, VoIP phones, and wireless devices. Each subnet operates as its own broadcast domain, reducing unnecessary traffic across the larger network.

Understanding Subnet Masks

A subnet mask is a 32-bit number that divides an IP address into two parts: the network portion and the host portion. In binary, a subnet mask is a continuous string of 1s followed by a continuous string of 0s. The 1s mark the network bits and the 0s mark the host bits. The common subnet mask 255.255.255.0 is 11111111.11111111.11111111.00000000 in binary, with 24 network bits and 8 host bits.

To determine which network an IP address belongs to, perform a bitwise AND operation between the IP address and the subnet mask. For example, the address 192.168.10.50 with a mask of 255.255.255.0 yields the network address 192.168.10.0. Any address from 192.168.10.1 to 192.168.10.254 belongs to this same subnet, with 192.168.10.255 reserved as the broadcast address.

CIDR Notation

Classless Inter-Domain Routing (CIDR) notation provides a compact way to express an IP address and its associated subnet mask. Instead of writing the full mask, you append a slash followed by the number of network bits. The address 192.168.10.0/24 means the first 24 bits are the network portion, which is equivalent to the mask 255.255.255.0.

CIDR notation makes it easy to quickly understand the size of a network. Common CIDR values and their subnet masks include:

  • /8 (255.0.0.0) provides 16,777,214 host addresses, used for very large networks
  • /16 (255.255.0.0) provides 65,534 host addresses, common for mid-size organizations
  • /24 (255.255.255.0) provides 254 host addresses, the standard small network size
  • /28 (255.255.255.240) provides 14 host addresses, useful for small server segments
  • /30 (255.255.255.252) provides 2 host addresses, typically used for point-to-point links

Calculating Subnets

To subnet a network, you borrow bits from the host portion and reassign them to the network portion. Each additional network bit doubles the number of subnets but halves the number of hosts per subnet. Starting with a /24 network and borrowing 2 bits creates a /26, giving you 4 subnets with 62 usable hosts each instead of 1 subnet with 254 hosts.

The formula for usable hosts per subnet is 2 raised to the power of the remaining host bits, minus 2. You subtract 2 because the first address in any subnet is the network address and the last is the broadcast address, neither of which can be assigned to a device. A /26 has 6 host bits, so 2 to the 6th power is 64, minus 2 gives 62 usable addresses.

Practical Network Planning

When designing a network, start by listing each segment and the number of devices it needs to support. Add room for growth, typically 50 to 100 percent more addresses than currently needed. Then select the smallest subnet size that accommodates each segment. This approach, called Variable Length Subnet Masking (VLSM), uses address space efficiently by assigning different-sized subnets where needed.

For example, a small office might need a /24 for general workstations (up to 254 devices), a /28 for servers (up to 14 devices), a /28 for management interfaces, and a /30 for the uplink to the internet router. This design uses addresses efficiently while maintaining clear network segmentation and allowing room for future expansion in each segment.

Common Subnetting Mistakes

One frequent error is forgetting to subtract the network and broadcast addresses from the usable count, leading to insufficient addresses when the network fills up. Another is not leaving enough growth room in each subnet. Expanding a subnet later often means renumbering devices, which is disruptive and time-consuming.

Overlapping subnets are another pitfall. If two subnets share any addresses, routing problems and connectivity issues arise. Always verify that your planned subnets do not overlap by checking that the address ranges are completely separate. A subnet calculator can verify your math, display usable host ranges, and catch overlaps before they cause problems in production.

Related Articles

IP Address Formats: Binary, Decimal, and Hex Network Ports Explained: Common Ports Guide What Is an IP Address? Public vs Private