What a Subnet Is
A subnet is a smaller network carved from a larger address block. Devices in the same subnet can communicate directly at Layer 2 without involving a router. Devices in different subnets must send traffic through a router or Layer 3 switch, which checks its routing table and forwards packets to the correct segment. Subnetting lets network operators divide address space logically, control broadcast domains, and enforce security policies between groups of hosts.
The Binary Math Behind Subnet Masks
An IPv4 address is 32 bits. A subnet mask is also 32 bits, with a contiguous block of 1s on the left and 0s on the right. To find the network address of any IP, perform a bitwise AND between the IP address and the subnet mask. The 1 bits in the mask identify the network portion; the 0 bits identify the host portion. For example, the address 192.168.1.130 with mask 255.255.255.128 in binary:
- IP:
11000000.10101000.00000001.10000010 - Mask:
11111111.11111111.11111111.10000000 - AND:
11000000.10101000.00000001.10000000=192.168.1.128
The result, 192.168.1.128, is the network address of the /25 subnet that contains 192.168.1.130. This binary AND operation is what every router and host performs when deciding whether a destination is on the local subnet or needs to be sent to a gateway.
CIDR Notation
Classless Inter-Domain Routing (CIDR) notation writes an address block as an address followed by a slash and the prefix length, such as 192.168.1.0/24. The prefix length is simply the count of 1 bits in the subnet mask. A /24 mask has 24 ones, leaving 8 bits for hosts. A /26 has 26 ones, leaving 6 bits for hosts. CIDR replaced the older classful system (Class A, B, C) that wasted large blocks of address space. With CIDR, any prefix length from /0 to /32 is valid, allowing precise allocation.
Network, Host, and Broadcast Address Derivation
Every IPv4 subnet has three special address roles. The network address is the lowest address in the block — all host bits set to 0. The broadcast address is the highest — all host bits set to 1. Usable host addresses are everything in between. For 192.168.1.0/24: network address is 192.168.1.0, broadcast is 192.168.1.255, and usable hosts are 192.168.1.1 through 192.168.1.254. The formula for usable hosts is 2^(32 - prefix) - 2. The subtracted 2 accounts for network and broadcast. A /31 is a special case defined in RFC 3021 for point-to-point links where both addresses are usable as host addresses.
Common IPv4 Subnet Sizes
| CIDR | Subnet Mask | Total Addresses | Usable Hosts | Typical Use |
|---|---|---|---|---|
/22 | 255.255.252.0 | 1024 | 1022 | Large campus segment |
/23 | 255.255.254.0 | 512 | 510 | Medium office floor |
/24 | 255.255.255.0 | 256 | 254 | Standard LAN segment |
/25 | 255.255.255.128 | 128 | 126 | Half of a /24, guest VLAN |
/26 | 255.255.255.192 | 64 | 62 | Small department or IoT segment |
/27 | 255.255.255.224 | 32 | 30 | Server cluster or DMZ |
/28 | 255.255.255.240 | 16 | 14 | Small management network |
/30 | 255.255.255.252 | 4 | 2 | Router-to-router point-to-point link |
/31 | 255.255.255.254 | 2 | 2 | Point-to-point (RFC 3021) |
/32 | 255.255.255.255 | 1 | 1 (host route) | Loopback, specific host route |
Variable-Length Subnet Masking (VLSM)
Variable-Length Subnet Masking allows different subnets within the same address block to have different prefix lengths. Instead of dividing a /24 into equal /26 pieces, VLSM lets you allocate a /25 for a large user segment, a /27 for servers, a /28 for management, and /30s for router links — all from the same /24. VLSM avoids wasting addresses by right-sizing each subnet. Modern routing protocols (OSPF, EIGRP, BGP) carry subnet mask information alongside prefixes, so routers can handle variable-length subnets correctly. Older classful protocols like RIPv1 did not carry mask information and assumed fixed class boundaries, making VLSM impossible.
Supernetting and Route Aggregation
Supernetting is the reverse of subnetting: combining multiple smaller prefixes into a single larger prefix for routing purposes. A router that has routes to 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 can advertise a single aggregate 192.168.0.0/22 to upstream peers. This reduces the number of routes that propagate through the internet and keeps routing tables smaller. ISPs typically aggregate customer prefixes before announcing them to the global BGP table. Aggregation works cleanly only when the constituent prefixes are contiguous and share a common bit boundary at the aggregate prefix length.
Practical Examples: Home and Enterprise
A typical home router uses 192.168.1.0/24 for all devices, giving 254 usable addresses on one flat segment. A home user with a separate IoT VLAN might add 192.168.2.0/24 for smart devices, keeping them isolated from computers and phones. In an enterprise network, a 10.0.0.0/8 block might be divided by site and function. A branch office could receive 10.10.0.0/16 and further divide it: 10.10.1.0/24 for users, 10.10.2.0/24 for servers, 10.10.3.0/26 for wireless access points, and 10.10.255.252/30 for the WAN uplink. Each segment has a firewall rule set appropriate to its trust level, and inter-segment routing goes through a firewall or Layer 3 switch that enforces policy.
Why Subnetting Matters
- Smaller broadcast domains mean fewer devices process each broadcast packet, reducing noise on busy networks.
- Separation of users, servers, guests, IoT devices, and management traffic enables granular firewall rules.
- VLSM lets organizations allocate exactly the address space each segment needs, reducing waste.
- Clean prefixes simplify routing protocol configuration and route summarization.
- Subnets map naturally to VLANs, making network segmentation straightforward to implement.
Frequently Asked Questions
What does /24 mean?
/24 means the first 24 bits are the network portion of the address. In IPv4, a /24 contains 256 total addresses and usually 254 usable host addresses.
Why do IPv4 subnets lose two addresses?
In most traditional IPv4 subnets, the first address identifies the network and the last address is the broadcast address, leaving the middle addresses for hosts.
Is subnetting only for big networks?
No. Homes, small offices, labs, and VLAN setups all use subnetting when they separate guest Wi-Fi, IoT devices, servers, or management networks.