How this works
IPv4 subnetting splits a 32-bit address space into smaller networks by reserving the leftmost N bits as the network identifier and using the remaining 32 − N bits for hosts. The CIDR notation (e.g. 192.168.1.0/24) makes the split explicit: the /24 means the first 24 bits are the network, leaving 8 bits (256 addresses) for hosts. Of those 256, two are reserved — the network address (all-zero host bits) and the broadcast address (all-one host bits) — so /24 gives 254 usable host addresses. The general formula is: total addresses in subnet = 2^(32 − N), usable host count = 2^(32 − N) − 2 (for prefixes /30 and shorter). The /31 and /32 prefixes are special-cased: /31 (RFC 3021) is used for point-to-point links and treats both addresses as usable; /32 is a single host with no usable range.
The subnet mask is the same idea expressed differently: it's a 32-bit number with the leftmost N bits set to 1 and the rest to 0. /24 → 11111111.11111111.11111111.00000000 → 255.255.255.0. /16 → 255.255.0.0. /27 → 255.255.255.224. The wildcard mask is the inverse — used heavily in Cisco access lists and OSPF — and equals 255.255.255.255 minus the subnet mask. /24 wildcard is 0.0.0.255. Once you have the mask, the network address is computed by ANDing the IP with the mask; the broadcast is the network OR'd with the inverted mask; and the host range is everything in between, exclusive.
A few practical points. (1) Smaller prefixes (lower N, e.g. /16) mean more host addresses; larger prefixes (higher N, e.g. /29) mean fewer. /16 = 65,536 addresses, /29 = 8 addresses (6 usable). The trade-off: smaller prefixes are easier to grow into but waste address space; larger prefixes conserve space but limit growth. Plan for 2-3× current need. (2) Common allocations: /24 for a typical office LAN (254 hosts), /27 for a small office (30 hosts), /29 for a point-to-point or small DMZ (6 hosts). Cloud providers (AWS, Azure, GCP) typically allocate /16 or /20 for VPCs, then subdivide into /24s for subnets across availability zones. (3) Private address ranges per RFC 1918: 10.0.0.0/8 (16M addresses), 172.16.0.0/12 (1M addresses), 192.168.0.0/16 (65K addresses) — use these inside corporate networks; routers will not forward them onto the public internet. (4) IPv6 subnetting works on the same principles but uses 128-bit addresses and the standard prefix is /64 for end-network subnets, with a 64-bit interface identifier for the host portion (essentially infinite hosts per subnet — sparseness is the design).
The formula
N is the CIDR prefix length (1-32). All operations are 32-bit unsigned bitwise. The network address is the lowest address in the subnet (host bits all zero). The broadcast address is the highest (host bits all one). Hosts cannot be assigned to either reserved address — they're reserved for routing protocol use. /31 and /32 are special-cased per RFC 3021 and modern usage.
Example calculation
- Compute the subnet for 192.168.10.50/24.
- Mask = 255.255.255.0 (24 ones followed by 8 zeros). Network = 192.168.10.0. Broadcast = 192.168.10.255. Host range = 192.168.10.1 to 192.168.10.254. Total addresses = 256, usable hosts = 254.
- For a smaller subnet 10.0.0.20/27: mask = 255.255.255.224. Network = 10.0.0.0. Broadcast = 10.0.0.31. Range = 10.0.0.1 to 10.0.0.30. Total = 32, usable = 30.
- For a /30 commonly used on point-to-point links — say 172.16.0.4/30: mask = 255.255.255.252. Network = 172.16.0.4. Broadcast = 172.16.0.7. Range = 172.16.0.5 to 172.16.0.6. Just 2 usable hosts (the link endpoints).
Frequently asked questions
Why are two addresses always reserved per subnet?
The all-zero host portion identifies the network itself (used in routing tables and protocol exchanges) and can't be assigned to a host. The all-one host portion is the directed broadcast address — packets sent there reach every host on the subnet — and is reserved for that purpose. RFC 950 (1985) standardised this convention. The single exception in modern practice: /31 subnets (RFC 3021, 2001) for point-to-point links treat both addresses as host-usable since broadcasting on a 2-host link is meaningless. /32 (single host) has no host range at all — it's a host route, not a subnet.
How do I pick the right subnet size for a network?
Start from current host count, multiply by 2-3× for growth headroom, round up to the next power of 2, then add 2 for the reserved addresses, then convert back to a CIDR prefix. For 50 hosts today expecting 100 in a few years: 100 + 2 = 102, next power of 2 is 128 = 2^7, so /25 (32 − 7) gives 128 addresses (126 usable). Don't round up too much — every wasted address is unallocatable to another subnet without renumbering. Common choices: /29 (6 hosts) for tiny segments like a DMZ; /28 (14) for small server racks; /27 (30) for small offices; /26 (62) for medium offices; /25 (126) for departments; /24 (254) for whole-floor LANs; /23 (510) for combined floors; /22 (1022) for buildings.
What's the difference between a subnet mask and a wildcard mask?
They're bitwise inverses. A subnet mask has 1 bits where the network identifier is and 0 bits where the host portion is — used by routing logic to extract the network address from a full IP. A wildcard mask has the inverse: 0 bits where the bits must match (network) and 1 bits where bits can vary (host) — used in Cisco access-list rules and OSPF area declarations to express "match these bits, ignore the rest". /24 has subnet mask 255.255.255.0 and wildcard 0.0.0.255. They convey the same information but routers expect different forms in different commands. Always check which one the syntax requires before you type it.