Subnetting Deep Dive Intermediate

Subnetting splits one large IP network into several smaller ones. Three reasons drive it. First, broadcast containment: every host in a subnet shares a broadcast domain, and a broadcast frame reaches every device in it — too many hosts means a storm of broadcast traffic that wastes bandwidth and CPU. Splitting the network into smaller subnets keeps each broadcast domain small.

Second, address efficiency: handing a point-to-point link a full /24 (254 hosts) for two routers wastes 252 addresses. Right-sizing subnets recovers that space. Third, security and policy: subnets are natural boundaries where a router or firewall can enforce access-control rules, so finance, guests and servers can be isolated from one another.

A subnet mask is a 32-bit value, written like an IP address, that marks which bits of an address are the network part and which are the host part. Every 1 bit (always on the left, contiguous) belongs to the network; every 0 bit (on the right) belongs to the host.

The classic example 255.255.255.0 means the first three octets identify the network and the last octet identifies the host. So in 192.168.10.0 with mask 255.255.255.0, the network is 192.168.10 and hosts run inside the final octet. Two addresses are on the same subnet only when their network bits — the bits the mask sets to 1 — are identical.

Masks make sense only in binary. Because the 1 bits are contiguous and left-aligned, each octet of a mask can only take one of nine values: 0, 128, 192, 224, 240, 248, 252, 254 or 255. Those correspond to 0–8 leading 1 bits.

For example 255.255.255.192 in binary is 11111111.11111111.11111111.11000000 — twenty-six 1 bits, then six 0 bits. The value 192 is 11000000: 128 + 64. Whenever you see 192 in a mask octet, it is exactly two network bits in that octet.

CIDR (Classless Inter-Domain Routing) notation writes the mask as a slash and the count of network bits: /24 means 24 network bits, which equals 255.255.255.0. This is shorter and class-independent.

Common conversions: /8 = 255.0.0.0, /16 = 255.255.0.0, /24 = 255.255.255.0, /25 = 255.255.255.128, /26 = 255.255.255.192, /27 = 255.255.255.224, /28 = 255.255.255.240, /30 = 255.255.255.252. The prefix length and the dotted mask carry exactly the same information.

The network address is found by a bitwise AND of the IP address with its mask. ANDing keeps a bit only where both the IP and the mask are 1, so it zeroes out every host bit and leaves the network part.

Take 192.168.10.137 with /26 (255.255.255.192). Only the last octet matters here. 137 is 10001001; 192 is 11000000. AND them bit-by-bit: 10000000 = 128. So the network address is 192.168.10.128. The host 137 lives in the .128 subnet.

The broadcast address of a subnet is the network address with every host bit set to 1 — the highest address in the subnet. A frame sent there reaches every host on that subnet.

Continue the /26 example: network 192.168.10.128. The host part is the low 6 bits of the last octet. Setting all six to 1 turns 10000000 (128) into 10111111 = 128 + 63 = 191. So the broadcast is 192.168.10.191. A handy shortcut: broadcast = network + block size − 1, and for /26 the block size is 64, so 128 + 64 − 1 = 191.

The usable host range is every address strictly between the network and broadcast addresses. The network address itself names the subnet and the broadcast address is reserved, so neither can be assigned to a host.

For 192.168.10.128/26: network = .128, broadcast = .191. The first usable host is network + 1 = 192.168.10.129; the last usable host is broadcast − 1 = 192.168.10.190. So hosts .129 through .190 — that is 62 addresses — can be assigned to devices and router interfaces.

If a subnet has h host bits, it contains 2^h total addresses, but two are reserved (network and broadcast), so the count of usable hosts is 2^h − 2.

Worked values: a /24 has 8 host bits → 2^8 − 2 = 254 hosts. A /26 has 6 host bits → 2^6 − 2 = 62 hosts. A /27 has 5 host bits → 2^5 − 2 = 30 hosts. A /28 has 4 host bits → 2^4 − 2 = 14 hosts. A /30 has 2 host bits → 2^2 − 2 = 2 hosts. The host-bit count is always 32 − prefix.

When you borrow n bits from the host part to extend the network part, you create 2^n subnets. The new prefix is the old prefix plus n.

Example: split a /24 by borrowing 2 bits → new prefix /26 and 2^2 = 4 subnets. Borrow 3 bits from a /24 → /27 and 2^3 = 8 subnets. Borrow 4 bits → /28 and 2^4 = 16 subnets. Notice the trade-off: more subnets (bigger n) means fewer hosts each, because every borrowed network bit is a lost host bit. The two formulas balance: subnets 2^n grows while hosts 2^h − 2 shrinks.

Take 192.168.1.0/24 and split it into /26 subnets. Borrow 2 bits → 2^2 = 4 subnets, each with 2^6 − 2 = 62 hosts. The block size is 2^6 = 64, so subnets start at .0, .64, .128, .192.

Subnet 1: network 192.168.1.0, broadcast 192.168.1.63, hosts .1–.62 (62 hosts). Subnet 2: network 192.168.1.64, broadcast 192.168.1.127, hosts .65–.126 (62 hosts). Subnet 3: network 192.168.1.128, broadcast 192.168.1.191, hosts .129–.190 (62 hosts). Subnet 4: network 192.168.1.192, broadcast 192.168.1.255, hosts .193–.254 (62 hosts). Each broadcast = next network − 1; .255 closes the last block.

Class B private space 172.16.0.0/16 can be cut into /20 subnets. /20 borrows 4 bits from the third octet (16 + 4 = 20). The host part is 32 − 20 = 12 bits → 2^12 − 2 = 4094 usable hosts per subnet. The mask is 255.255.240.0 (240 = 11110000).

The block size lives in the third octet: 256 − 240 = 16, so third-octet subnet boundaries step by 16: 0, 16, 32, 48 … For the first subnet 172.16.0.0/20 the broadcast is 172.16.15.255 (third octet runs 0–15, last octet full). First host 172.16.0.1, last host 172.16.15.254. The next subnet starts at 172.16.16.0.

VLSM lets you apply different prefix lengths inside the same parent block, sizing each subnet to its real need instead of forcing one uniform size. The rule: allocate the largest subnet first, then carve smaller ones from what remains, so blocks stay aligned.

Split 192.168.1.0/24 for: Sales 100 hosts, Engineering 50 hosts, Ops 25 hosts, and a router link needing 2 hosts. Sales needs 100 → a /25 (126 hosts): 192.168.1.0/25 (.0–.127). Engineering needs 50 → a /26 (62 hosts) from the rest: 192.168.1.128/26 (.128–.191). Ops needs 25 → a /27 (30 hosts): 192.168.1.192/27 (.192–.223). The link needs 2 → a /30 (2 hosts): 192.168.1.224/30 (.224–.227). Everything fits with room to spare.

Summarisation (a.k.a. supernetting or route aggregation) is the reverse of subnetting: combine several contiguous networks into one shorter-prefix route to shrink routing tables. You find the longest prefix whose bits are common to all the networks.

Example: the four /24s 192.168.0.0, 192.168.1.0, 192.168.2.0, 192.168.3.0. In binary the third octets are 00000000, 00000001, 00000010, 00000011 — the first six bits (000000) are common, the last two vary. So they summarise to 192.168.0.0/22 (24 − 2 borrowed-back bits = 22). One /22 route advertises all four /24s. Summarisation works only when the blocks are contiguous and aligned on the summary boundary.

A wildcard mask is the bitwise inverse of a subnet mask: where the subnet mask has 1, the wildcard has 0, and vice-versa. A wildcard 0 bit means “this bit must match”; a wildcard 1 bit means “don’t care”. They appear in Cisco ACLs and OSPF network statements.

To invert, subtract each mask octet from 255. Subnet mask 255.255.255.0 → wildcard 0.0.0.255. Mask 255.255.255.192 (/26) → wildcard 0.0.0.63 (255 − 192 = 63). So an ACL line 192.168.1.0 0.0.0.63 matches the whole /26 subnet 192.168.1.0–.63. A wildcard of 0.0.0.0 matches exactly one host.

Router-to-router links carry exactly two endpoints, so a small subnet is ideal. A /30 gives 2^2 − 2 = 2 usable hosts — perfect for two routers — at the cost of also burning a network and a broadcast address (4 addresses total per link).

To save even those, RFC 3021 defines the /31 for point-to-point links: it has 2^1 = 2 addresses and, by special rule, both are usable as host addresses (no network/broadcast reservation), giving 2 usable hosts from just 2 addresses. Example: 10.0.0.0/30 → hosts .1 and .2, broadcast .3. 10.0.0.0/31 → both .0 and .1 are usable endpoints.

IPv6 addresses are 128 bits, written as eight groups of four hex digits. Each hex digit is a nibble (4 bits). Subnetting on nibble boundaries (multiples of 4 bits) keeps the math clean, because one hex digit equals exactly four prefix bits.

The universal convention is the /64: the first 64 bits are the network/prefix and the last 64 bits are the interface ID. A single /64 already holds 2^64 addresses, so IPv6 host subnets are essentially never made smaller than /64. A site typically receives a /48 and subnets it into /64s by varying the 16-bit subnet field between bit 48 and bit 64 — that yields 2^16 = 65,536 /64 subnets. No broadcast address exists in IPv6 (it uses multicast instead), so there is no “− 2” to subtract.