CIDR Notation and Subnetting Made Simple
Learn CIDR notation and subnetting with visual binary breakdowns. Includes a full /8 to /32 cheat sheet covering all 25 prefix lengths and real examples.
CIDR notation replaced the old classful addressing system in 1993. According to APNIC research, the global BGP routing table held over 1 million prefixes by late 2024, nearly all expressed in CIDR. If you’ve ever seen an address like 192.168.1.0/24 and wondered what the /24 means, this guide will make it click.
We’ll break down the binary math visually, walk through a real network planning scenario, and give you the full subnet cheat sheet you can bookmark. No hand-waving. No skipping steps.
Key Takeaways
- CIDR notation uses a prefix length (like /24) to define how many bits identify the network versus the host.
- A /24 subnet gives you 254 usable hosts. Each additional prefix bit halves the available addresses.
- Over 1 million CIDR prefixes exist in the global BGP table (APNIC, 2024).
- Private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) cover most internal networks.
- Subnetting is about splitting one block into smaller ones by borrowing host bits for the network portion.
Calculate Any Subnet Instantly
Punch in a CIDR block below. Get the network address, broadcast address, host range, and usable count without doing any math by hand.
Address details
Host details
Mask details
Binary subnet mask
11111111 11111111 11111111 00000000What Is CIDR Notation?
CIDR stands for Classless Inter-Domain Routing, introduced in RFC 1519 (IETF, 1993). Before CIDR, the internet used rigid Class A, B, and C address blocks. That system wasted enormous numbers of addresses. CIDR replaced it by letting network operators define blocks of any size using a simple prefix length.
The notation looks like this: 192.168.1.0/24. The number after the slash tells you how many bits, counting from the left, belong to the network portion. The remaining bits belong to hosts. That’s the entire concept.
Why does this matter? Because the IPv4 address space only has roughly 4.3 billion addresses (IANA, 2019). Without CIDR’s flexible allocation, the internet would have exhausted usable addresses decades earlier. RIPE NCC confirmed that all five Regional Internet Registries ran out of free IPv4 pools between 2011 and 2020.
Citation capsule: CIDR notation, defined in RFC 1519 (IETF, 1993), replaced classful addressing by allowing variable-length prefix lengths. This flexible allocation helped delay IPv4 exhaustion across the 4.3 billion address space managed by IANA.
How Do IP Addresses Work in Binary?
Every IPv4 address is a 32-bit number. According to IANA’s IPv4 Address Space Registry, those 32 bits yield exactly 4,294,967,296 unique addresses. Understanding binary is the key to understanding subnetting.
Take the address 192.168.1.10. In binary, each octet (the numbers between the dots) converts to 8 bits:
192 .168 .1 .10
11000000.10101000.00000001.00001010Each octet holds values from 0 (00000000) to 255 (11111111). The four octets together form 32 bits total. Here’s a quick conversion table for common values:
| Decimal | Binary | Bit Positions |
|---|---|---|
| 0 | 00000000 | No bits set |
| 128 | 10000000 | Bit 7 (leftmost) |
| 192 | 11000000 | Bits 7-6 |
| 224 | 11100000 | Bits 7-5 |
| 240 | 11110000 | Bits 7-4 |
| 248 | 11111000 | Bits 7-3 |
| 252 | 11111100 | Bits 7-2 |
| 254 | 11111110 | Bits 7-1 |
| 255 | 11111111 | All 8 bits set |
These specific decimal values keep appearing because subnet masks only use contiguous leading 1s. You won’t see random values like 200 or 173 in a subnet mask. This pattern is what makes CIDR work. If you’re new to binary, don’t try to memorize the conversions. Instead, memorize the powers of two: 128, 64, 32, 16, 8, 4, 2, 1. Every octet is just a combination of those values.
What Do Subnet Masks Actually Do?
A subnet mask is a 32-bit number where all network bits are set to 1 and all host bits are set to 0. The RFC 950 specification (IETF, 1985) originally defined subnet masking. In practice, the mask acts like a stencil, separating the network address from the host address.
For a /24 network, the mask is 255.255.255.0. In binary:
IP: 11000000.10101000.00000001.00001010 (192.168.1.10)
Mask: 11111111.11111111.11111111.00000000 (255.255.255.0)
|------network bits------||--host--|The 24 leading 1s mark the network portion. The 8 trailing 0s mark the host portion. When you AND the IP with the mask, you get the network address:
IP: 11000000.10101000.00000001.00001010
Mask: 11111111.11111111.11111111.00000000
AND: 11000000.10101000.00000001.00000000 → 192.168.1.0That AND operation is what every router does to determine which network a packet belongs to. Fast, simple, and purely binary.
Quick trick
To figure out how many host addresses a subnet provides, use the formula: 2^(32 - prefix) - 2. The minus 2 accounts for the network address (all host bits 0) and the broadcast address (all host bits 1). Neither can be assigned to a device.
Citation capsule: Subnet masks separate network and host bits using a bitwise AND operation, as defined in RFC 950 (IETF, 1985). A /24 mask (255.255.255.0) provides 254 usable host addresses from 256 total, after subtracting the network and broadcast addresses.
What Does the Full CIDR Notation Table Look Like?
The complete CIDR table maps every prefix length from /8 to /32. RFC 4632 (IETF, 2006) formalized CIDR as the current best practice for IPv4. Bookmark this table as your subnet cheat sheet.
| CIDR | Subnet Mask | Total Addresses | Usable Hosts | Typical Use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | Large ISPs, 10.x.x.x private range |
| /9 | 255.128.0.0 | 8,388,608 | 8,388,606 | Major ISP allocations |
| /10 | 255.192.0.0 | 4,194,304 | 4,194,302 | Large enterprise or carrier |
| /11 | 255.224.0.0 | 2,097,152 | 2,097,150 | Regional ISP blocks |
| /12 | 255.240.0.0 | 1,048,576 | 1,048,574 | 172.16.0.0/12 private range |
| /13 | 255.248.0.0 | 524,288 | 524,286 | Large ISP sub-allocations |
| /14 | 255.252.0.0 | 262,144 | 262,142 | ISP regional blocks |
| /15 | 255.254.0.0 | 131,072 | 131,070 | ISP metro allocations |
| /16 | 255.255.0.0 | 65,536 | 65,534 | 192.168.x.x private range, large campus |
| /17 | 255.255.128.0 | 32,768 | 32,766 | Large campus segment |
| /18 | 255.255.192.0 | 16,384 | 16,382 | Data center floor |
| /19 | 255.255.224.0 | 8,192 | 8,190 | Large building or department |
| /20 | 255.255.240.0 | 4,096 | 4,094 | Large office, multi-floor |
| /21 | 255.255.248.0 | 2,048 | 2,046 | Medium campus or branch office |
| /22 | 255.255.252.0 | 1,024 | 1,022 | Medium office |
| /23 | 255.255.254.0 | 512 | 510 | Small office floor |
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN, most common subnet |
| /25 | 255.255.255.128 | 128 | 126 | Half a /24, small department |
| /26 | 255.255.255.192 | 64 | 62 | Small team or VLAN |
| /27 | 255.255.255.224 | 32 | 30 | Conference room, lab |
| /28 | 255.255.255.240 | 16 | 14 | Small server cluster |
| /29 | 255.255.255.248 | 8 | 6 | Point-to-point + a few servers |
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point router link |
| /31 | 255.255.255.254 | 2 | 2* | Point-to-point link (RFC 3021) |
| /32 | 255.255.255.255 | 1 | 1 | Single host route, loopback |
About /31 subnets
The /31 entry shows 2 usable hosts because RFC 3021 (IETF, 2000) allows both addresses in a /31 to be assigned on point-to-point links, eliminating the need for network and broadcast addresses. Most modern routers support this.
The pattern is simple. Every time the prefix increases by 1, the number of addresses halves. Going from /24 (256 addresses) to /25 (128 addresses) to /26 (64 addresses) is just dividing by 2 each step. Most “CIDR cheat sheets” online stop at the numbers. But knowing the typical use case for each prefix is what separates someone who can recite a table from someone who can actually plan a network. A /28 isn’t just “16 addresses,” it’s your server VLAN. A /30 isn’t just “4 addresses,” it’s the WAN link between your routers.
Citation capsule: The CIDR prefix table, formalized in RFC 4632 (IETF, 2006), spans /8 (16.7 million addresses) to /32 (single host). A /24 provides 254 usable hosts and remains the most commonly deployed LAN subnet size.
How Do You Subnet Step by Step?
Subnetting means dividing one network block into smaller blocks. According to Cisco’s networking documentation, subnetting is one of the most tested and most practical skills in network engineering. Let’s walk through a real example.
The scenario
You have the network 192.168.10.0/24 and need to create four equal subnets.
Step 1: Determine how many subnets you need
Four subnets. What power of 2 covers 4? That’s 2^2 = 4. So you need to borrow 2 bits from the host portion.
Step 2: Calculate the new prefix length
Original prefix: /24 (24 network bits, 8 host bits). Borrow 2 bits: 24 + 2 = /26. Your new prefix is /26.
Step 3: Find the new subnet mask
A /26 means 26 bits set to 1:
11111111.11111111.11111111.11000000 = 255.255.255.192Step 4: Calculate the block size
Block size = 2^(32 - 26) = 2^6 = 64. Each subnet contains 64 addresses.
Step 5: List the subnets
Subnet 1: 192.168.10.0/26 → Hosts: .1 to .62 (Broadcast: .63)
Subnet 2: 192.168.10.64/26 → Hosts: .65 to .126 (Broadcast: .127)
Subnet 3: 192.168.10.128/26 → Hosts: .129 to .190 (Broadcast: .191)
Subnet 4: 192.168.10.192/26 → Hosts: .193 to .254 (Broadcast: .255)Each subnet provides 62 usable hosts (64 total minus the network and broadcast addresses).
Tip
Notice how each subnet starts at a multiple of 64. The block size determines the starting address of every subnet. If your block size is 64, subnets start at 0, 64, 128, 192. If it’s 32, they start at 0, 32, 64, 96, and so on.
What Are the Private IP Ranges?
RFC 1918 (IETF, 1996) reserves three blocks for private use. These addresses don’t route on the public internet. According to APNIC Labs data, virtually 100% of home and enterprise internal networks use one of these three ranges.
| Range | CIDR Block | Total Addresses | Common Usage |
|---|---|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | Large enterprises, cloud VPCs (AWS, GCP, Azure) |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | Docker default networks, medium enterprises |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | 65,536 | Home routers, small offices, most consumer gear |
There’s also 169.254.0.0/16 (link-local, used when DHCP fails) and 127.0.0.0/8 (loopback, your localhost). These aren’t RFC 1918 private addresses, but they also never appear on the public internet.
When planning internal subnets, the 10.0.0.0/8 range gives you the most room. You can carve out thousands of /24 subnets without overlapping. That’s why cloud providers default to it for VPC configurations.
look up DNS records for any domain
Citation capsule: RFC 1918 (IETF, 1996) defines three private IPv4 ranges: 10.0.0.0/8 (16.7M addresses), 172.16.0.0/12 (1M addresses), and 192.168.0.0/16 (65K addresses). Cloud providers like AWS and GCP default to the 10.0.0.0/8 range for virtual private clouds.
How Would You Plan a Real Office Network?
Let’s apply everything above to a concrete scenario. A company with 200 employees needs to subnet 10.1.0.0/16 across four departments and shared infrastructure. This is based on common network design patterns recommended by Cisco’s Enterprise Architecture guidelines. Here’s a department-by-department breakdown:
The requirements
| Department | Devices | Growth Buffer | Minimum Hosts Needed |
|---|---|---|---|
| Engineering | 80 | 50% | 120 |
| Sales | 45 | 50% | 68 |
| Operations | 35 | 50% | 53 |
| Guest Wi-Fi | 30 | 100% | 60 |
| Servers/Infra | 20 | 50% | 30 |
| WAN links | 2 per link, 3 links | None | 6 (3 x /30) |
The subnet plan
Engineering (/25, 126 usable hosts):
10.1.1.0/25 → Hosts: 10.1.1.1 – 10.1.1.126
Covers 120 needed with 6 to spareSales (/25, 126 usable hosts):
10.1.1.128/25 → Hosts: 10.1.1.129 – 10.1.1.254
Covers 68 needed with room for growthOperations (/26, 62 usable hosts):
10.1.2.0/26 → Hosts: 10.1.2.1 – 10.1.2.62
Covers 53 needed with 9 spareGuest Wi-Fi (/26, 62 usable hosts):
10.1.2.64/26 → Hosts: 10.1.2.65 – 10.1.2.126
Covers 60 needed with 2 spareServers (/27, 30 usable hosts):
10.1.2.128/27 → Hosts: 10.1.2.129 – 10.1.2.158
Covers 30 needed exactlyWAN links (3x /30, 2 usable hosts each):
10.1.255.0/30 → Router A ↔ Router B
10.1.255.4/30 → Router A ↔ ISP 1
10.1.255.8/30 → Router A ↔ ISP 2Common planning mistake
Don’t assign subnets exactly matching current device counts. Always add a 50% growth buffer for employee departments and 100% for guest networks. Resubnetting later means changing DHCP scopes, firewall rules, ACLs, and documentation. It’s far cheaper to over-provision from the start.
Notice we used only a small fraction of the 10.1.0.0/16 space. That’s intentional. You can keep 10.1.3.0/24 through 10.1.254.0/24 entirely free for future departments, IoT networks, or lab environments. Good network planning leaves room.
How Does CIDR Work with IPv6?
IPv6 uses the same CIDR prefix notation, but the address space is incomprehensibly larger. A single IPv6 address is 128 bits long. According to Google’s IPv6 statistics, global IPv6 adoption reached roughly 45% of Google users by early 2026.
A typical ISP assigns each customer a /48 prefix. That’s 2^80 addresses, or about 1.2 trillion times the entire IPv4 address space. Inside that /48, you subnet using /64 blocks for individual LANs.
2001:db8:abcd::/48 → Customer allocation (65,536 /64 subnets)
2001:db8:abcd:0001::/64 → Engineering VLAN
2001:db8:abcd:0002::/64 → Sales VLAN
2001:db8:abcd:0003::/64 → Guest Wi-FiA /64 is the standard subnet size for IPv6 LANs. Each /64 provides 2^64 host addresses, which is roughly 18.4 quintillion. You’ll never run out of host addresses on a single subnet. The challenge in IPv6 isn’t conserving addresses. It’s organizing your prefix hierarchy logically.
| IPv6 CIDR | Scope | Typical Assignment |
|---|---|---|
| /32 | ISP allocation from RIR | Regional Internet Registry → ISP |
| /48 | Customer site | ISP → single organization/home |
| /56 | Small customer | Some ISPs assign /56 instead of /48 |
| /64 | Single LAN subnet | One VLAN or network segment |
| /128 | Single host | Loopback or host route |
The binary math is identical to IPv4. A /48 means the first 48 bits are network, the remaining 80 are for subnets and hosts. The numbers are just much, much bigger.
Citation capsule: IPv6 CIDR uses the same prefix notation as IPv4 but across 128-bit addresses. Global IPv6 adoption reached approximately 45% of Google users by early 2026 (Google IPv6 Statistics). Standard LAN subnets use /64 prefixes, each containing 18.4 quintillion host addresses.
What Are the Most Common Subnetting Mistakes?
Even experienced engineers make subnetting errors. According to a SolarWinds IT Trends Report (2024), IP address management issues rank among the top five causes of network outages in enterprise environments. Here are the mistakes that cause the most trouble.
Forgetting to subtract 2 from the host count
A /24 has 256 total addresses, but only 254 usable. The first address is the network identifier and the last is the broadcast. This applies to every prefix length except /31 (point-to-point) and /32 (single host).
Overlapping subnets
If you assign 10.1.1.0/24 and 10.1.1.128/25, those overlap. The /25 falls entirely within the /24. Overlapping subnets cause routing ambiguity. Packets may reach the wrong destination, or routing loops may form.
Using /24 for everything
Not every subnet needs 254 hosts. A point-to-point link between two routers should be a /30 or /31, not a /24. Using oversized subnets wastes addresses and creates larger broadcast domains, which increases noise on the wire.
Not planning for growth
Assigning a /27 (30 hosts) to a department with 28 devices leaves no room. When device 31 arrives, you’re re-doing DHCP scopes, firewall rules, and switch port configs. Budget 50% extra capacity minimum.
Confusing the subnet mask with the wildcard mask
Cisco ACLs use wildcard masks, which are the inverse of subnet masks. The wildcard for /24 isn’t 255.255.255.0. It’s 0.0.0.255. Mixing them up is a classic firewall rule bug. We’ve found that drawing out the binary on paper, even just for the last octet, catches more errors than any calculator. The mental model of “ones on the left, zeros on the right” eliminates most mistakes before they reach production.
Frequently Asked Questions
What does /24 mean in CIDR notation?
A /24 means 24 of the 32 bits in an IPv4 address are fixed as the network portion. The remaining 8 bits are for host addresses. This gives you a subnet mask of 255.255.255.0 and 254 usable host addresses. It’s the most commonly deployed subnet size for standard LANs, as noted in RFC 4632 (IETF, 2006).
How many usable hosts does a /16 subnet provide?
A /16 subnet contains 65,536 total addresses (2^16). After subtracting the network and broadcast addresses, you get 65,534 usable hosts. The 192.168.0.0/16 private range defined in RFC 1918 (IETF, 1996) is a /16 block commonly used in home and small business networks.
What’s the difference between CIDR and classful addressing?
Classful addressing, used before 1993, forced networks into fixed sizes: Class A (/8), Class B (/16), or Class C (/24). CIDR, introduced in RFC 1519 (IETF, 1993), allows any prefix length from /0 to /32. This flexibility prevents the massive address waste that classful allocation caused.
Can I use a /31 subnet for a point-to-point link?
Yes. RFC 3021 (IETF, 2000) specifically allows /31 subnets on point-to-point links. Both addresses are usable because point-to-point links don’t need a network or broadcast address. Most modern routers from Cisco, Juniper, and others support this, saving one address per link compared to a /30.
How do I convert between CIDR and subnet mask?
Count the prefix number and set that many bits to 1, starting from the left. Fill the rest with 0s. For /26: twenty-six 1s followed by six 0s gives 11111111.11111111.11111111.11000000, which is 255.255.255.192. To go the other direction, count the consecutive 1 bits in the mask’s binary form.
use the subnet calculator for instant conversions
Wrapping Up
CIDR notation is simpler than it first appears. The prefix length tells you where the network ends and the hosts begin. The binary math is just counting 1s and 0s. And subnetting is just borrowing bits from one side to create smaller blocks.
The key ideas to remember: a /24 gives you 254 hosts, each additional bit halves the count, always plan for growth, and private RFC 1918 ranges are your friend for internal networks. For IPv6, the same CIDR logic applies, just with much bigger numbers and /64 as the standard LAN size.
Use the subnet calculator above to verify your work. The best way to get comfortable with subnetting is to plan a few networks on paper, then check your answers with a tool. After a few rounds, the binary patterns become second nature.