ToolsOpsCIDR subnetting guide for IPv4
Learn IPv4 CIDR and subnetting with /24, /30 and /32 examples, IP ranges, subnet masks and practical networking use cases.
What CIDR is
CIDR (Classless Inter-Domain Routing) is the modern notation for describing IP networks. A CIDR expression pairs an address with a prefix length (e.g. /24), which tells you how many leading bits identify the network. It replaced the rigid A/B/C class system, which wasted huge address blocks.
How to read a CIDR expression
Take 192.168.1.0/24. The number after the slash is the prefix length: how many of the IPv4 address bits (32 in total) belong to the network. With /24, the first 24 bits (192.168.1) identify the network and the remaining 8 bits are hosts inside it.
- Network address: host bits all 0 (192.168.1.0).
- Broadcast: host bits all 1 (192.168.1.255).
- Usable hosts: 192.168.1.1 to 192.168.1.254 (254 addresses).
- Subnet mask: 1s in network bits, 0s in host bits. For /24 it's 255.255.255.0.
- Wildcard mask: bitwise complement of the mask. For /24 it's 0.0.0.255.
Special cases: /31 and /32
Two prefixes deserve special mention:
- /31: traditionally only 2 addresses, both reserved as network and broadcast, leaving 0 usable hosts. RFC 3021 allows both addresses to be used as hosts on point-to-point links, which saves addresses on carrier networks.
- /32: represents a single host. No network or broadcast. Useful for firewall/ACL rules targeting one IP, BGP advertisements, application loopbacks or per-host DNS entries.
Common subnet sizes
Usable hosts = 2^(32-prefix) − 2, except /31 (RFC 3021, 2 usable) and /32 (single host).
| Prefix | Mask | Usable hosts | Typical use |
|---|---|---|---|
| /8 | 255.0.0.0 | 16 777 214 | Very large network (classic class A). |
| /16 | 255.255.0.0 | 65 534 | Wide space for campus/enterprise. |
| /24 | 255.255.255.0 | 254 | Typical office/LAN subnet. |
| /25 | 255.255.255.128 | 126 | Half of a /24. |
| /26 | 255.255.255.192 | 62 | Quarter of a /24. |
| /27 | 255.255.255.224 | 30 | Small department block. |
| /28 | 255.255.255.240 | 14 | Smallest useful subnet for several hosts. |
| /29 | 255.255.255.248 | 6 | Very small groups or DMZ. |
| /30 | 255.255.255.252 | 2 | Classic point-to-point link. |
| /31 | 255.255.255.254 | 2 (RFC 3021) | Point-to-point with no reserved network/broadcast. |
| /32 | 255.255.255.255 | 1 | Single host (application loopback, ACLs). |
Common mistakes
- Assuming /24 has 256 usable hosts: it's 254 (network and broadcast aren't usable host addresses).
- Confusing /25 (126 hosts) with two /25s combined (252 hosts).
- Using 0.0.0.0/0 in a firewall rule without realising it matches ALL of the Internet.
- Forgetting that /31 needs RFC 3021 support in old routers/OS stacks.
- Mixing IPv4 and IPv6 masks: similar CIDR notation but different and incompatible systems.
Frequently asked questions
- What is CIDR?
- CIDR (Classless Inter-Domain Routing) is the modern notation for describing IP networks. It pairs an address with a prefix length (e.g. /24) indicating how many leading bits identify the network. It replaced the A/B/C class system.
- How do I read 192.168.1.0/24?
- The first 24 bits identify the network (192.168.1) and the last 8 are the host. The network has 256 addresses, of which 254 are usable (192.168.1.1–192.168.1.254). 192.168.1.0 is the network address and 192.168.1.255 is the broadcast.
- Why does /31 give 2 usable hosts instead of 0?
- In a regular /31 you'd only have 2 addresses and they'd be reserved as network and broadcast, leaving 0 hosts. RFC 3021 allows both addresses to be used as hosts on point-to-point links, so some implementations give 2 usable hosts on /31.
- When would I use /32?
- A /32 represents a single IP address — no network, no broadcast. It's useful for firewall/ACL rules pointing at one host, BGP advertisements of a single prefix, or application loopbacks in cloud.
- Does this guide cover IPv6?
- No. The guide and the associated calculator only cover IPv4. IPv6 uses a similar CIDR notation but with prefixes up to 128 bits and other particularities; it is out of scope for now.