What is a subnet?
A short reference on subnets — what they actually are, how the mask separates network bits from host bits, why subnetting exists, and how to think about sizing one.
The one-line definition
A subnet is a contiguous range of IP addresses, identified by a network address and a mask (or equivalently a CIDR prefix length), where every address in the range shares the same network bits.
192.168.1.0/24 is a subnet. Its 256 addresses (192.168.1.0 through 192.168.1.255) all start with the same 24 bits — 11000000.10101000.00000001 in binary — and differ only in the last 8 bits.
How the mask works
The mask defines the split. For /24, the mask is 255.255.255.0, which in binary is twenty-four 1s followed by eight 0s:
11111111.11111111.11111111.00000000
└────────────────────────┘└──────┘
network bits host bits
Any IP address ANDed with the mask gives you the network address. The non-mask bits — the host bits — are how you tell two hosts on the same subnet apart.
Two addresses are on the same subnet if and only if their network bits match. 192.168.1.42 and 192.168.1.200 are on the same /24 (network bits all identical). 192.168.1.42 and 192.168.2.42 are not (their third octet differs, and on a /24 that octet is part of the network portion).
Why subnetting exists
The original 1981 IP address design was classful: every A-class network was a /8, every B-class was a /16, every C-class was a /24. There was no concept of breaking those down. By the late 1980s the cost of the rigid classful sizes was visible: a company that needed 2,000 IPs either had to take a whole /16 (60,000+ wasted addresses) or stitch together eight /24s and bloat the routing table.
Subnetting (RFC 950, 1985) let networks be split internally — a /16 could be carved into 256 /24s, or 64 /22s, or any mix. The world outside the organisation still saw one route; inside, each department could have its own range.
CIDR (1993) generalised this further by abolishing the class boundaries entirely. After CIDR, "subnet" and "CIDR block" became effectively the same thing.
Sizing a subnet
The arithmetic is mechanical. Pick the prefix length, the host count drops out:
| Prefix | Total addresses | Usable hosts | Typical use |
|---|---|---|---|
/24 |
256 | 254 | Default LAN segment |
/25 |
128 | 126 | Half a LAN |
/26 |
64 | 62 | DMZ segment |
/27 |
32 | 30 | Small subnet (AWS minimum) |
/28 |
16 | 14 | Tiny subnet |
/29 |
8 | 6 | Point-to-point with a small LAN |
/30 |
4 | 2 | Classic point-to-point link |
/31 |
2 | 2 | Modern point-to-point (RFC 3021) |
/32 |
1 | 1 | Single host route |
The "usable hosts" column subtracts two: the network address (host bits all 0) and the broadcast address (host bits all 1) are reserved on a normal subnet. The /31 exception is documented in RFC 3021 — point-to-point links don't need broadcast, so both addresses become usable.
Two common sizing mistakes
- Picking
/24because it's familiar. Big LANs full of clients used to fit in a/24. Modern networks with phones, laptops, IoT, multiple addresses per host (IPv6) routinely outgrow 254 hosts. Use/22or/21and stop reaching for/24by reflex. - Picking too small. Once a subnet is in production, resizing it is painful — you have to renumber every host. Burning a few extra bits of address space at design time is cheap; renumbering later is not.
IPv6 subnets
In IPv6 the standard subnet size for a LAN is /64. Always. That's not a convention you should fight unless you have a specific reason: SLAAC (stateless address autoconfiguration) requires a 64-bit host identifier, and most operating systems will refuse to enable it on a longer prefix. Variable subnet sizes exist in IPv6 — /127 for point-to-point, for instance — but the default is /64 per LAN.
Try the math
The CIDR calculator at /tools/cidr computes the network address, broadcast, host range, mask, and binary representation for any subnet you can write. Drop in your subnet, see the math.