Subnet Calculator – IP Address & CIDR Calculator
Calculate subnet mask, network address, broadcast address, and host range from an IP address and CIDR prefix length. Free science calculator, no signup.
IP Addressing and CIDR Notation
An IPv4 address is a 32-bit binary number expressed as four decimal octets separated by dots — for example, 192.168.1.100. Each octet represents 8 bits and ranges from 0 to 255, giving a total address space of 2³² = 4,294,967,296 possible addresses.
CIDR notation (Classless Inter-Domain Routing, defined in RFC 4632) appends a prefix length after a slash to indicate how many leading bits identify the network: 192.168.1.0/24. The prefix length (24 in this case) means the first 24 bits are the network portion; the remaining 8 bits identify individual hosts on that network.
For a /24 network: 2⁸ = 256 total addresses, minus 2 reserved addresses = 254 usable host addresses. The two reserved addresses are:
- Network address (all host bits = 0): 192.168.1.0 — identifies the network itself
- Broadcast address (all host bits = 1): 192.168.1.255 — sends packets to all hosts on the subnet
The general formula for usable hosts is: Usable hosts = 2^(32 − prefix) − 2. The only exception is a /31 subnet (point-to-point link per RFC 3021), which has 2 addresses and 0 "usable" hosts in the traditional sense but both addresses are assigned to router interfaces, and /32 which identifies a single host.
CIDR replaced the older classful addressing system (Class A/B/C) in 1993 to allow more flexible allocation of IP address space. Before CIDR, an organization needing 500 addresses would receive a Class B (/16) with 65,534 addresses — wasting over 65,000. With CIDR, they receive a /23 (510 usable addresses), dramatically improving allocation efficiency.
Complete Subnet Mask and CIDR Reference Table
A subnet mask is a 32-bit value where consecutive 1s mark the network portion and consecutive 0s mark the host portion. The following table covers all commonly used CIDR prefix lengths:
| CIDR | Subnet Mask | Total IPs | Usable Hosts | Typical Use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | ISP backbone, large enterprise |
| /12 | 255.240.0.0 | 1,048,576 | 1,048,574 | Private range (172.16.0.0/12) |
| /16 | 255.255.0.0 | 65,536 | 65,534 | Large campus, private range |
| /20 | 255.255.240.0 | 4,096 | 4,094 | AWS default VPC subnet |
| /22 | 255.255.252.0 | 1,024 | 1,022 | Medium office building |
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN, home network |
| /25 | 255.255.255.128 | 128 | 126 | VLAN segment |
| /26 | 255.255.255.192 | 64 | 62 | Department subnet |
| /27 | 255.255.255.224 | 32 | 30 | Small team / lab |
| /28 | 255.255.255.240 | 16 | 14 | DMZ, server group |
| /29 | 255.255.255.248 | 8 | 6 | Small server subnet |
| /30 | 255.255.255.252 | 4 | 2 | WAN point-to-point link |
| /31 | 255.255.255.254 | 2 | 2* | Router-to-router link (RFC 3021) |
| /32 | 255.255.255.255 | 1 | 1 | Single host route |
*A /31 subnet has no network or broadcast address per RFC 3021, so both addresses are usable for point-to-point links.
Private IP Address Ranges (RFC 1918)
RFC 1918 defines three address ranges reserved for private networks. These are not routable on the public internet and can be reused freely within any organization:
| CIDR Block | IP Range | Total Addresses | Typical Use |
|---|---|---|---|
| 10.0.0.0/8 | 10.0.0.0 – 10.255.255.255 | 16,777,216 | Large enterprise, cloud VPCs (AWS, GCP, Azure) |
| 172.16.0.0/12 | 172.16.0.0 – 172.31.255.255 | 1,048,576 | Mid-size corporate networks, Docker default |
| 192.168.0.0/16 | 192.168.0.0 – 192.168.255.255 | 65,536 | Home routers, SOHO networks |
Other special-purpose address ranges that network engineers should know:
- 127.0.0.0/8 — Loopback (localhost). 127.0.0.1 is your own machine. Packets never leave the host.
- 169.254.0.0/16 — Link-local / APIPA (Automatic Private IP Addressing). Auto-assigned when DHCP fails.
- 100.64.0.0/10 — Carrier-grade NAT (CGNAT, RFC 6598). Used by ISPs for shared address space.
- 0.0.0.0/0 — Default route in routing tables, representing "all destinations."
- 224.0.0.0/4 — Multicast address range (Class D). Used for streaming, OSPF, RIP.
- 255.255.255.255 — Limited broadcast (all hosts on the local network segment).
Subnetting Step-by-Step with VLSM
Subnetting divides a larger network into smaller, more manageable segments. This improves security (broadcast domain isolation), performance (reduced broadcast traffic), and IP address efficiency. Here is a detailed walkthrough:
Example: You have 192.168.10.0/24 (256 addresses) and need to divide it into 4 equal subnets.
- Determine bits needed: 4 subnets require 2 additional network bits (2² = 4). New prefix: /24 + 2 = /26.
- Calculate hosts per subnet: 2^(32 − 26) − 2 = 62 usable hosts per subnet.
- List the subnets:
| Subnet # | Network Address | Usable Range | Broadcast |
|---|---|---|---|
| 1 | 192.168.10.0/26 | 192.168.10.1 – .62 | 192.168.10.63 |
| 2 | 192.168.10.64/26 | 192.168.10.65 – .126 | 192.168.10.127 |
| 3 | 192.168.10.128/26 | 192.168.10.129 – .190 | 192.168.10.191 |
| 4 | 192.168.10.192/26 | 192.168.10.193 – .254 | 192.168.10.255 |
Variable Length Subnet Masking (VLSM) takes this further by allowing subnets of different sizes. For example, you might allocate a /26 for 60 workstations, a /28 for 14 servers, and /30s for WAN links — all from the same parent block. VLSM eliminates waste by matching subnet size to actual need. Modern routing protocols (OSPF, EIGRP, BGP) all support VLSM.
Supernetting (route aggregation) is the inverse: combining multiple smaller networks into a single larger route. For example, 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 can be aggregated into 192.168.0.0/22. This reduces the size of routing tables in core routers.
Binary Math Behind Subnetting
Understanding the binary operations behind subnetting removes all the mystery. Every IPv4 address is a 32-bit number. For example, 192.168.1.100 in binary is:
11000000.10101000.00000001.01100100
The subnet mask /24 (255.255.255.0) in binary:
11111111.11111111.11111111.00000000
To find the network address, perform a bitwise AND between the IP and the mask:
11000000.10101000.00000001.01100100 (IP)
11111111.11111111.11111111.00000000 (Mask)
——————————————————
11000000.10101000.00000001.00000000 = 192.168.1.0 (Network)
To find the broadcast address, invert the mask (wildcard) and OR it with the network address:
Wildcard: 00000000.00000000.00000000.11111111
Network OR Wildcard: 11000000.10101000.00000001.11111111 = 192.168.1.255 (Broadcast)
The wildcard mask (inverse of the subnet mask) is used in access control lists (ACLs) on Cisco routers and firewalls. For a /24: subnet mask = 255.255.255.0, wildcard = 0.0.0.255. For a /27: subnet mask = 255.255.255.224, wildcard = 0.0.0.31.
IPv6 Addressing Overview
With IPv4's 4.3 billion addresses exhausted (IANA allocated the last /8 blocks in 2011), IPv6 provides a vastly larger address space using 128-bit addresses — approximately 3.4 × 10³⁸ unique addresses. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
Leading zeros within a group can be omitted, and one consecutive group of all-zero groups can be replaced with :::
2001:db8:85a3::8a2e:370:7334
| Feature | IPv4 | IPv6 |
|---|---|---|
| Address size | 32 bits | 128 bits |
| Address count | ~4.3 × 10⁹ | ~3.4 × 10³⁸ |
| Notation | Dotted decimal (192.168.1.1) | Hexadecimal colons (2001:db8::1) |
| Standard prefix | /24 common for LANs | /64 required for LANs (SLAAC) |
| Broadcast | Yes (e.g., .255) | No — replaced by multicast |
| NAT needed? | Usually yes (private IPs) | No — enough addresses for all devices |
| Header | Variable (20–60 bytes) | Fixed (40 bytes) + extension headers |
IPv6 subnetting works identically to IPv4 in concept. A /48 is typically assigned to a site (giving 2⁸⁰ host addresses), which is subdivided into /64 subnets (standard for a single LAN segment). The /64 provides 2⁶⁴ ≈ 1.8 × 10¹⁹ host addresses per subnet — more than enough for any foreseeable use, and required for Stateless Address Autoconfiguration (SLAAC).
Cloud Networking and Subnet Design
Modern cloud platforms (AWS, GCP, Azure) rely heavily on subnetting for network architecture. Understanding CIDR is essential for designing Virtual Private Clouds (VPCs):
AWS VPC: A VPC can use any RFC 1918 CIDR block from /16 to /28. Common choice: 10.0.0.0/16 (65,534 IPs). Subnets within the VPC are created per Availability Zone. AWS reserves 5 IPs per subnet (network, VPC router, DNS, future use, broadcast), so a /24 subnet provides 251 usable IPs, not 254.
GCP VPC: Uses auto-mode (pre-configured /20 subnets in each region) or custom-mode (user-defined CIDR blocks per region). VPC networks are global; subnets are regional.
Azure VNet: Similar to AWS. Supports /8 through /29. Reserves 5 IPs per subnet. A /24 gives 251 usable addresses.
Best practices for cloud subnet design:
- Allocate a /16 VPC for most projects (room to grow)
- Use /24 subnets for general workloads (251 IPs in AWS/Azure, 254 in GCP)
- Separate public subnets (with internet gateway) from private subnets
- Avoid overlapping CIDR blocks across VPCs if you plan VPC peering or VPN connections
- Document your IP address plan — running out of IPs in a VPC requires painful migration
Frequently Asked Questions
What is the difference between a subnet mask and CIDR notation?
They express the same information in different formats. The subnet mask 255.255.255.0 is equivalent to /24 in CIDR notation. To convert, count the consecutive 1-bits in the binary representation of the subnet mask. CIDR notation is more compact and has become the standard in modern networking documentation and configuration. Both convey how many bits define the network portion of an IP address.
How many hosts can a /24 subnet support?
A /24 subnet has 8 host bits: 2⁸ = 256 total addresses. Subtract 2 reserved addresses (network address .0 and broadcast address .255) = 254 usable host addresses. In cloud environments (AWS, Azure), providers reserve additional IPs (typically 3–5), so a /24 may provide only 251 usable addresses. The /24 is the most common subnet size for small to medium networks and is the default for most home routers (192.168.1.0/24).
What is the purpose of a broadcast address?
The broadcast address (all host bits set to 1) allows a device to send a packet to every host on the subnet simultaneously. For the subnet 192.168.1.0/24, the broadcast address is 192.168.1.255. ARP requests, DHCP discovery, and some routing protocols use broadcast. No device should be assigned a broadcast address as a static IP. In IPv6, broadcast is replaced by multicast (addressing specific groups of hosts) for improved efficiency.
What is the difference between IPv4 and IPv6?
IPv4 uses 32-bit addresses (~4.3 billion total), written in dotted decimal (e.g., 192.168.1.1). IPv6 uses 128-bit addresses (~3.4 × 10³⁸), written in hexadecimal with colons (e.g., 2001:db8::1). IPv6 eliminates the need for NAT, simplifies headers, mandates IPSec support, and uses multicast instead of broadcast. IPv6 adoption is growing (over 40% of Google traffic as of 2024) as IPv4 addresses are exhausted globally.
Why does my router show 192.168.1.1 as its address?
192.168.1.1 is the conventional default gateway — the first usable host address in the 192.168.1.0/24 private network range. It is not technically required; your router could use any address from .1 to .254. Manufacturers chose .1 by convention. The router connects your private network to the public internet using NAT (Network Address Translation), which maps multiple private IPs to a single public IP. Some routers use 192.168.0.1, 10.0.0.1, or other addresses.
What is NAT and why is it used?
Network Address Translation (NAT) allows multiple devices on a private network (e.g., 192.168.1.0/24) to share a single public IP address. Your router maintains a translation table mapping internal IP:port pairs to the public IP with different port numbers. NAT was invented as a stopgap for IPv4 address exhaustion and also provides a layer of security by hiding internal network structure. Common types: SNAT (source NAT), DNAT (destination NAT/port forwarding), and PAT (Port Address Translation, the most common form).
What is DHCP and how does it assign IP addresses?
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses, subnet masks, default gateways, and DNS servers to devices on a network. The process: (1) Client broadcasts DHCPDISCOVER. (2) Server responds with DHCPOFFER including an available IP. (3) Client requests that IP with DHCPREQUEST. (4) Server confirms with DHCPACK. Leases are temporary (commonly 24 hours); clients must renew before expiry. DHCP eliminates manual IP configuration and prevents duplicate addresses.
What is a VLAN and how does it relate to subnets?
A Virtual LAN (VLAN) is a logical separation of network traffic at Layer 2 (data link layer) of the OSI model. VLANs are typically mapped 1:1 to subnets: VLAN 10 might use 10.10.10.0/24, VLAN 20 uses 10.10.20.0/24. VLANs isolate broadcast domains, improve security (e.g., separating employee and guest Wi-Fi), and allow flexible network design independent of physical wiring. Inter-VLAN routing requires a Layer 3 device (router or L3 switch).
How do I plan IP addresses for a new office network?
Start by estimating the number of devices per department/function. Add 50–100% growth margin. Assign a /16 or /12 private block as the parent range, then subnet with VLSM: /24 for general workstations (254 hosts), /27 for server VLANs (30 hosts), /30 for point-to-point links (2 hosts). Document everything in a spreadsheet or IPAM tool (phpIPAM, NetBox). Reserve the first few addresses (.1, .2, .3) in each subnet for routers and infrastructure. Use DHCP for dynamic hosts and static assignments for servers and printers.
What is the wildcard mask used in ACLs?
A wildcard mask is the bitwise inverse of a subnet mask. Where the subnet mask has a 1 (match this bit), the wildcard mask has a 0. For a /24 (255.255.255.0), the wildcard is 0.0.0.255. Wildcard masks are used in Cisco IOS access control lists (ACLs) and OSPF network statements to specify which bits of an IP address must match. A wildcard of 0.0.0.0 means "match this exact host"; 255.255.255.255 means "match any address." The wildcard 0.0.0.31 matches a /27 subnet (32 addresses).
},{"@type":“Question”,“name”:“How many hosts can a /24 subnet support?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“254 usable hosts (256 total minus network and broadcast). In cloud environments, providers reserve additional IPs, so a /24 may provide only 251.”}},{"@type":“Question”,“name”:“What is the purpose of a broadcast address?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“The broadcast address sends a packet to every host on the subnet simultaneously. Used by ARP, DHCP, and some routing protocols. No device should be assigned this address.”}},{"@type":“Question”,“name”:“What is the difference between IPv4 and IPv6?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“IPv4 uses 32-bit addresses (~4.3 billion). IPv6 uses 128-bit addresses (~3.4 × 10³⁸), written in hexadecimal. IPv6 eliminates NAT requirements and uses multicast instead of broadcast.”}},{"@type":“Question”,“name”:“Why does my router show 192.168.1.1 as its address?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“192.168.1.1 is the conventional default gateway in the 192.168.1.0/24 private range. The router uses NAT to connect private IPs to the public internet.”}},{"@type":“Question”,“name”:“What is NAT and why is it used?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“NAT allows multiple private-IP devices to share one public IP. The router maintains a translation table mapping internal IP:port pairs to external ports.”}},{"@type":“Question”,“name”:“What is DHCP and how does it assign IP addresses?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“DHCP automatically assigns IPs via a 4-step process: Discover, Offer, Request, Acknowledge. Leases are temporary and must be renewed.”}},{"@type":“Question”,“name”:“What is a VLAN and how does it relate to subnets?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“VLANs logically separate network traffic at Layer 2. They are typically mapped 1:1 to subnets, isolating broadcast domains and improving security.”}},{"@type":“Question”,“name”:“How do I plan IP addresses for a new office network?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“Estimate devices per department, add growth margin, assign a private parent block, subnet with VLSM, document in an IPAM tool, and use DHCP for dynamic hosts.”}},{"@type":“Question”,“name”:“What is the wildcard mask used in ACLs?”,“acceptedAnswer”:{"@type":“Answer”,“text”:“A wildcard mask is the bitwise inverse of a subnet mask. For /24 (255.255.255.0), the wildcard is 0.0.0.255. Used in Cisco ACLs and OSPF to specify matching bits.”}}]}