The IPv4 Subnet Math I Wish I Had Learned Sooner
For my first few years writing software I treated IP addresses as opaque dotted-decimal strings. When somebody said "this is a slash-twenty-four", I nodded and changed the subject. Then I joined a project where I had to design an internal network and could no longer fake it. Two evenings with the math, and the topic went from intimidating to almost trivial.
This post is the explanation I would have wanted before those two evenings. It is not the textbook approach. It is the way network engineers actually do it in their heads, on a whiteboard, in front of a customer.
Why subnets exist at all
An IPv4 address is a 32-bit number written as four 8-bit chunks. 192.168.1.42 is just a friendly name for the integer 3232235818. A subnet is a range of consecutive 32-bit integers that all share the same prefix. A subnet mask, or its modern equivalent CIDR notation, is a way of saying "the first N bits are the network, the remaining 32 minus N bits are the hosts."
The whole skill of subnetting boils down to one mental operation: convert between "I have N host bits" and "I have 2^N minus 2 usable hosts." Internalize that operation and you can read any CIDR notation on sight.
The /N to host-count table you should memorize
Real network engineers do not memorize lookup tables. They memorize a handful of anchor points and interpolate. Here are the anchors:
- /32: one address, no hosts. Used for loopbacks and host routes.
- /31: two addresses, two usable hosts (special-cased per RFC 3021). Used for point-to-point links.
- /30: four addresses, two usable hosts. The classic point-to-point link size.
- /29: eight addresses, six usable hosts. The smallest "real" subnet, often used for a few servers or a small VLAN.
- /24: 256 addresses, 254 usable hosts. The "class C" you see everywhere in home and office LANs.
- /16: 65,536 addresses, 65,534 usable hosts. The classic "class B" reserved range like
172.16.0.0/16. - /8: ~16.7 million addresses. The classic "class A" like
10.0.0.0/8.
To go from prefix to host count: subtract the prefix from 32 to get host bits, then compute 2^host_bits - 2. The minus-2 is for the network address (all host bits zero) and the broadcast address (all host bits one). Both are unusable for an actual host.
For a /27, that is 32 minus 27 = 5 host bits, 2^5 minus 2 = 30 usable hosts. For a /28, four host bits, 14 usable hosts. The pattern is "double minus two": /29 has 6, /28 has 14, /27 has 30, /26 has 62, /25 has 126, /24 has 254. The differences between consecutive /N values follow a clean doubling.
How to subnet in your head
You will be asked a question like: "I have 10.5.20.0/22. Split it into /24s. What are the four subnets?" The naive approach is to convert to binary, do the bit shifting, and convert back. The fast approach is:
- A /22 is two bits "smaller" than a /24, so it contains 2^2 = 4 /24 subnets.
- The increment between /24 subnets within a /22 is 256 in the third octet (because each /24 is 256 addresses).
- Starting from
10.5.20.0, the four /24s are10.5.20.0/24,10.5.21.0/24,10.5.22.0/24,10.5.23.0/24.
The trick is realizing that a /22 boundary always falls on a multiple of 4 in the third octet. 10.5.21.0/22 would be invalid as a network address because 21 is not a multiple of 4. The valid /22 networks at 10.5.x.0 are at third octets 0, 4, 8, 12, 16, 20, 24...
The point-to-point oddity (/31 and /30)
When you connect two routers with a direct link, you only need two addresses (one for each end). Allocating a /24 for that is wasteful. The classical answer is a /30, which gives you four addresses: network, host A, host B, broadcast. Two usable out of four.
RFC 3021 introduced /31 for point-to-point links, redefining both addresses as usable hosts and removing the broadcast concept. This halves the address waste. Modern equipment supports it. If your network uses /30 for point-to-point links and you are starting to feel the address pressure, /31 is a free upgrade.
The supernetting trick
Subnetting splits a big block into smaller blocks. Supernetting (or "CIDR aggregation") combines smaller blocks into a bigger one, but only when they are aligned. 10.0.0.0/24 and 10.0.1.0/24 can be aggregated into 10.0.0.0/23. But 10.0.1.0/24 and 10.0.2.0/24 cannot, because 10.0.1.0 is not a /23 boundary (the boundaries fall on 0, 2, 4, 6...).
This matters for routing table compactness. Routers learn millions of prefixes; every aggregation reduces table size by one entry. Internet backbone routing depends on aggressive supernetting to keep the global table tractable.
Private vs. public ranges, and why it matters
RFC 1918 reserves three ranges for private use, meaning they will never appear on the public internet:
10.0.0.0/8: 16.7 million addresses. Used by big corporate networks.172.16.0.0/12: ~1 million addresses. Used by mid-size networks.192.168.0.0/16: 65k addresses. Used by home networks.
If you see a packet on the public internet with a source of 10.5.5.5, something has gone wrong (or someone has misconfigured NAT). The point of these ranges is to let many independent networks reuse the same address space without coordination, because NAT translates them to public addresses at the boundary.
Common mistakes I have personally made
Confusing prefix length with usable hosts. A /28 has 16 addresses but only 14 usable hosts. Allocating a /28 for "a team of 14 people" leaves zero growth room. Always size up.
Forgetting the gateway eats an address. A /24 has 254 usable hosts, but typically one is the default gateway and one or two are DNS servers. The real device count is 250.
Overlapping subnets. 10.0.0.0/22 and 10.0.0.0/24 overlap. The latter is a strict subset of the former. Modern routers will accept the more-specific route and ignore the less-specific one, but the configuration is confusing and a source of subtle bugs.
Hard-coding /24 everywhere. Home routers love /24. Real networks need variable subnet sizes. A subnet for printers does not need 254 hosts; a /29 is plenty. Use the right size for the purpose.
Where the subnet calculator helps
When you need to plan a network and the math is bigger than you want to hold in your head, the IPv4 subnet calculator gives you network address, broadcast, first and last usable, total addresses, and the host range in one screen. I use it any time I am designing a new VLAN layout or auditing existing allocations.
What it cannot do is teach you the intuition. For that, the table of anchor points above plus an hour of mental practice is what you actually need. Once you can answer "how many /27s fit in a /22?" without reaching for a tool, you have the skill that matters.