Subnetting and CIDR are fundamentally about wasting IP addresses to gain control.
Let’s see this in action. Imagine you have a block of IP addresses, say 192.168.1.0/24. This /24 is CIDR notation, meaning the first 24 bits of the IP address are fixed as the network portion, and the remaining 8 bits are for hosts. So, you have 192.168.1.0 to 192.168.1.255 available. That’s 256 addresses.
Now, what if you need to create two smaller, distinct networks from this block? You could split it in half. The first network would be 192.168.1.0/25, and the second would be 192.168.1.128/25.
Here’s what happens under the hood:
-
Original
/24:- Network portion: First 24 bits.
- Host portion: Last 8 bits.
- Mask:
255.255.255.0(which is11111111.11111111.11111111.00000000in binary).
-
Splitting into two
/25networks:-
We "borrow" one bit from the host portion to use for the network.
-
The new network portion is 25 bits.
-
The new host portion is 7 bits.
-
The new mask is
255.255.255.128(which is11111111.11111111.11111111.10000000in binary). -
Network 1:
192.168.1.0/25- Addresses:
192.168.1.0to192.168.1.127(2^7 = 128 addresses). - The last bit of the third octet is
0.
- Addresses:
-
Network 2:
192.168.1.128/25- Addresses:
192.168.1.128to192.168.1.255(2^7 = 128 addresses). - The last bit of the third octet is
1.
- Addresses:
-
Notice that we’ve gone from one large block to two smaller blocks. Each smaller block has fewer usable host addresses (126, since the first and last addresses are reserved for network and broadcast), but they are now isolated. Routers can direct traffic between these two networks only if explicitly configured to do so. This is the "control" part.
The magic of CIDR is that it’s a compact way to represent this "borrowing" of bits. The number after the slash (/) directly tells you how many bits are in the network portion.
/24: 24 network bits, 8 host bits. Mask:255.255.255.0. Total addresses: 2^(32-24) = 2^8 = 256./25: 25 network bits, 7 host bits. Mask:255.255.255.128. Total addresses: 2^(32-25) = 2^7 = 128./26: 26 network bits, 6 host bits. Mask:255.255.255.192. Total addresses: 2^(32-26) = 2^6 = 64./27: 27 network bits, 5 host bits. Mask:255.255.255.224. Total addresses: 2^(32-27) = 2^5 = 32.
You can calculate the subnet mask by taking 256 - (2 raised to the power of (8 - number of network bits in the last octet)). For example, for /26, the last octet has 26 - 24 = 2 network bits. So, 256 - (2^(8-2)) = 256 - 2^6 = 256 - 64 = 192. The mask is 255.255.255.192.
The number of usable hosts in a subnet is always (2 raised to the power of the number of host bits) - 2. The -2 accounts for the network address (all host bits are 0) and the broadcast address (all host bits are 1), which cannot be assigned to individual devices.
The core idea is that you’re taking a single contiguous block of IP addresses and dividing it into smaller, independent blocks. Each of these smaller blocks is treated as its own network by routers. This allows for better organization, security, and efficient routing.
Most people think of subnetting as just creating more networks. What they often miss is that the IP address itself contains the network information. When a packet arrives, the IP address and the subnet mask on the receiving interface are used to determine if the destination is on the same local network or if it needs to be sent to a router. The router uses its own routing table, which is built from these subnet definitions, to decide where to send the packet next.
The next concept you’ll grapple with is Variable Length Subnet Masking (VLSM), where you don’t have to use the same subnet size for all divisions of a larger block.