Subnetting is how you carve up a large IP address range into smaller, more manageable chunks, and CIDR is the notation that tells you how big those chunks are.
Let’s see how this plays out in practice. Imagine you’ve got a company network and you need to assign IP addresses to your employees. You could just give everyone an address from your main block, but that quickly becomes a mess. Instead, you subnet.
Here’s a typical scenario: You’re assigned a public IP address block, say 203.0.113.0/24. This /24 is the CIDR notation. It means the first 24 bits of the IP address are fixed (the network portion), and the remaining 8 bits are available for assigning to individual devices (the host portion). So, you have 2^(8-2) or 254 usable IP addresses.
Now, what if you need to divide this /24 into smaller networks, perhaps for different departments? This is where subnetting comes in. You "borrow" some bits from the host portion to create new network segments.
Let’s say you want to create two subnets from your 203.0.113.0/24 block. To get two subnets, you need 1 extra bit for subnetting (since 2^1 = 2). You take this bit from the host portion, which means your new network portion will be 24 + 1 = 25 bits long.
Your new CIDR notation becomes /25.
How does this affect your subnets?
- Subnet 1: The first 25 bits are
203.0.113.0. The remaining 7 bits are for hosts, giving you2^(7-2)or 126 usable IPs. The range is203.0.113.0to203.0.113.127. - Subnet 2: The first 25 bits are
203.0.113.128. The remaining 7 bits are for hosts, giving you another 126 usable IPs. The range is203.0.113.128to203.0.113.255.
Notice how the original /24 block is now split exactly in half. The /25 notation tells us that the network address is identified by the first 25 bits.
You can go further. Let’s say you want four subnets from the original /24. You need 2 bits for subnetting (2^2 = 4). Your new network portion is 24 + 2 = 26 bits. The CIDR is now /26.
- Subnet 1:
203.0.113.0/26(Range:203.0.113.0-203.0.113.63, 62 usable IPs) - Subnet 2:
203.0.113.64/26(Range:203.0.113.64-203.0.113.127, 62 usable IPs) - Subnet 3:
203.0.113.128/26(Range:203.0.113.128-203.0.113.191, 62 usable IPs) - Subnet 4:
203.0.113.192/26(Range:203.0.113.192-203.0.113.255, 62 usable IPs)
The key is understanding that the CIDR number (/24, /25, /26) directly dictates how many bits are used for the network portion, and by extension, how many are left for hosts. More network bits mean fewer host bits, and thus smaller subnets.
A subnet mask is just the dotted-decimal representation of the CIDR notation. For /24, the mask is 255.255.255.0. For /25, it’s 255.255.255.128. For /26, it’s 255.255.255.192. The mask is used by devices to determine if an IP address is on the same local network or a remote one.
Why do this? Security, performance, and organization. By segmenting your network, you can apply different security policies to different subnets, isolate traffic to reduce broadcast domain size (improving performance), and logically group devices that communicate frequently.
The number of host bits remaining determines the size of the subnet. If you have H host bits, you have 2^H total addresses, but the first address is the network address and the last is the broadcast address, leaving 2^H - 2 usable IP addresses for devices.
The most counterintuitive part of subnetting is realizing that increasing the number of network bits (making the CIDR number larger, e.g., from /24 to /25) actually reduces the number of available IP addresses per subnet. It feels like you’re getting "more" network, but you’re really getting "smaller" networks.
This concept is fundamental to network design and is the basis for how the internet routes traffic efficiently.
The next logical step is understanding how these subnets communicate with each other, which involves routing and gateway configurations.