CIDR Notation & Subnetting
CIDR (Classless Inter-Domain Routing) notation is the compact way to describe a block of IP addresses, written as an address followed by a slash and a number, such as `192.168.1.0/24`. The number after the slash says how many leading bits are fixed as the network portion, with the remaining bits free to identify individual hosts. Understanding it lets you read firewall rules, size a subnet, and reason about which addresses belong to which network — skills you need the moment you configure a cloud VPC or a router. This guide explains the prefix length, the split between network and host bits, how to calculate a range and host count, why certain sizes like `/24` are so common, and the private address ranges.
1. The /n prefix
A CIDR block is an IP address plus a prefix length, like `10.0.0.0/8`, where the `/8` means the first 8 bits are the fixed network prefix. An IPv4 address is 32 bits in total, so the prefix can range from `/0` (no fixed bits, the whole internet) to `/32` (all 32 bits fixed, a single address). The smaller the number after the slash, the larger the block, because fewer bits are pinned and more are left to vary. This replaced the old rigid Class A/B/C system with a flexible scheme where any prefix length is allowed.
2. Network bits vs host bits
The prefix length splits the 32 bits into two parts: the leading network bits, which are the same for every address in the block, and the trailing host bits, which vary to identify each host. In a `/24`, the first 24 bits are the network and the last 8 bits are for hosts. The prefix corresponds to a subnet mask — `/24` is the mask `255.255.255.0` — where the `1` bits mark the network portion and the `0` bits mark the host portion. Splitting a network into smaller blocks (subnetting) just means moving the boundary rightward, borrowing host bits to create more, smaller networks.
3. Calculating the range and host count
The number of host bits determines the size of the block: with `h` host bits there are `2^h` total addresses. A `/24` has 8 host bits, so `2^8 = 256` addresses, running from `192.168.1.0` through `192.168.1.255`. A handy shortcut is that the number of addresses equals `2^(32 - prefix)`, so a `/26` holds `2^6 = 64` addresses and a `/30` holds just 4. The block always starts on an aligned boundary, so a `/24` always begins at a `.0` and the next `/24` begins 256 addresses later.
4. Network address, broadcast, and usable hosts
Within an ordinary IPv4 subnet, two of the addresses are reserved. The first address (all host bits 0) is the network address that names the subnet itself, and the last address (all host bits 1) is the broadcast address used to reach every host at once. So in `192.168.1.0/24`, `.0` is the network and `.255` is the broadcast, leaving `.1` through `.254` — that is `256 - 2 = 254` usable host addresses. The general formula for usable hosts in a subnet is `2^(32 - prefix) - 2`, which is why a `/30` (4 addresses) yields only 2 usable hosts, just enough for a point-to-point link.
5. Why /24 and other common sizes
A `/24` is popular because it aligns neatly with the familiar dotted notation — the whole last octet is the host part, giving a tidy 254 usable addresses and an easy-to-read range. Other sizes are chosen to fit the need: a `/16` gives 65,534 hosts for a large network, a `/30` or `/31` suits a link between two routers, and a `/32` denotes one exact host, often seen in firewall rules. Cloud providers lean on these constantly — an AWS VPC might be a `/16` carved into several `/24` subnets — so reading the prefix tells you immediately how much address space a block holds.
6. Private address ranges
Certain blocks are reserved by RFC 1918 for private use and are never routed on the public internet: `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16`. These are the addresses you use inside home, office, and cloud networks, with a router performing NAT to share one public address. It helps to recognise them on sight — anything starting `10.`, `192.168.`, or `172.16`–`172.31` is private — alongside `127.0.0.0/8` for loopback (`127.0.0.1` being localhost) and `169.254.0.0/16` for link-local autoconfiguration. Knowing these ranges lets you tell internal traffic from public traffic at a glance.