Subnet Explained: IP Routing, CIDR & Network Masks

A subnet (or subnetwork) is a logical subdivision of an IP network. The practice of dividing a network into smaller networks is called subnetting. Computers in the same subnet share an identical group of most-significant bits in their IP addresses, creating a logical boundary managed by routers. This matters for marketers managing large-scale web infrastructure because it determines how IP addresses are allocated to servers, affects routing efficiency for global content delivery, and enables network segmentation for security and compliance. (Note: This article covers the IP networking concept, distinct from SUBNET, an operational technology company.)

What is a Subnet?

A subnet splits an IP network into segments. Each subnet is identified by a routing prefix (network number) and contains a rest field (host identifier) for individual devices.

In IPv4, addresses consist of 32 bits; IPv6 uses 128 bits. In both protocols, the division creates a logical boundary. Traffic moves between subnets only when source and destination addresses have different routing prefixes.

Classless Inter-Domain Routing (CIDR) notation expresses the prefix length after a slash (e.g., 198.51.100.0/24). For IPv4, subnet masks (e.g., 255.255.255.0) perform the same function through a bitwise AND operation with the IP address to reveal the network prefix.

Why Subnet matters

• Efficient address allocation: Subnetting prevents wasting IP addresses by allocating only needed address space to specific segments. This is critical for managing finite IPv4 resources.
• Enhanced routing efficiency: Hierarchical subnet design allows routers to aggregate routes to distant subnets into supernetworks, reducing routing table complexity.
• Administrative control: Different teams can manage separate subnets within a larger organization, simplifying network management.
• Boundary security: Routers serve as logical and physical boundaries between subnets, controlling traffic flow and enabling segmentation.
• IPv6 scalability: [IPv6 has been increasingly deployed since approximately 2006] (Wikipedia). While IPv6 eliminates address scarcity, subnetting remains essential for routing traffic between global allocations and customer networks.

How Subnet works

Subnetting divides the host portion of an IP address to create multiple smaller networks.

1. Define the network prefix: Determine how many bits to allocate to the network portion versus the host portion. For example, changing from a /24 to a /26 network borrows 2 bits from the host field.
2. Apply the subnet mask: Use a bitmask (e.g., 255.255.255.192 for /26) to identify the network prefix via a bitwise AND operation with the IP address.
3. Calculate available hosts: The remaining bits determine host capacity. For IPv4, usable hosts equal 2^h−2 (subtracting 2 for network and broadcast addresses), where h is the number of host bits.
4. Route between subnets: Routers manage traffic exchange. When prefixes differ, traffic routes through the default gateway; matching prefixes allow direct local communication.

Example: The network 192.168.5.0/24 can subdivide into four /26 subnets: - 192.168.5.0/26 (hosts .1 to .62, broadcast .63) - 192.168.5.64/26 (hosts .65 to .126, broadcast .127) - 192.168.5.128/26 (hosts .129 to .190, broadcast .191) - 192.168.5.192/26 (hosts .193 to .254, broadcast .255)

Special subnet considerations

IPv4 traditionally reserved the first (subnet zero) and last (all-ones subnet) subnets to avoid confusion with the network address and broadcast address. [This reservation practice was declared obsolete in 1995] (RFC 1878), though legacy equipment may still enforce it.

The broadcast address (last address in a subnet, e.g., 198.51.100.255 in a /24 network) sends traffic to all hosts on the subnet. IPv6 does not use broadcast addresses, replacing this function with multicast.

Best practices

• Use CIDR notation consistently: Express all subnets in CIDR format (e.g., /24 rather than 255.255.255.0) to eliminate ambiguity between classful and classless networking.
• Design hierarchically: Arrange subnets in a tree-like structure to enable route aggregation, reducing the number of routes in global routing tables.
• Plan for growth: Allocate address space that accommodates future host expansion without requiring re-subnetting, which disrupts network operations.
• Document prefix lengths: Always record both the IP address and subnet mask (or prefix length) when assigning addresses to interfaces. Since the introduction of CIDR, both parameters are required for proper routing.

Common mistakes

Mistake: Applying classful networking rules (Class A, B, C) in CIDR environments.
Fix: Rely on explicit prefix lengths rather than address class assumptions. The classful system predates CIDR and can cause misconfiguration in modern networks.

Mistake: Forgetting to subtract 2 from the total host count in IPv4 subnets.
Fix: Remember that the first address (network) and last address (broadcast) are reserved. Usable hosts equal 2^h−2, except in /31 networks designed for point-to-point links.

Mistake: Using /31 subnets for general LANs.
Fix: Reserve /31 masks exclusively for point-to-point links between two routers. Standard LANs require larger subnets for multiple hosts.

Mistake: Assuming subnet zero and all-ones subnet are unavailable.
Fix: Modern equipment supports these subnets, but verify legacy systems before implementation, as older devices may reject them.

Examples

Example scenario: Subdividing 192.0.2.0/24 for department segmentation
An organization divides this standard Class C network into two /25 subnets: - 192.0.2.0/25 for the marketing department (126 usable hosts) - 192.0.2.128/25 for the operations department (126 usable hosts)

Routers between these subnets apply security policies restricting cross-department traffic while allowing shared access to the company database subnet.

Example scenario: IPv6 prefix allocation
An organization receives the block 2001:db8::/32. This provides a 32-bit routing prefix. The organization can subnet this into /48 or /56 allocations for different sites, then further into /64 subnets for individual LANs. [IPv6 standards require a 64-bit host identifier for stateless address autoconfiguration] (RFC 4291), making /64 the standard for local area networks.

FAQ

What is the difference between a subnet mask and CIDR notation?
A subnet mask (e.g., 255.255.255.0) is a 32-bit bitmask used in IPv4 to separate the network prefix from the host identifier through a bitwise AND operation. CIDR notation (e.g., /24) expresses the same information by indicating the number of bits in the prefix. CIDR works for both IPv4 and IPv6 and is the modern standard.

How do I calculate how many hosts fit in a subnet?
Count the number of bits remaining for the host identifier after the network prefix. For IPv4, calculate 2^h−2 (subtract 2 for network and broadcast addresses). For example, a /26 network leaves 6 host bits, supporting 62 usable addresses.

What is a /31 subnet used for?
A /31 subnet provides exactly two IP addresses with no network or broadcast address reserved. [RFC 3021 specifies this for point-to-point links] (RFC 3021) between routers, conserving IPv4 addresses on inter-router connections where only two endpoints exist.

Can I use the first and last subnet created through subnetting?
Yes. While the IETF originally discouraged using subnet zero (all zeros) and the all-ones subnet (all ones) to avoid confusion, [modern standards declared this practice obsolete in 1995] (RFC 1878). All subnets are now usable with CIDR-compliant equipment.

Why does IPv6 use /64 for LANs?
IPv6 address architecture uses 64 bits for the interface identifier to support stateless address autoconfiguration. This allows devices to generate their own addresses based on their MAC address without requiring a DHCP server, while the remaining 64 bits identify the subnet.

What is subnet zero?
Subnet zero is the first subnet obtained from subnetting a larger network, with all bits in the subnet bit group set to zero. It was historically avoided because it matched the network address of the parent network, causing confusion in classful networking systems.

Related terms

• CIDR
• IP address
• IPv4
• IPv6
• Subnet mask
• Routing prefix
• Network segment
• Broadcast address
• Router
• Supernetwork