Topics Glossary About Privacy Terms Free IP Tools →
Intermediate Apr 5, 2026 7 min read Updated Apr 5, 2026

What Is a Subnet? Network Segmentation Made Simple

subnet subnetting networking ip address CIDR

A subnet (short for subnetwork) is a logical division of an IP network into smaller, more manageable segments. Subnetting takes a large network and breaks it into smaller pieces, each functioning as its own network with its own address range. Every device on the same subnet can communicate directly. Devices on different subnets need a router to talk to each other. This segmentation improves security, reduces unnecessary traffic, and makes network administration significantly more organized.

Why Subnetting Matters

Imagine a company with 1,000 employees all on one flat network: 10.0.0.0/22 (1,024 addresses). Every broadcast packet (ARP requests, DHCP, mDNS) hits every device. A malware infection on one computer can directly scan all 999 others. The network admin has no way to apply different policies to different departments.

Now subnet it:

  • Engineering: 10.0.0.0/24 (254 hosts)
  • Sales: 10.0.1.0/24 (254 hosts)
  • HR: 10.0.2.0/24 (254 hosts)
  • Guest Wi-Fi: 10.0.3.0/24 (254 hosts)

Broadcasts stay within their subnet. Engineering can be isolated from Guest Wi-Fi at the firewall level. HR’s sensitive employee data lives on a segment that Sales can’t even see. Each subnet can have its own DHCP scope, VLAN assignment, and security policy.

This is not theoretical. Every organization with more than a couple dozen devices subnets their network. It’s one of the most fundamental networking practices.

How Subnetting Works (The Binary Reality)

An IP address is a 32-bit number. A subnet mask is also a 32-bit number that tells you which part is the network and which part is the host.

Take 192.168.1.100 with mask 255.255.255.0:

IP Address:    11000000.10101000.00000001.01100100
Subnet Mask:   11111111.11111111.11111111.00000000
Network:       11000000.10101000.00000001.--------  (192.168.1.x)
Host:          -------------------------.01100100   (.100)

The mask’s 1-bits mark the network portion. The 0-bits mark the host portion. To find the network address, you AND the IP with the mask. The remaining bits identify the specific host within that network.

Calculating Subnets

For any subnet, you need to determine:

  1. Network address: The first address in the range (all host bits = 0)
  2. Broadcast address: The last address in the range (all host bits = 1)
  3. First usable host: Network address + 1
  4. Last usable host: Broadcast address - 1
  5. Number of hosts: 2^(host bits) - 2

Example for 172.16.50.0/26:

  • Prefix length: /26 means 26 network bits, 6 host bits
  • Number of addresses: 2^6 = 64
  • Network address: 172.16.50.0
  • Broadcast address: 172.16.50.63
  • First usable: 172.16.50.1
  • Last usable: 172.16.50.62
  • Usable hosts: 62

The next subnet starts at 172.16.50.64, then 172.16.50.128, then 172.16.50.192. Each /26 gives you a 64-address block within the larger /24.

VLSM: Variable Length Subnet Masking

Traditional subnetting divides a network into equal-sized pieces. But real networks rarely have departments of equal size. VLSM (Variable Length Subnet Masking) allows each subnet to be a different size.

Example: You have 10.0.0.0/24 (256 addresses) and need:

  • Server farm: 30 hosts → /27 (32 addresses)
  • Engineering: 60 hosts → /26 (64 addresses)
  • Management: 14 hosts → /28 (16 addresses)
  • Point-to-point links: 2 hosts each → /30 (4 addresses each)

You allocate the largest subnets first and work down:

  • 10.0.0.0/26 → Engineering (64 addresses)
  • 10.0.0.64/27 → Server farm (32 addresses)
  • 10.0.0.96/28 → Management (16 addresses)
  • 10.0.0.112/30 → Link 1 (4 addresses)
  • 10.0.0.116/30 → Link 2 (4 addresses)

This uses 120 addresses efficiently instead of wasting space on equally-sized subnets where half the addresses go unused.

Private Subnets in Practice

Most organizations start with one of the RFC 1918 private ranges and subnet from there:

10.0.0.0/8: The most flexible. 16 million addresses. Large organizations use this and subnet extensively. Common scheme: 10.{site}.{department}.{host}.

172.16.0.0/12: 1 million addresses. Good for medium organizations. Often used in cloud provider default VPC configurations.

192.168.0.0/16: 65,536 addresses. Home networks and small businesses. Your home router probably uses 192.168.0.0/24 or 192.168.1.0/24.

Subnetting in the Cloud

Cloud platforms use subnetting differently but the concepts are identical:

AWS VPC: You create a VPC with a CIDR block (e.g., 10.0.0.0/16), then create subnets within it. Public subnets get internet access through an Internet Gateway. Private subnets use NAT Gateways for outbound-only access.

Azure VNet: Similar structure. Virtual Networks contain subnets with Network Security Groups controlling traffic between them.

GCP VPC: Uses subnets at the regional level. Each subnet is associated with a specific region and can span multiple availability zones within that region.

In all three clouds, proper subnetting is critical for security (network segmentation), availability (multi-AZ design), and compliance (data residency requirements).

Quick Reference

See our complete Subnet Cheat Sheet for a full table of all CIDR prefix lengths, subnet masks, addresses, and usable hosts.

Test It Yourself

Check Your Subnet

Look up any IP address and see which network block it belongs to.

Open Tool →

Frequently Asked Questions

A subnet mask is a 32-bit number that separates an IP address into network and host portions. A mask of 255.255.255.0 means the first three octets identify the network and the last octet identifies the host. This is equivalent to a /24 prefix in CIDR notation.
Subnetting improves security by isolating network segments, reduces broadcast traffic, makes network management easier, and allows more efficient use of IP address space. It's standard practice for any network larger than a home network.
254. A /24 has 256 total addresses. The first address is the network address (e.g., 192.168.1.0) and the last is the broadcast address (e.g., 192.168.1.255). The remaining 254 addresses can be assigned to devices.
Related Articles

Keep Reading

ip-fundamentals

What Is CIDR? Classless Inter-Domain Routing Explained

CIDR (Classless Inter-Domain Routing) replaces the old class-based IP system with flexible address …

Intermediate 7 min read
ip-fundamentals

What Is an IP Address? Your Complete, No-BS Guide

An IP address is a unique number assigned to every device on the internet. Learn how IP addresses …

Beginner 9 min read
ip-fundamentals

Public vs Private IP Addresses: What's the Difference?

Public IP addresses are visible on the internet while private IPs only work within your local …

Beginner 7 min read
tools-concepts

Subnet Cheat Sheet: CIDR, Mask, Hosts at a Glance

The complete subnet reference table. Every CIDR prefix from /0 to /32 with subnet masks, total …

Intermediate 4 min read