What is subnetting and why does it matter?

Subnetting divides a large network into smaller, isolated segments. It matters for security (limiting blast radius of network issues), performance (reducing broadcast traffic), and organization (separating web servers, databases, and management traffic into different subnets with their own access control rules).

What does CIDR notation like /24 mean?

CIDR notation like /24 indicates how many bits of the IP address identify the network portion. A /24 means the first 24 bits are the network address and the remaining 8 bits are for host addresses, giving you 254 usable hosts (2^8 minus 2 for network and broadcast addresses).

What are the private IP address ranges?

RFC 1918 defines three private IP ranges: 10.0.0.0/8 (16.7 million addresses, used for cloud VPCs and large networks), 172.16.0.0/12 (1 million addresses, Docker's default range), and 192.168.0.0/16 (65,000 addresses, common for home networks and small offices). These addresses are not routable on the public internet.

How many usable hosts does each subnet size provide?

The formula is 2^(32 - CIDR prefix) - 2 usable hosts (subtracting network and broadcast addresses). Common sizes: /24 = 254 hosts, /25 = 126 hosts, /26 = 62 hosts, /27 = 30 hosts, /28 = 14 hosts, /29 = 6 hosts, /30 = 2 hosts (point-to-point links).

Subnet Calculator

Enter an IP address and CIDR prefix or subnet mask

IP address

CIDR / Mask

Network address

Broadcast address

Host range

Usable hosts

Subnet mask

Wildcard mask

Binary representation

IP-

Mask-

Network-

Broadcast-

Subnet mask cheat sheet

CIDR	Mask	Hosts	Typical use
/32	255.255.255.255	1	Single host
/30	255.255.255.252	2	Point-to-point link
/28	255.255.255.240	14	Small office
/24	255.255.255.0	254	Standard LAN
/20	255.255.240.0	4094	Large office / cloud VPC
/16	255.255.0.0	65534	Class B network
/8	255.0.0.0	16M+	Class A network

CIDR notation

CIDR (Classless Inter-Domain Routing) replaced the old class-based system in 1993. Instead of being stuck with /8, /16, or /24 boundaries, you can allocate any prefix length from /0 to /32.

The number after the slash is how many bits are the network portion. 192.168.1.0/24 means the first 24 bits identify the network, leaving 8 bits for hosts. That gives you 2⁸ - 2 = 254 usable addresses (minus network and broadcast).

For /31 and /32, the rules are different. /31 subnets (RFC 3021) have 2 addresses with no broadcast - used for point-to-point links. /32 is a single host route.

Private IP ranges (RFC 1918)

Range	CIDR	Addresses	Common use
10.0.0.0 - 10.255.255.255	10.0.0.0/8	16.7M	Cloud VPCs, large corporate networks
172.16.0.0 - 172.31.255.255	172.16.0.0/12	1M	Docker default, medium networks
192.168.0.0 - 192.168.255.255	192.168.0.0/16	65K	Home networks, small offices

Also worth knowing: 169.254.0.0/16 is link-local (APIPA), 127.0.0.0/8 is loopback, and 100.64.0.0/10 is carrier-grade NAT (RFC 6598). These aren't routable on the public internet.

Choosing the right subnet size

Leave room to grow. If you have 20 hosts, don't use a /27 (30 usable). Use a /26 (62 usable) or /25 (126). Renumbering a network is painful.

Cloud providers reserve addresses. AWS reserves 5 IPs per subnet (network, router, DNS, future, broadcast). A /28 that should have 14 hosts only gives you 11 on AWS.

Separate concerns with subnets. Put web servers, databases, and management on different subnets. It's easier to apply security groups and ACLs at the subnet level than per host.

Document everything. IP allocation gets messy fast. Track which subnets are assigned where, or you'll end up with overlapping ranges when you peer VPCs or set up VPN tunnels.

What Is Subnetting and Why It Matters for Server Infrastructure

Subnetting splits a single network into smaller, isolated segments. Think of it like dividing a building into separate floors with locked doors between them. Each subnet gets its own address range, and traffic between subnets has to go through a router or firewall where you can apply rules.

For server infrastructure, this matters in three ways. Security: if an attacker compromises a web server on one subnet, they can't directly reach your database servers on another. Performance: broadcast traffic stays within its subnet, so a noisy service doesn't flood your entire network. Organization: it's much simpler to write firewall rules like "allow traffic from the web subnet to the database subnet on port 5432" than to manage individual IP rules.

A common pattern for a small production setup: put web servers on a /26 (62 hosts), databases on a /28 (14 hosts), and management/bastion hosts on a /29 (6 hosts). You can carve all three from a single /24 with room to spare.

How to Calculate Subnets: A Practical Example

Let's say you're assigned 10.0.1.0/24 for a project and need to split it into subnets for different roles:

Role	Subnet	Range	Hosts
Web servers	10.0.1.0/26	.1 - .62	62
App servers	10.0.1.64/26	.65 - .126	62
Databases	10.0.1.128/27	.129 - .158	30
Management	10.0.1.160/28	.161 - .174	14

This uses 168 addresses out of the 254 available in the /24, leaving 10.0.1.176/28 through 10.0.1.240/28 for future use. The key rule: each subnet's network address must be a multiple of its size. A /26 (64 addresses) starts at .0, .64, .128, or .192.

Related Resources

Server Alerting & Notifications -Monitor servers across all your subnets from a single dashboard
Load Average Interpreter -Check if your servers are under pressure
Disk Space Calculator -Plan storage requirements for your server fleet
Custom Monitoring Dashboards -Visualize metrics from servers across your network

Monitor servers across all your subnets from a single dashboard

Start monitoring with fivenines.io