"So how many addresses does a /24 actually give me?" "What is the difference between a subnet mask and CIDR?" — these are common stumbling blocks in network design. In this article we start from the 32-bit structure of an IPv4 address and build up to how the network and host portions are split, subnet masks and prefix length, the math of usable host counts, and a step-by-step example of actually splitting a subnet — all with verified, concrete examples.
1. What an IPv4 address is — 32 bits and four octets
An IPv4 address is a 32-bit number. We divide it into four groups of 8 bits, write each as a decimal number (0–255), and join them with . to get the familiar notation. Each 8-bit group is called an octet.
For example, 192.168.10.1 looks like this in binary.
| Notation | 1st octet | 2nd octet | 3rd octet | 4th octet |
|---|---|---|---|---|
| Decimal | 192 | 168 | 10 | 1 |
| Binary | 11000000 | 10101000 | 00001010 | 00000001 |
One octet is 8 bits, so it can represent 2^8 = 256 values, that is 0–255. Across all 32 bits you can express 2^32 ≈ 4.3 billion addresses.
2. The network portion and the host portion
An IP address is broadly split into two parts. The leading network portion tells you "which network (subnet) this is," and the trailing host portion tells you "which device within that network." As a postal analogy, the network portion is the "town and street," and the host portion is the "room number" within that address.
Devices that share the same network portion can communicate directly without going through a router. Conversely, to reach a host with a different network portion, traffic goes through a router. In other words, deciding "how far the network portion extends" is exactly what it means to split (subnet) a network.
3. Subnet masks and prefix length (CIDR)
What tells you "how far the network portion extends" is the subnet mask. The mask is 32 bits, and it marks the network portion with 1s and the host portion with 0s. The 1s are always packed contiguously from the left.
For instance, if the network portion is the leading 24 bits, the mask looks like this.
| Notation | Value |
|---|---|
| Binary | 11111111.11111111.11111111.00000000 |
| Decimal (dotted notation) | 255.255.255.0 |
| CIDR notation (prefix length) | /24 |
CIDR notation (Classless Inter-Domain Routing) is a shorthand that writes the number of consecutive leading 1s in the mask as a slash and a number, such as /24. 255.255.255.0 and /24 mean exactly the same thing. For example, 192.168.10.1/24 means "the address 192.168.10.1, with the leading 24 bits as the network portion."
n is simply "the number of bits in the network portion." Then 32 − n is the number of bits in the host portion. For a /24, the host portion is 32 − 24 = 8 bits.
4. Network address, broadcast address, and usable host count
Within a single subnet, two addresses carry special meaning.
- Network address: the address where the host portion is all
0s. It is the "name" of the subnet itself and is not assigned to any device. - Broadcast address: the address where the host portion is all
1s. It is used to send to every device in the subnet at once, and it too is not assigned to any device.
Therefore, in a subnet with prefix length n, the usable host count that can actually be assigned to devices is given by the following formula.
(subtract the network address and the broadcast address — 2 in total — from the total number of addresses
2^(32−n))
Take 192.168.10.0/24 as an example. The host portion is 8 bits, so the total number of addresses is 2^8 = 256, and the usable hosts number 256 − 2 = 254. Concretely, it works out as follows.
| Role | Address |
|---|---|
| Network address | 192.168.10.0 |
| First usable host | 192.168.10.1 |
| Last usable host | 192.168.10.254 |
| Broadcast address | 192.168.10.255 |
The /31 and /32 exceptions
The − 2 rule above has exceptions.
- /31: there are only 2 addresses (
2^1), so by the formula the usable host count would be 0. To handle this, RFC3021 specifies that for point-to-point links between two routers, both addresses may be used as hosts. No network or broadcast address is set aside. - /32: there is just 1 address, used to point at a specific single host. It is used for loopback addresses, or in routing and access control to specify "this one device only."
5. Private addresses (RFC1918) and IP classes
Separate from the global addresses used on the internet, private addresses are reserved for use inside an organization's network. RFC1918 defines the following three ranges. On home or office LANs, you can use these ranges freely.
| Range (CIDR) | Address range | Old class |
|---|---|---|
10.0.0.0/8 | 10.0.0.0 – 10.255.255.255 | Class A equivalent |
172.16.0.0/12 | 172.16.0.0 – 172.31.255.255 | Class B equivalent |
192.168.0.0/16 | 192.168.0.0 – 192.168.255.255 | Class C equivalent |
Because these addresses are not used on the internet, they are translated to a global address by NAT when communicating externally.
The former IP classes (A / B / C)
Before CIDR became widespread, the class was fixed by the leading bits of the address. Knowing this as historical background also makes the "old class" column in the table above easier to understand.
| Class | Leading octet range | Default network portion | Mask |
|---|---|---|---|
| Class A | 0–127 | 8 bits | /8 (255.0.0.0) |
| Class B | 128–191 | 16 bits | /16 (255.255.0.0) |
| Class C | 192–223 | 24 bits | /24 (255.255.255.0) |
6. A subnetting example — splitting a /24 into four /26 subnets
Suppose you want to split one /24 (254 hosts) into smaller pieces, one per department. By borrowing 2 bits from the host portion and giving them to the network portion, the prefix length becomes 24 + 2 = /26, and the subnet is divided into 2^2 = 4 pieces.
A /26 has a host portion of 32 − 26 = 6 bits, so the total number of addresses per subnet is 2^6 = 64, with 64 − 2 = 62 usable hosts. Splitting 192.168.10.0/24 into four yields the following.
| Subnet | Network address | Usable host range | Broadcast |
|---|---|---|---|
| 1st | 192.168.10.0/26 | .1 – .62 | 192.168.10.63 |
| 2nd | 192.168.10.64/26 | .65 – .126 | 192.168.10.127 |
| 3rd | 192.168.10.128/26 | .129 – .190 | 192.168.10.191 |
| 4th | 192.168.10.192/26 | .193 – .254 | 192.168.10.255 |
Notice that the network addresses go up by 64 each time: 0, 64, 128, 192. This matches the total number of addresses in one subnet (64). This "increment (block size)" is given by 2^(32−n) and is the single most useful landmark when doing subnet calculations.
Common prefixes and host counts
| CIDR | Subnet mask | Host bits | Total addresses | Usable hosts |
|---|---|---|---|---|
/24 | 255.255.255.0 | 8 | 256 | 254 |
/25 | 255.255.255.128 | 7 | 128 | 126 |
/26 | 255.255.255.192 | 6 | 64 | 62 |
/27 | 255.255.255.224 | 5 | 32 | 30 |
/28 | 255.255.255.240 | 4 | 16 | 14 |
/29 | 255.255.255.248 | 3 | 8 | 6 |
/30 | 255.255.255.252 | 2 | 4 | 2 |
/31 | 255.255.255.254 | 1 | 2 | 2 (RFC3021) |
/32 | 255.255.255.255 | 0 | 1 | 1 (single host) |
Frequently Asked Questions (FAQ)
How many usable hosts are there in a /24?
A /24 has an 8-bit host portion, so the total number of addresses is 2^8 = 256. Of those, the first one (the network address) and the last one (the broadcast address) cannot be assigned to devices, so the number of actually usable hosts is 256 - 2 = 254.
What is the difference between CIDR and a subnet mask?
Both express the length of the network portion and mean the same thing. A subnet mask is written as four octets such as 255.255.255.0, while CIDR notation is a shorthand that writes the number of consecutive 1s in that mask as a slash and a number, such as /24. So 255.255.255.0 and /24 are equivalent.
What is a private address?
These are addresses reserved by RFC1918 for use inside an organization's network, in three ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They are not used on the public internet and can be used freely on home or office LANs. When communicating externally, they are translated to a global address by NAT.