Networking
IP Addressing and Subnetting¶
Every device that speaks TCP/IP needs an IP address — a numeric label that identifies it on a network and lets routers deliver packets to it. This page explains how IPv4 addresses are structured, how subnet masks and CIDR divide an address into network and host parts, and walks through the binary math so the results are verifiable rather than memorized.
Applies to
OS-agnostic networking fundamentals. The addressing concepts apply to every operating system. Linux and Windows command examples are shown where they help; see Networking Basics for the Linux tooling.
What an IP address is¶
An IP address serves two jobs at once: it says which network a host belongs to, and which host it is within that network. The split between those two parts is not fixed — it is defined by the subnet mask. Understanding where that split falls is the whole game of subnetting.
Two address families are in use today:
| Family | Size | Notation | Example |
|---|---|---|---|
| IPv4 | 32-bit | Dotted decimal | 192.168.1.25 |
| IPv6 | 128-bit | Colon-separated hex | 2001:db8::1 |
IPv4 is still dominant on local networks; IPv6 is widely deployed on the public internet and is mandatory for new large-scale networks because IPv4 addresses have run out.
IPv4 structure¶
An IPv4 address is 32 bits, written as four 8-bit numbers called octets, separated by dots. Each octet ranges from 0 to 255 (that is 2^8 = 256 values).
The dotted-decimal form is just a human-friendly way to read the underlying binary. To convert one octet, add the place values where a bit is 1:
| Bit position | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
|---|---|---|---|---|---|---|---|---|
192 |
1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
168 |
1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 |
128 + 64 = 192, and 128 + 32 + 8 = 168. Every subnetting result below can be checked the same way.
Network portion vs host portion¶
The 32 bits are divided into a network portion (the leftmost bits, shared by every host on the same subnet) and a host portion (the rightmost bits, unique to each host). Hosts with the same network portion can talk directly; traffic to any other network is sent to the gateway (router).
Subnet mask and CIDR¶
The subnet mask marks which bits are network bits. It is 32 bits where every network bit is 1 and every host bit is 0. Because the 1s are always contiguous and on the left, the mask can be summarized by a single number: the prefix length.
CIDR (Classless Inter-Domain Routing) notation writes that prefix as /n, where n is the count of network bits. 192.168.1.0/24 means the first 24 bits are network.
So /24 and 255.255.255.0 are two ways of saying the same thing.
Counting hosts¶
The number of host bits is 32 - prefix. The total addresses in a subnet is 2^(32 - prefix). Two of those are reserved and cannot be assigned to hosts:
- the network address (all host bits
0) - the broadcast address (all host bits
1)
So the usable host formula is:
For a /24: 2^8 - 2 = 254 usable hosts. (The -2 does not apply to /31 point-to-point links per RFC 3021, and /32 is a single host route — useful edge cases to know.)
Private address ranges (RFC 1918)¶
Some IPv4 ranges are reserved for private use. They are not routed on the public internet, so anyone can reuse them inside their own network; a router performs NAT to share one public address (see Routing and NAT).
| Range | CIDR | Mask | Addresses | Typical use |
|---|---|---|---|---|
10.0.0.0 – 10.255.255.255 |
10.0.0.0/8 |
255.0.0.0 | ~16.7 million | Large enterprise / cloud VPCs |
172.16.0.0 – 172.31.255.255 |
172.16.0.0/12 |
255.240.0.0 | ~1 million | Mid-size networks, Docker defaults |
192.168.0.0 – 192.168.255.255 |
192.168.0.0/16 |
255.255.0.0 | ~65 thousand | Home / small office LANs |
Why private ranges exist
The public IPv4 space (about 4.3 billion addresses) is too small for every device to have a unique public address. Private ranges let organizations build internal networks freely while NAT shares scarce public addresses outward.
Special addresses¶
| Address / range | Name | Meaning |
|---|---|---|
| First address in a subnet | Network address | Identifies the subnet itself; not assignable |
| Last address in a subnet | Broadcast address | Reaches all hosts on the subnet at once |
127.0.0.0/8 (127.0.0.1) |
Loopback | The host talking to itself; never leaves the machine |
169.254.0.0/16 |
APIPA / link-local | Auto-assigned when no DHCP server answers (see DNS and DHCP) |
0.0.0.0 |
Default route / unspecified | "Any address"; as a route it means "everything else", sent to the gateway |
255.255.255.255 |
Limited broadcast | Broadcast to the local segment only |
Worked subnetting example¶
Goal: split 192.168.1.0/24 into four equal /26 subnets.
Going from /24 to /26 borrows 2 host bits for the network portion (26 - 24 = 2). Borrowing 2 bits creates 2^2 = 4 subnets. Each subnet has 32 - 26 = 6 host bits, giving 2^6 = 64 addresses, of which 2^6 - 2 = 62 are usable.
The /26 mask is 255.255.255.192:
The block size in the last octet is 256 - 192 = 64, so subnets start at multiples of 64:
| Subnet | Network address | First usable | Last usable | Broadcast |
|---|---|---|---|---|
| 1 | 192.168.1.0 |
192.168.1.1 |
192.168.1.62 |
192.168.1.63 |
| 2 | 192.168.1.64 |
192.168.1.65 |
192.168.1.126 |
192.168.1.127 |
| 3 | 192.168.1.128 |
192.168.1.129 |
192.168.1.190 |
192.168.1.191 |
| 4 | 192.168.1.192 |
192.168.1.193 |
192.168.1.254 |
192.168.1.255 |
Check the math: 4 subnets × 64 addresses = 256, which exactly fills the original /24. Each subnet's broadcast is one below the next subnet's network address (63 → 64, 127 → 128, and so on).
Reading a host's subnet
Where does 192.168.1.100/26 live? 100 falls in the 64–127 block, so its network is 192.168.1.64, broadcast 192.168.1.127, and it shares the subnet with hosts .65–.126. The host 192.168.1.130 is in a different subnet (.128 block), so the two cannot talk without a router.
CIDR → mask → hosts reference¶
| CIDR | Subnet mask | Total addresses | Usable hosts | Common use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16 777 216 | 16 777 214 | Very large block (e.g. 10.0.0.0/8) |
| /16 | 255.255.0.0 | 65 536 | 65 534 | Large internal network |
| /23 | 255.255.254.0 | 512 | 510 | Two combined LANs |
| /24 | 255.255.255.0 | 256 | 254 | Typical office / home LAN |
| /25 | 255.255.255.128 | 128 | 126 | Half a /24 |
| /26 | 255.255.255.192 | 64 | 62 | Quarter of a /24 |
| /27 | 255.255.255.224 | 32 | 30 | Small subnet |
| /28 | 255.255.255.240 | 16 | 14 | Tiny segment / appliance group |
| /29 | 255.255.255.248 | 8 | 6 | Small server group |
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point link |
| /31 | 255.255.255.254 | 2 | 2 | Point-to-point (RFC 3021, no broadcast) |
| /32 | 255.255.255.255 | 1 | 1 | Single host route |
Remember the mask octet values
A subnet boundary inside one octet is always one of: 128, 192, 224, 240, 248, 252, 254, 255. The block size is 256 minus that value (256 - 224 = 32, etc.), and subnets begin at multiples of the block size.
IPv6 in brief¶
IPv6 addresses are 128 bits, written as eight groups of four hexadecimal digits separated by colons:
Two shortening rules make this readable:
- Drop leading zeros in each group:
2001:db8:0:0:0:0:0:1 - Replace one run of all-zero groups with
::(once per address):2001:db8::1
Key differences from IPv4:
| Aspect | IPv4 | IPv6 |
|---|---|---|
| Address size | 32-bit | 128-bit |
| Notation | Dotted decimal | Colon hex |
| Address count | ~4.3 billion | ~340 undecillion |
| Standard subnet | varies | almost always /64 |
| NAT | common (scarcity) | not needed — every host can have a global address |
| Loopback | 127.0.0.1 |
::1 |
| Link-local | 169.254.0.0/16 |
fe80::/10 |
The huge address space means IPv6 does not rely on NAT to conserve addresses, and the conventional /64 subnet leaves 64 bits for hosts — far more than any single network needs, which simplifies auto-configuration.
Verify your work¶
Use these commands to inspect addressing and confirm the concepts above.
# Linux: show interfaces, addresses, and CIDR prefixes
ip -br address
# Linux: show the routing table (note the 0.0.0.0/0 default route)
ip route
:: Windows (PowerShell / cmd) ::
ipconfig /all # addresses, masks, gateway
route print # routing table, including the 0.0.0.0 default route
Sanity checks for the worked example:
192.168.1.62/26should be a usable host (last usable in subnet 1).192.168.1.63/26should be the broadcast of subnet 1 — not assignable.192.168.1.64/26should be the network address of subnet 2 — not assignable.
Summary¶
- An IPv4 address is 32 bits (four octets); the subnet mask / CIDR prefix splits it into a network part and a host part.
/ncounts network bits; usable hosts =2^(32 - n) - 2, subtracting the network and broadcast addresses.- RFC 1918 private ranges (
10/8,172.16/12,192.168/16) are reusable internally and reach the internet via NAT. - Know the special addresses: network, broadcast, loopback (
127.0.0.1), APIPA/link-local (169.254/16), and the default route (0.0.0.0/0). - Subnet boundaries fall on mask values
128/192/224/240/248/252/254/255; the block size is256minus that value. - IPv6 is 128-bit hex, uses
/64subnets, and needs no NAT.
Related reading: What Is a Network · OSI and TCP/IP · DNS and DHCP · Routing and NAT · TCP, UDP, and Ports · Linux Networking Basics · Linux Firewalls