Subnetting Explained: Masks, Ranges, and Everything In Between
If you’ve ever configured a network, set up a firewall rule, or stared at a cloud VPC wizard wondering what 192.168.1.0/24 actually means — this post is for you. We’ll walk through every key concept: subnet masks, network and host portions, address ranges, broadcast addresses, and the terms that tie them all together.
A Quick Refresher: What Is an IP Address?
An IPv4 address is a 32-bit number, written as four decimal octets separated by dots — for example, 192.168.1.45. Each octet represents 8 bits, so the full address looks like this in binary:
11000000.10101000.00000001.00101101
192 . 168 . 1 . 45That 32-bit number is split into two parts: a network portion and a host portion. The subnet mask is what tells you where one ends and the other begins.
The Subnet Mask
A subnet mask is also a 32-bit number. It works like a stencil laid over an IP address. Its job is simple: mark which bits identify the network, and which bits identify the host.
It always looks like a run of 1s followed by a run of 0s — never mixed:
11111111.11111111.11111111.00000000
255 . 255 . 255 . 0In CIDR notation, this is written as /24 — meaning the first 24 bits are 1s (the network portion), and the remaining 8 bits are 0s (the host portion).
How it’s used
To find the network address of any IP, you perform a bitwise AND between the IP address and the subnet mask:
IP: 192.168.1.45 → 11000000.10101000.00000001.00101101
Mask: 255.255.255.0 → 11111111.11111111.11111111.00000000
AND: 192.168.1.0 → 11000000.10101000.00000001.00000000The result, 192.168.1.0, is the network address — the identifier for the entire subnet.
Network Portion vs. Host Portion
Every IP address on a subnet shares the same network portion. The host portion is what distinguishes individual devices from one another.
Take 192.168.1.0/24 as an example:
| Portion | Bits | Value |
|---|---|---|
| Network | First 24 bits | 192.168.1 |
| Host | Last 8 bits | .0 through .255 |
All devices on this subnet — your laptop, phone, printer, router — share 192.168.1 as their network portion. What changes is the last octet.
Prefix length controls the split
The slash number (called the prefix length) determines exactly how many bits belong to the network. Shift it right and you get larger subnets with more host addresses; shift it left and you get smaller, more tightly defined ones.
| CIDR | Network bits | Host bits | Total addresses | Usable hosts |
|---|---|---|---|---|
| /16 | 16 | 16 | 65,536 | 65,534 |
| /24 | 24 | 8 | 256 | 254 |
| /28 | 28 | 4 | 16 | 14 |
| /30 | 30 | 2 | 4 | 2 |
The rule for usable hosts is always: total addresses − 2 (one for the network address, one for the broadcast address).
The Network Address
The network address is the first address in a subnet — the one where all host bits are set to 0.
For 192.168.1.0/24, the network address is 192.168.1.0.
This address is reserved. You cannot assign it to a device. It identifies the subnet itself and is used in routing tables to refer to the entire block.
The Broadcast Address
The broadcast address is the last address in a subnet — where all host bits are set to 1.
For 192.168.1.0/24, the broadcast address is 192.168.1.255.
Any packet sent to this address is delivered to every device on the subnet simultaneously. Like the network address, it cannot be assigned to an individual host.
The Usable Host Range
Everything between the network address and the broadcast address is fair game for devices.
For 192.168.1.0/24:
Network address: 192.168.1.0 ← reserved
First usable host: 192.168.1.1 ← often the gateway
...
Last usable host: 192.168.1.254
Broadcast address: 192.168.1.255 ← reservedThat gives you 254 usable addresses out of 256 total.
The Default Gateway
The default gateway is the router’s IP address on a subnet. When a device wants to communicate with something outside its own subnet, it forwards the packet to the gateway, which handles routing it onward.
By convention, the first usable address (.1) is commonly assigned to the gateway, though this is just a convention — any usable address works. You’ll often see:
192.168.1.1— home router10.0.0.1— cloud VPC gateway172.16.0.1— corporate network edge
Putting It All Together: A Worked Example
Let’s say you’re given the address 10.0.4.87/22. Here’s how to derive everything from that:
Step 1 — Find the subnet mask:
/22 means 22 bits of 1s → 255.255.252.0
Step 2 — Find the network address:
AND 10.0.4.87 with 255.255.252.0:
10.0.4.87 → 00001010.00000000.00000100.01010111
255.255.252.0→ 11111111.11111111.11111100.00000000
Result: 00001010.00000000.00000100.00000000 → 10.0.4.0Step 3 — Calculate total addresses:
32 − 22 = 10 host bits → 2¹⁰ = 1,024 total addresses
Step 4 — Find the broadcast address:
Set all host bits to 1: 10.0.7.255
Step 5 — Derive the usable range:
10.0.4.1 through 10.0.7.254 — 1,022 usable hosts
Quick-Reference Glossary
IP address — a 32-bit identifier for a device on a network, written as four octets (e.g. 192.168.1.1).
Subnet — a logical subdivision of a larger network, defined by a common network portion.
Subnet mask — a 32-bit number that separates the network portion from the host portion. Written as dotted-decimal (e.g. 255.255.255.0) or implied by CIDR prefix length.
CIDR notation — the /n suffix that specifies how many bits form the network portion (e.g. /24).
Prefix length — the number after the slash in CIDR notation; synonymous with the count of 1 bits in the subnet mask.
Network portion — the leading bits of an IP address shared by all hosts on the same subnet.
Host portion — the trailing bits of an IP address that uniquely identify a device within a subnet.
Network address — the first address in a subnet (all host bits = 0). Identifies the subnet; not assignable to a host.
Broadcast address — the last address in a subnet (all host bits = 1). Delivers packets to all hosts on the subnet; not assignable to a device.
Usable host range — all addresses between the network address and the broadcast address.
Default gateway — the router’s IP on a subnet, used to forward traffic destined for other networks.
Bitwise AND — the operation that extracts the network address from an IP by masking out the host bits.
Final Thoughts
Subnetting is one of those foundational topics that pays dividends the more you internalize it. Once you stop thinking in terms of “what formula do I use” and start thinking in terms of the bit boundary sliding left and right, it all snaps into place. A /24 isn’t a magic number — it’s just a line drawn after the 24th bit, leaving 8 bits for hosts, giving you 256 addresses, 254 usable.
Everything else follows from that one idea.