Introduction
If you’ve already learned about IPv4 addresses and their classes, the next big step is to understand subnetting, CIDR, and VLSM. These concepts are the backbone of efficient IP address management in modern networks. Without them, organizations would quickly run out of IP addresses or waste huge chunks of address space.
In this article, we’ll break down these concepts in a simple way, walk through real-world scenarios, and explain why subnetting, CIDR, and VLSM are still highly relevant for IT professionals, sysadmins, and network security engineers today.
If you’re completely new to IP addresses, you may first want to understand the basics. We have a detailed guide on IPv4 Addressing Explained that covers what an IP address is, its structure, and why it’s important in networking.
What Is Subnetting?
Subnetting is the process of splitting a large network into smaller, manageable networks called subnets. Each subnet works like its own mini-network, with its own range of IP addresses.
Why do this? Imagine you have a company with 1,000 employees. If you put everyone in the same network, the broadcast traffic would slow everything down. Subnetting allows you to divide the company into departments—like HR, Finance, IT, and Sales—each with its own subnet.
Example:
- Company has Class C network:
192.168.1.0/24(254 usable IPs). - IT needs 100 hosts, HR needs 50, Finance needs 30, Sales needs 20.
- By subnetting, you can assign each department exactly what they need without wasting addresses.
To understand subnetting better, it’s important to know about IPv4 address classes. You can read our detailed article on IPv4 Address Classes (A, B, C, D, E) where we explain each class with examples and use cases.
Subnetting Examples: How It Works in Real Life
To truly understand subnetting, let’s walk through a simple example and calculate the Network IP, Broadcast IP, and usable Host IPs step by step.
Example 1: Class B Subnetting
Suppose you are given the IP address 192.168.1.0/26.
Step 1: Identify the subnet mask
The /26 prefix means the subnet mask is 255.255.255.192. In binary, the last octet looks like: 11000000.
Step 2: Find the block size
The block size is calculated by subtracting the subnet mask value in the last octet from 256. Here, 256 – 192 = 64. So each subnet has 64 IP addresses.
Step 3: Determine the network ranges
Starting from 192.168.1.0, the ranges will be:
192.168.1.0 – 192.168.1.63
192.168.1.64 – 192.168.1.127
192.168.1.128 – 192.168.1.191
192.168.1.192 – 192.168.1.255
Step 4: Pick the subnet
Since the example is 192.168.1.0/26, our subnet range is 192.168.1.0 – 192.168.1.63.
Step 5: Calculate the Network IP, Broadcast IP, and usable hosts
– Network IP: 192.168.1.0
– Broadcast IP: 192.168.1.63
– Usable Host IPs: 192.168.1.1 – 192.168.1.62
– Total usable hosts: 62
This shows how subnetting allows us to break down a larger network into smaller, more manageable pieces while clearly defining network, broadcast, and host IPs.
Example 2: Class B Subnetting
Given: IP address 172.16.0.0/20
Step 1: Subnet Mask
/20 → 255.255.240.0
Step 2: Block Size
Look at the 3rd octet: 256 – 240 = 16 → Block size = 16
Step 3: Subnet Ranges
172.16.0.0 – 172.16.15.255
172.16.16.0 – 172.16.31.255
172.16.32.0 – 172.16.47.255 … and so on
Step 4: Pick Subnet
172.16.0.0/20 → Range: 172.16.0.0 – 172.16.15.255
Step 5: Results
– Network IP: 172.16.0.0
– Broadcast IP: 172.16.15.255
– Usable Hosts: 172.16.0.1 – 172.16.15.254
– Total Usable: 4094
Example 3: Class A Subnetting
Given: IP address 10.0.0.0/12
Step 1: Subnet Mask
/12 → 255.240.0.0
Step 2: Block Size
Look at the 2nd octet: 256 – 240 = 16 → Block size = 16
Step 3: Subnet Ranges
10.0.0.0 – 10.15.255.255
10.16.0.0 – 10.31.255.255
10.32.0.0 – 10.47.255.255 … and so on
Step 4: Pick Subnet
10.0.0.0/12 → Range: 10.0.0.0 – 10.15.255.255
Step 5: Results
– Network IP: 10.0.0.0
– Broadcast IP: 10.15.255.255
– Usable Hosts: 10.0.0.1 – 10.15.255.254
– Total Usable: 1,048,574
These examples (Class C, Class B, and Class A) illustrate how subnetting works across different IP address classes and how we can calculate network, broadcast, and usable host IP addresses.
🔎 Try Our Free IP Subnet Calculator
Want to practice subnetting, CIDR, and VLSM calculations in real-time? Use our IP Subnet Calculator tool . It quickly gives you the Network ID, Broadcast Address, and usable host range without doing manual math!
CIDR: Classless Inter-Domain Routing
Back in the early days of networking, IP addresses were assigned based only on fixed classes (A, B, C). But this led to massive waste of IP addresses. For example, a company needing just 300 addresses would have to take a whole Class B block (65,000+ addresses).
This is where CIDR (Classless Inter-Domain Routing) came in. CIDR allows addresses to be represented in a more flexible way using prefix lengths (like /27, /30), instead of being stuck with rigid class boundaries.
CIDR Example
CIDR allows us to represent subnets more flexibly compared to traditional class-based addressing. Instead of being stuck with Classes A, B, or C, CIDR uses prefixes (like /24, /20, /16) to define how many bits are used for the network portion.
Let’s go through a detailed example to understand this better.
Example: 192.168.10.0/26
- CIDR Prefix (/26)
The “/26” means 26 bits are reserved for the network.
Subnet mask: 255.255.255.192 (since the last octet has 192 = 11000000 in binary). - Number of Host Bits
IPv4 has 32 bits in total.
32 – 26 = 6 bits for hosts.
Total hosts per subnet = 26 = 64.
Usable hosts = 64 – 2 = 62. - Subnet Increments
The increment is determined by the block size in the last octet.
256 – 192 = 64 → so subnets jump in blocks of 64. - First Subnet Breakdown (192.168.10.0/26)
- Network ID: 192.168.10.0
- Broadcast Address: 192.168.10.63
- Usable Hosts: 192.168.10.1 → 192.168.10.62 (62 usable hosts)
👉 This example shows how CIDR gives you more efficient use of IPs. Instead of wasting a whole Class C network (/24) with 254 hosts when you only need ~60, you can use /26 to fit exactly what you need.
VLSM: Variable Length Subnet Mask
Now, subnetting and CIDR are great, but what if you need different subnet sizes within the same network? This is where VLSM (Variable Length Subnet Masking) shines.
With VLSM, you can assign different subnet masks based on actual needs. Instead of carving your network into equal pieces, you create subnets of varying sizes.
VLSM Example: Step-by-Step Explanation
Let’s take a practical example to understand how Variable Length Subnet Masking (VLSM) works in real networking. Imagine an ISP has been assigned the block 192.168.10.0/24, and we need to divide it into subnets for three different departments with the following host requirements:
- Department A: 100 hosts
- Department B: 50 hosts
- Department C: 25 hosts
Step 1: Arrange Subnets by Size
VLSM works best when we start with the largest requirement first. So we’ll allocate subnets in the order: Department A (100 hosts), Department B (50 hosts), and Department C (25 hosts).
Step 2: Allocate for Department A
Department A requires 100 hosts. To support this, we need at least 128 IPs (because 27 = 128). That means the subnet mask will be /25 (255.255.255.128).
- Network Address: 192.168.10.0
- Subnet Mask: 255.255.255.128 (/25)
- Usable IP Range: 192.168.10.1 – 192.168.10.126
- Broadcast Address: 192.168.10.127
Step 3: Allocate for Department B
Next, Department B requires 50 hosts. We need at least 64 IPs (26 = 64). That means the subnet mask will be /26 (255.255.255.192).
- Network Address: 192.168.10.128
- Subnet Mask: 255.255.255.192 (/26)
- Usable IP Range: 192.168.10.129 – 192.168.10.190
- Broadcast Address: 192.168.10.191
Step 4: Allocate for Department C
Finally, Department C requires 25 hosts. We need at least 32 IPs (25 = 32). That means the subnet mask will be /27 (255.255.255.224).
- Network Address: 192.168.10.192
- Subnet Mask: 255.255.255.224 (/27)
- Usable IP Range: 192.168.10.193 – 192.168.10.222
- Broadcast Address: 192.168.10.223
Step 5: Remaining Addresses
After allocating to all three departments, we still have some unused IP space left (192.168.10.224 – 192.168.10.255). This can be used for future departments or other network needs.
This example shows how VLSM allows us to divide a large block efficiently into multiple subnets of different sizes. Unlike fixed-length subnetting, VLSM ensures no IPs are wasted and resources are allocated exactly as needed.
Difference Between Subnetting, CIDR, and VLSM
While Subnetting, CIDR, and VLSM may look very similar at first glance, they actually solve different problems in IP addressing. Let’s break down the differences so you don’t get confused.
| Concept | Explanation |
|---|---|
| Subnetting | Subnetting is the process of dividing a large network into smaller, manageable networks. For example, if you have a Class C network (192.168.1.0/24), subnetting allows you to split it into multiple smaller, equal-sized sub-networks. Each subnet will have its own network ID, broadcast ID, and usable host addresses. The goal is usually to better utilize IP addresses and improve network management. |
| CIDR (Classless Inter-Domain Routing) | CIDR is a method of writing IP addresses and their subnet masks in a short, flexible format. Instead of relying on fixed classes (A, B, C), CIDR uses prefixes like `/24`, `/26`, `/20`, etc. This makes IP allocation much more efficient on the internet. For example, instead of saying “Class C with 255.255.255.0,” CIDR just says `/24`. CIDR is widely used in routing and IP assignments by ISPs. |
| VLSM (Variable Length Subnet Masking) | VLSM takes subnetting a step further. In normal subnetting, all subnets are equal in size. But with VLSM, you can create subnets of different sizes based on your needs. For example, you might use a `/26` subnet (64 addresses) for a department with many users, and a `/30` subnet (4 addresses) for a point-to-point router link. This saves a lot of IP addresses from being wasted. |
In short:
– Subnetting → Splits a big network into smaller equal-sized networks.
– CIDR → A flexible notation that ignores rigid IP classes and allows custom prefix lengths.
– VLSM → Lets you create subnets of different sizes to avoid wasting IPs.
Real-World Scenarios
Corporate Networks: Companies often assign different subnets to departments for both performance and security reasons. Firewalls can then enforce different rules per subnet (e.g., block HR from accessing developer servers).
Data Centers & Cloud: Cloud providers like AWS, Azure, and GCP heavily use CIDR blocks for defining Virtual Private Clouds (VPCs).
ISPs: Internet providers allocate address space using CIDR. For example, an ISP may assign a customer a /29 (8 addresses) instead of wasting an entire /24.
Pros and Cons
Advantages:
- Efficient use of IP address space
- Reduced broadcast traffic
- Easier network management
- Flexible design with VLSM and CIDR
Disadvantages:
- Increases configuration complexity
- Misconfigured subnet masks can lead to connectivity issues
- Requires careful planning in large-scale networks
Why Security Engineers Care
Subnetting isn’t just about saving addresses—it directly impacts firewall rules, intrusion detection, and segmentation strategies.
For example:
- If your finance subnet is
192.168.1.192/27, you can write firewall rules that only allow traffic between Finance and HR over specific ports. - In Zero Trust models, subnetting is often the first step in limiting lateral movement of attackers inside the network.
Conclusion
Subnetting, CIDR, and VLSM may sound like dry textbook topics, but they form the backbone of real-world networking and cybersecurity. Whether you’re setting up a small office LAN, building cloud VPCs, or configuring enterprise firewalls, you’ll use these concepts almost daily.
Think of it like city planning: instead of giving everyone a massive plot of land, you divide the city into neighborhoods, streets, and houses. The result is order, efficiency, and security.
If you’re serious about becoming a skilled IT professional or network security engineer, mastering subnetting, CIDR, and VLSM is a must.
📚 Additional Resources on Subnetting, CIDR, and VLSM
Cybersecurity blogger with a focus on firewalls, network security, and tech trends making security simple for everyone, from IT pros to curious minds.
