Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

Subnetting and CIDR

News Internet Protocol Recommended Links CIDR Quiz Humor Etc
Subnet Mask Cheat Sheet            



IPv4 addresses are 32 bits in length. Each 8-bit field, or octet, is represented by a decimal number between 0 and 255 (for example, Each IPv4 address identifies a network (network number) and a unique interface on that network (host number).

Originally, the 32-bit IPv4 address consisted simply of an 8-bit network number field (which specified the particular network a host was attached to), and a rest field, which gave the address of the host within that network. This format was picked before the advent of local area networks (LANs), when there were only a few, large, networks such as the ARPANET. This resulted in a very low count (256) of network numbers being available, and very early on, as LANs started to appear, it became obvious that that would not be enough.

As a kludge, the definition of IP addresses was changed to allow three different sizes of the network number field (and the associated rest field), as specified in the table below:

Class Leading Value Network Number Bits Rest Bits
Class A 0 7 24
Class B 10 14 16
Class C 110 21 8
Class D (multicast) 1110
Class E (reserved) 1111

The value of the high-order bits (first three bits) determine which portion of the IPv4 address is the network number and which portion is the host number. That means that netmask was essentially was encoded in the first three bits.

The network numbers are divided into three classes: Class A, Class B, and Class C. This addressing scheme is called classful IPv4 addressing.

Unicast Addresses and Old Classes A, B and C

A system uses unicast addresses when it needs to communicate with another system. There are three "old" classes of unicast addresses: Class A, Class B, and Class C.

This first round of changes was enough to work in the short run, however; an IP address shortage still developed. The principal problem was that most sites were too big for a "class C" network number, and received a "class B" number instead. With the rapid growth of the Internet, the available pool of class B addresses (basically 214, or about 16,000 total) was rapidly being depleted.

Classful networking was replaced by Classless Inter-Domain Routing (CIDR), starting in about 1993, to solve this ans several other problem with IP4 address space.

Early allocations of IP addresses by IANA were in some cases not made very efficiently, with large companies grabbing class A and class B subnets, which contributed to the problem. However, the commonly-held notion that some organizations unfairly or unnecessarily received class A networks is a canard; most such allocations date to the period before the introduction of address classes, when the only thing available was what later became known as "class A" network number.

Broadcast Addresses

A broadcast address is the address that reaches all systems on the network. A broadcast means that data is simultaneously sent to all of the hosts on the local area network (LAN). In Solaris, the default broadcast address is an address that has a host number of all ones when represented in binary. An example of a broadcast address is You use the ifconfig utility to configure an interface's broadcast address.

Multicast Addresses

Multicasting is a very efficient way to send large amounts of data to many systems at the same time. A multicast address identifies interfaces that belong to a specific multicast group. Packets that are sent to a multicast address are received by all interfaces that are associated with the multicast address.

If the first four bits are 1110, which makes the first field an integer value between 224 and 239, the address is a multicast address. The remaining 28 bits comprise a group identification number for a specific multicast group. An IPv4 multicast address is a destination address for one or more hosts, while a Class A, B, or C address is an address for an individual host. The IPv4 multicast address maps to an Ethernet multicast address so that the network interface listens for a multicast traffic. The low-order 23 bits of the IPv4 multicast address are placed into the low-order 23 bits of the Ethernet multicast address. Therefore, an IPv4 multicast address of maps to 01:00:5e:00:00:01.

Introducing Subnetting and VLSM

The Internet is composed of many routers that interconnect different networks. Each router interface must be on a unique network and must have a unique address. Assigning different IP address ranges to different networks is required because router essentially serves as a gateway between two or more different networks. In 1985, RFC 950 proposed a solution to this problem by specifing how an IP network could use multiple subnet masks and introduced the idea of Variable-Length Subnet Masking (VLSM). The term is now obsolete and the term CIDR is commonly used by some vendors like CISCO are still using it periodically.

The key idea here is similar to idea of class A, B, and C network but applied not to bytes but bits. So instead of three classes VLSM introduces 32 classes. The second distinction is that the division of address into network and host parts instead of static (based on the value of the address) became dynamic and is determined by net mask, which essentially became as part of IP address. So IP address instead of a single number became a pair of two numbers: IP address and netmask. The latter is specified by the number of one bits in netmask, for example

Because the old class distinctions are ignored, the new system was called classless routing. This led to the original system being called, classful routing.

Subnetting and using VLSMs is an approach to dividing an assigned network address range into multiple, smaller networks for use within an organization. These smaller networks are referred to as subnets. They can be used for multiple purposes:

The basic idea of subnetting is to divide the standard host number field into two parts: the subnet number and the host number on that subnet. That leads us from two level hierarchy (NetworkNumber/HostNumber) to three level hierarchy (NetworkNumber/SubnetNumber/HostNumber).

One of the major problems with supporting only a single subnet mask across a given network number is that once the mask is selected, it locks the organization into a fixed number of fixed-sized subnets. For example, a Class B subnet that is masked with yields additional 64 subnets with 1024 hosts per subnet. If you need 1028 subnets with some as large as 1000 hosts and some as small as 64 hosts you are out of luck. Similar to the IP space separation into A,B, and C classes VLSM permits organization to use subnets with different number of hosts.

When an IP network is assigned more than one subnet mask, it is considered a network with VLSMs because the extended-network numbers have different lengths at each subnet level. To provide the address mask information the ICMP protocol was extended by adding a new pair of ICMP message types, "Address Mask Request" and "Address Mask Reply", analogous to the "Information Request" and "Information Reply" ICMP messages (type 17 and 18 messages).

In key idea was that netmask becomes the extension of IP address, the part that is necessary for the interpretation of the address. It can be specified by the number of the bit in network part of the address, for example mean old class C network (24-bit network part of of the address and 8-bit host part of the address). Two of the main advantages of CIDR are:

An example of a VLSM entry is:

Note: VLSM subnet masks' syntax has been recognized since the Solaris 2.6.

The /etc/inet/netmasks File

A subnet mask is a 32-bit number that determines how an IP address is split into network and host portions, on a bitwise basis. For example, or /16 is a standard class B subnet mask, since the first two bytes are all ones (network), and the last two bytes are all zeros (host). In a subnetted network, the network portion is extended. For example, a subnet mask of would subnet a class B address space using its third byte. Using this scheme, the first two bytes of an IP address would identify the class B network, the next byte would identify the subnet within that network, and the final byte would select an individual host. Since subnet masks are used on a bit-by-bit basis, masks like (4 bits of subnet; 12 bits of host) are perfectly normal.

In Solaris the /etc/inet/netmasks file is linked to the /etc/netmasks file and contains a netmasks used by the host. When the system reboots, this file is consulted before the configuration of the network interfaces. The /etc/rcSd/ script consults the /etc/inet/netmasks file at run level S. At run level 2, the /etc/rc2.d/S72inetsvc script can recalculate the netmask using the NIS maps or LDAP. For every network that is subnetted, an individual line is entered into this file. The fields in the /etc/inet/netmasks file list the network number and the netmask definition.

An example of an entry for a subnetted Class B network is:

An example of an entry for a subnetted Class C network is:

If a netmask is not specified in the /etc/inet/netmasks file for the system to use during system startup, a default Class A, B, or C netmask is assumed. You can also configure an interface's netmask from the command line by using the ifconfig utility.

# ifconfig qfe0 netmask 0xffffff00 up


# ifconfig qfe0 netmask up

Contiguous Netmasks

RFC 950 recommends the use of contiguous subnet masks. A contiguous subnet mask is one that only uses contiguous high-order bits. For example:

11111111 11111111 11111111 11110000

Noncontiguous Netmasks Although RFC 950 recommends only the use of contiguous subnet masks, nothing prevents the use of noncontiguous subnet masks. For example:

11111111 11111111 11111111 01001010

However, using noncontiguous subnet masks makes administration more difficult. Avoid the use of noncontiguous subnet masks if at all possible.


Classless Inter-Domain Routing (CIDR, pronounced "cider" or "cedar") was introduced in 1993. It allowed increased flexibility when dividing ranges of IP addresses into separate networks and thereby promoted more efficient use of increasingly scarce IPv4 addresses and Greater use of hierarchy in address assignments (prefix aggregation), lowering the overhead of the Internet-wide routing (routes aggregation)

CIDR allows to split IP address into network and host part not on each byte boundary like network classes did, but at arbitrary bit. The number of bits in network part of the address is written via slash after the address and, essentially became part of the address.

That means that class A networks are followed by a /8, class B networks are followed by a /16, and class C networks are followed by a /24.

A subnet mask is a 32-bit number that determines how an IP address is split into network and host portions, on a bitwise basis. For example, or /16 is a standard class B subnet mask, since the first two bytes are all ones (network), and the last two bytes are all zeros (host). In a subnetted network, the network portion is extended. For example, a subnet mask of would subnet a class B address space using its third byte. Using this scheme, the first two bytes of an IP address would identify the class B network, the next byte would identify the subnet within that network, and the final byte would select an individual host. Since subnet masks are used on a bit-by-bit basis, masks like (4 bits of subnet; 12 bits of host) are perfectly normal.

In a traditional subnetted network, several restrictions apply, which have been lifted by CIDR. However, if older, non-CIDR routing protocols (such as RIP version 1) are in use, these restrictions must still be observed.

  1. Identical subnet masks. Since non-CIDR routing updates do not include subnet masks, a router must assume that the subnet mask it has been configured with is valid for all subnets. Therefore, a single mask must be used for all subnets with a network. Different masks can be used for different networks. Based on this assumption, a router can exchange subnet routes with other routers within the network. Since the subnet masks are identical across the network, the routers will interpret these routes in the same manner. However, routers not attached to the subnetted network can't interpret these subnet routes, since they lack the subnet mask. Therefore, subnet routes are not relayed to routers on other networks. This leads to our second restriction.
  2. Contiguous subnets. A subnetted network can't be split into isolated portions. All the subnets must be contiguous, since routing information can't be passed to non-members. Within a network, all subnets must be able to reach all other subnets without passing traffic through other networks.

The Internet is composed of many routers that interconnect different networks. Each router interface must be on a unique network and must have a unique address. Assigning different IP addresses to different networks is required because of the IP addressing scheme required by routers. Subnetting and VLSMs are two ways of dividing an assigned network address into multiple, smaller networks for use within an organization. These smaller networks are referred to as subnetworks. VLSM, conceptually was a stepping stone from subnetting to CIDR, lifted the restrictions of subnetting by relaying subnet information through routing protocols.

CIDR notation is constructed from the IP address and the prefix size, the latter being the number of leading 1 bits of the routing prefix (network part of the IP address). The IP address is expressed according to the standards of IPv4 or IPv6. It is followed by a separator character, the forward slash (/) character, and the prefix size expressed as a decimal number.

The address may denote a single, distinct, interface address or the beginning address of an entire network. In the latter case the CIDR notation specifies the address block allocation of the network. The maximum size of the network is given by the number of addresses that are possible with the remaining, least-significant bits below the prefix. This is often called the host identifier.

For example:

The number of addresses of a subnet defined by the mask or prefix can be calculated as 2address size - mask, in which the address size for IPv6 is 128 and 32 for IPv4. For example, in IPv4, a mask of /29 gives: 232-29 = 23 = 8 addresses.

However, because at least one of these addresses is typically used for a gateway to other subnets, and because certain addresses are reserved as broadcast addresses, the number of addresses available for hosts is usually smaller.

Top Visited
Past week
Past month


Old News

[Feb 16, 2011] How can I calculate the Subnet Mask from a CIDR-type address?

It's simpler than you think. You need to write down the number of bits that are in the CIDR notation (in Binary notation), divide them into 4 octets, and convert them to decimal notation. For example:

CIDR address:

  1. Write down 27 bits as 1 (one), and the rest (5) as 0 (zero):


  2. Divide them into 4 octets:


  3. Convert to decimal:


Remember that class A networks are followed by a /8, class B networks are followed by a /16, and class C networks are followed by a /24. This will make life easier for you.

Advanced IP Addressing > Hierarchical Addressing Using Variable ...

It is just me or CISCO deliberately tried to obscure simple things in its documentation and make it look more complex (and then extract some money from unsuspecting lemmings ;-) ?

Because IP addresses are binary, they are used in blocks of powers of 2. A block of addresses contains 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, and so on addresses. Two addresses are lost each time you create a subnet: one for the network (wire) address and the other for the broadcast address.

The lowest address of the range, where the host bits are all 0s, is known as the network number or the wire address. The top of the address range, where the host bits are all 1s, is the broadcast address. The number of addresses in a block that can be assigned to devices is 2n – 2, where n is the number of host bits. For example, with 3 host bits, 23 – 2 = 8 – 2 = 6 addresses can be assigned.

To determine the size of the block of addresses needed for a subnet, follow these steps:

Step 1 Calculate the maximum number of hosts on that subnet.
Step 2 Add 2 to that number for the broadcast and subnet numbers.
Step 3 Round up to the next higher power of 2.

In this example, the VLANs each have 200 users; therefore, the number of addresses required is 200 + 2 = 202. Rounding up to the next power of 2 gives you 256. Thus, 8 (28 = 256) host bits are required for the VLANs; therefore, the prefix is /24 (32 bits – 8 bits for the host = 24 bits). The network administrator subnets the into four /24 subnets on router D. is assigned to VLAN 1, and is assigned to VLAN 2. This leaves two /24 subnets, and, to use for the switches at the three remote sites and the three serial point-to-point links.

The number of addresses required for the LANs at each remote site is 20 + 2 = 22. Rounding this up to the next power of 2 gives you 32. Thus, 5 host bits (25 = 32) are required to address the remote users at each site. Therefore, the prefix to use is /27 (32 bits – 5 bits for the host = 27).

You cannot use the or networks, because they are assigned to VLANs 1 and 2 on router D. The process to further subnet into /27 subnets is shown in Figure 1-13. The first three subnets calculated in Figure 1-13 are used on the LANs in Figure 1-12.

Figure 13Figure 1-13 Calculating Subnet Addresses for the LANs in Figure 1-12

Serial Line Addresses

After you establish the addresses for the LANs at the remote sites, you must address the serial links between the remote sites and router D. Because the serial links require two addresses, the number of addresses required is 2 + 2 = 4 (the two additional addresses are for the network number and the broadcast address).

In this case, there is no need to round up, because 4 is a power of 2. Therefore, 2 host bits will allow for two hosts per subnet. A network mask of /30 (32 bits – 2 host bits = 30 bits) is used. This prefix allows for only two hosts-just enough hosts for a point-to-point connection between a pair of routers.

To calculate the subnet addresses for the WAN links, further subnet one of the unused /27 subnets. In this example, is further subnetted with a prefix of /30. The three additional subnet bits result in 23 = 8 subnets for the WAN links.

Key Point: Further Subnet Only Unused Subnets

It is important to remember that only unused subnets should be further subnetted. In other words, if you use any addresses from a subnet, that subnet should not be further subnetted. In Figure 1-12, three subnet numbers are used on the LANs. Another, as-yet unused subnet,, is further subnetted for use on the WANs.

The WAN addresses derived from are as follows. The shaded bits are the 3 additional subnet bits:

The first three of these subnets are used on the WANs shown in Figure 1-12.

The address information for the router A to router D link is as follows:

The address information for the router B to router D link is as follows:

The address information for the router C to router D link is as follows:

Note that to provide the most flexibility for future growth, the subnet was selected for the WANs instead of using the next available subnet, For example, if the company purchases more switches, the next IP segment could be assigned the subnet, and the new remote site would be connected to router D with the serial subnet.

The block could have been used for these /30 subnets, but only three subnets are currently needed, so a lot of the address space would be unused. The block is now available to use on another LAN in the future.

Summary of Addresses Used in the VLSM Example

Figure 1-14 summarizes the addresses, in binary, used in this example.

Figure 14Figure 1-14 Binary Representation of the Addresses Used in Figure 1-12

Another VLSM Example

This section illustrates another example of calculating VLSM addresses. In this example, you have a subnet address, and you need to assign addresses to a network that has ten hosts. With this subnet address, however, you have 212 – 2 = 4094 host addresses, so you would be wasting more than 4000 IP addresses. With VLSM, you can further subnet the address to give you more subnetwork addresses and fewer hosts per network, which would work better in this network topology. For example, if you subnet to, you gain 64 (26) subnets, each of which can support 62 (26 – 2) hosts.

To further subnet to, do the following, as illustrated in Figure 1-15:

Step 1 Write in binary.
Step 2 Draw a vertical line between the 20th and 21st bits, as shown in Figure 1-15.
Step 3 Draw a vertical line between the 26th and 27th bits, as shown in Figure 1-15.
Step 4 Calculate the 64 subnet addresses using the bits between the two vertical lines, from lowest to highest. Figure 1-15 shows the first five subnets available.

Figure 15Figure 1-15 Further Subnetting a Subnetted Address


VLSM calculators are available on the web. The following URL contains the one offered by Cisco: (Note that you need to have an account on Cisco's website to use this calculator.)

IP Addressing and Subnetting for New Users

Cisco Systems

A network mask helps you know which portion of the address identifies the network and which portion of the address identifies the node. Class A, B, and C networks have default masks, also known as natural masks, as shown here:

Class A:
Class B:
Class C:

An IP address on a Class A network that has not been subnetted would have an address/mask pair similar to: To see how the mask helps you identify the network and node parts of the address, convert the address and mask to binary numbers. = 00001000.00010100.00001111.00000001 = 11111111.00000000.00000000.00000000

Once you have the address and the mask represented in binary, then identifying the network and host ID is easier. Any address bits which have corresponding mask bits set to 1 represent the network ID. Any address bits that have corresponding mask bits set to 0 represent the node ID. = 00001000.00010100.00001111.00000001 = 11111111.00000000.00000000.00000000
             net id |      host id             
netid =  00001000 = 8
hostid = 00010100.00001111.00000001 = 20.15.1

Recommended Links



Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least

Copyright © 1996-2018 by Dr. Nikolai Bezroukov. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.


FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: September 12, 2017