IP Subnet Cheat Sheet: Quick Reference for Network Engineers

The Problem: Subnetting Under Pressure

IP subnetting is one of those topics that seems straightforward in a textbook but becomes genuinely confusing when you are configuring a security group rule at 2am or designing a VPC architecture with overlapping CIDR requirements. The notation /24 is easy. Once you get into the mid-range prefixes like /19, /22, or /27, many engineers need to pause and calculate.

This reference covers every common prefix length with the subnet mask, total addresses, usable host count, and practical use cases. Bookmark it. Print it. Keep it open in a browser tab. And when you need exact calculations for arbitrary ranges, use our Subnet Calculator.

The Complete IPv4 CIDR Cheat Sheet

Private IPv4 Address Ranges (RFC 1918)

These ranges are reserved for private networks and must not be routed on the public internet. You will use them constantly in VPCs, home networks, and corporate LANs:

10.0.0.0/8       # 10.0.0.0 – 10.255.255.255    (16.7M addresses)
172.16.0.0/12    # 172.16.0.0 – 172.31.255.255  (1M addresses)
192.168.0.0/16   # 192.168.0.0 – 192.168.255.255 (65K addresses)

The 10.0.0.0/8 block is the most commonly used for large cloud VPCs and corporate networks. AWS VPCs default to 10.0.0.0/16, which gives 65,536 addresses and can be further divided into subnets per availability zone.

Special and Reserved Ranges

127.0.0.0/8      # Loopback (localhost)
169.254.0.0/16   # Link-local (APIPA, AWS instance metadata)
100.64.0.0/10    # Shared address space (carrier-grade NAT, RFC 6598)
192.0.2.0/24     # TEST-NET-1 (documentation, not routable)
198.51.100.0/24  # TEST-NET-2 (documentation)
203.0.113.0/24   # TEST-NET-3 (documentation)
0.0.0.0/8        # "This" network (source address only)
255.255.255.255  # Limited broadcast

The 169.254.0.0/16 link-local range is particularly important in cloud environments. AWS uses 169.254.169.254 as the instance metadata service endpoint. If you see traffic to this address, it is your instance querying its own metadata (IAM role, user data, etc.).

Mental Math: How to Subnet Without a Calculator

Experienced engineers can estimate subnet sizes without tools. Here is the pattern:

• A /24 has 256 addresses (2⁸). Each bit added to the prefix halves the size.
• /25 = 128, /26 = 64, /27 = 32, /28 = 16, /29 = 8, /30 = 4
• Going the other direction: /23 = 512, /22 = 1,024, /21 = 2,048, /20 = 4,096
• Usable hosts = total addresses − 2 (network address and broadcast address)

For the subnet mask, count the host bits. A /26 has 6 host bits. The last octet in binary is 11000000 = 192. So the mask is 255.255.255.192.

Common Cloud Subnet Patterns

AWS VPC Design

AWS recommends planning your VPC CIDR to accommodate future growth. A common pattern for a production VPC:

VPC:            10.0.0.0/16       # 65,536 addresses total

# Per AZ (3 AZs):
Public subnet:  10.0.0.0/24       # 254 hosts (NAT gateways, load balancers)
Private subnet: 10.0.10.0/23      # 510 hosts (application servers)
Data subnet:    10.0.20.0/24      # 254 hosts (RDS, ElastiCache)

Leave gaps between subnet ranges to allow future expansion without re-IP. Jumping from 10.0.0.0/24 to 10.0.10.0/23 leaves room to add more subnets in the 10.0.1-9.x range later.

Kubernetes Pod and Service CIDRs

Kubernetes clusters need non-overlapping CIDRs for the VPC, pods, and services. A standard setup:

Node VPC CIDR:      10.0.0.0/16
Pod CIDR:           172.20.0.0/16
Service CIDR:       10.96.0.0/12
Cluster DNS (kube-dns): 10.96.0.10

Never overlap these three ranges. A pod-to-service routing failure is one of the hardest Kubernetes networking bugs to debug, and it often traces back to a CIDR overlap created at cluster creation time.

Subnetting Step-by-Step: Dividing a /24 into Smaller Subnets

Scenario: You have 192.168.10.0/24 and need to divide it into 4 equal subnets.

1. Determine the prefix needed: 4 subnets requires borrowing 2 bits from the host portion (2² = 4). New prefix = /24 + 2 = /26.
2. Calculate each subnet size: /26 = 64 addresses, 62 usable hosts each.
3. List the subnets:
   • 192.168.10.0/26 (hosts: .1 – .62, broadcast: .63)
   • 192.168.10.64/26 (hosts: .65 – .126, broadcast: .127)
   • 192.168.10.128/26 (hosts: .129 – .190, broadcast: .191)
   • 192.168.10.192/26 (hosts: .193 – .254, broadcast: .255)

The formula: subnet increment = 256 − (last non-255 octet of subnet mask). For /26, the mask last octet is 192, so increment = 256 − 192 = 64. Start at .0, add 64 for each successive subnet.

Frequently Asked Questions

What is the difference between /24 and 255.255.255.0?

They are two different notations for the same thing. CIDR notation (/24) counts the number of consecutive 1 bits in the subnet mask from the left. A /24 mask has 24 ones followed by 8 zeros in binary, which equals 255.255.255.0 in decimal. CIDR notation is more compact and is now the standard in routing tables and cloud platforms. Dotted-decimal notation is still used in older systems and some network device configuration interfaces.

Why do subnets have 2 fewer usable hosts than total addresses?

Every subnet reserves two addresses: the network address (the first address, all host bits set to 0) and the broadcast address (the last address, all host bits set to 1). For a /24: 192.168.1.0 is the network address and 192.168.1.255 is the broadcast. Hosts are assigned 192.168.1.1 through 192.168.1.254 - 254 usable addresses from 256 total.

What is a /31 used for and why does it have 2 usable hosts with no broadcast?

RFC 3021 defines /31 subnets for point-to-point links. With only two addresses in the subnet, treating one as the network address and one as broadcast would leave zero usable hosts. RFC 3021 relaxes this rule for /31 specifically, allowing both addresses to be assigned to the two endpoints of a link. Modern routers support this. It is commonly used to conserve IP space on router-to-router interfaces.

How do I find the subnet of a given IP address?

Perform a bitwise AND between the IP address and the subnet mask. For example: IP = 192.168.10.45, mask = 255.255.255.0 (/24). AND operation: all four octets ANDed together gives 192.168.10.0, which is the network address. The subnet is 192.168.10.0/24. Our Subnet Calculator does this automatically for any input.

What is VLSM and why does it matter?

Variable Length Subnet Masking (VLSM) is the practice of using different prefix lengths within the same network, allocating exactly the right number of addresses for each segment rather than using uniform /24s everywhere. For example, a point-to-point link needs only a /30 (2 hosts), while a data center LAN might need a /22 (1,022 hosts). VLSM is what makes efficient IP address allocation possible in large networks. All modern routing protocols (OSPF, EIGRP, BGP) support VLSM.

Use our free tool here → Subnet Calculator