Last updated: 5 October 2021

This article is a gentle introduction to IPv4 subnets and CIDR. It includes a brief history lesson about network classes that explains why subnets were invented (and why they are very useful). Base-2 numbers play a large role in the story, so you may want to read my article about binary numbers first. And if you want to know how to calculate the number of IPs in a subnet then I got an article about that as well.

In this article I focus on IPv4 addresses. That is mainly because subnets are more relevant for IPv4 addresses. However, the basics are the same for both IPv4 and IPv6. The main difference is that you need to understand hexadecimals for IPv6 subnets.

### Reserved and loopback IPs

Both IPv4 and IPV6 have so-called reserved addresses. For instance, chances are that your local machine has an IPv4 address starting with 192.168. These IP addresses are local IPs used for communication on your local network (LAN).

Your machine also has a loopback IP. In most cases this is 127.0.0.1. You will be familiar with that if you develop websites locally on your computer – if you have a web server running on your machine then you can view websites you are working on via http://127.0.0.1 or http://localhost.

## Network classes

IP addresses have two parts; a network and a host part. In the early days of the internet (the ARPANET era) the first octet of an address was used for the network and the remaining three octets were used for nodes. That limited the number of networks to just 254, but that seemed plenty at the time. Little did they know that billions of people would one day spend their lives on Facebook and connect doorbells and toasters to the internet.

In the early 1980s a new architecture called classful network was adopted. This scheme defined five classes of IP addresses. The primary classes were A, B and C, and each class defined a range of IP addresses and which octets were the network part. Class A addresses still used only the first octet for the network; class B used the first two and class C the first three.

``` Class | Network/Node                    | Range
-------+---------------------------------+-----------------------------
A     | Network.Node.Node.Node          | 1.0.0.0 - 127.255.255.255
B     | Network.Network.Node.Node       | 128.0.0.0 - 191.255.255.255
C     | Network.Network.Network.Node    | 192.0.0.0 - 223.255.255.255
```

Although elegant, the architecture was still very limited. At one end of the spectrum you had 254 class A addresses with a whopping 16,777,214 nodes each, while at the other end you had millions of class C addresses with just 254 nodes. As the internet kept growing rapidly it became clear that there weren’t enough IP addresses.

The next attempt to solve the problem was a new architecture called Classless Inter-Domain Routing, or CIDR. With CIDR the network part doesn’t always have to be an entire octet. This makes it possible to divide networks into smaller parts, known as subnets. CIDR was adopted in 1993 and is still widely used today. The main other development that has happened since is the introduction of IPv6 addresses. When IPv6 is finally widely used the world should never again face an IP address shortage.

## Subnets

As said, with subnets the network component doesn’t always have to be exactly 1, 2 or 3 octets. Instead, the network address is defined by a subnet mask. Just like an IP address, a subnet mask is a 32-bit number divided into four-octets. The mask is used to mask out what part of an IP address is the network.

### Base-2 numbers

To make sense of subnet masks you need to understand base-2 numbers. Once the subnet mask is a base-2 number you can instantly see which part of an IP address is the network and which part is used for nodes; the network component is made up of all ones while the host part is made up of zeros.

To demonstrate, let’s convert the network mask 255.255.255.0. In base-2, the number 255 is 11111111. So, the first three octets are all ones and part of the network. The last octet is made up of all zeros and can be used for nodes. This aligns exactly with class C networks:

```11111111.11111111.11111111.00000000
Network  Network  Network  Node
```

Another common mask is 255.255.255.192. Here, part of the fourth octet is part of the network. To find out how many bits are turned on in the fourth octet you can use the following table:

``` 128 |  64 |  32 |  16 |  8  |  4  |  2  |  1
-----+-----+-----+-----+-----+-----+-----+-----
1  |  1  |  0  |  0  |  0  |  0  |  0  |  0  | 192
```

The first row shows base-2 exponents and the second row shows if an individual bit is on (1) or off (0). The number in the fourth octet is 192, and we can get to 192 by adding up 128 and 64. So, the first two bits in the fourth octet are on and the remaining six are off. The fourth octet is therefore 11000000, and the full subnet mask is 11111111.11111111.11111111.11000000.

## CIDR notation

Network administrators typically use CIDR notation to indicate the size of the network part of an IP address. For instance, the network mask 255.255.255.0 translates to 11111111.11111111.11111111.0000000 in binary. There are 24 bits that are switched on in the address. In CIDR-speak, you can therefore say that it is a /24 address. If you see an IP address like 192.168.1.0/24 or 202.202.0.0/24 then you always know that the network part is made up of the first three octets.

The second example I gave used the mask 255.255.255.192. In that mask 26 bits are turned on, and it is therefore a /26 address. In the same way you can use CIDR for the old classful network IPs:

``` Class | Network/Node   | Range                       | CIDR
-------+----------------+-----------------------------+------
A    | 255.0.0.0      | 1.0.0.0 - 127.255.255.255   | /8
B    | 255.255.0.0    | 128.0.0.0 - 191.255.255.255 | /16
C    | 255.255.255.0  | 192.0.0.0 - 223.255.255.255 | /24
```