You’re designing a network. You need a /22 subnet but you don’t remember offhand how many hosts that is. Or you’re given a netmask 255.255.252.0 and need to translate to CIDR. Or you’re sizing a cloud VPC and need to plan subnets.
This post is the cheatsheet. Prefix length → mask → host count, all the common sizes, in one place, with the conversions you’ll actually need.
The Prefix Length Table
IPv4 prefix lengths, in order:
| CIDR | Netmask | Wildcard | Total addresses | Usable hosts | Common use |
|---|---|---|---|---|---|
| /32 | 255.255.255.255 | 0.0.0.0 | 1 | 1 | Single host |
| /31 | 255.255.255.254 | 0.0.0.1 | 2 | 2* | Point-to-point links |
| /30 | 255.255.255.252 | 0.0.0.3 | 4 | 2 | Point-to-point |
| /29 | 255.255.255.248 | 0.0.0.7 | 8 | 6 | Small VLAN |
| /28 | 255.255.255.240 | 0.0.0.15 | 16 | 14 | Small DMZ |
| /27 | 255.255.255.224 | 0.0.0.31 | 32 | 30 | Small office subnet |
| /26 | 255.255.255.192 | 0.0.0.63 | 64 | 62 | Medium subnet |
| /25 | 255.255.255.128 | 0.0.0.127 | 128 | 126 | Half a /24 |
| /24 | 255.255.255.0 | 0.0.0.255 | 256 | 254 | Standard LAN |
| /23 | 255.255.254.0 | 0.0.1.255 | 512 | 510 | Larger LAN |
| /22 | 255.255.252.0 | 0.0.3.255 | 1,024 | 1,022 | Building network |
| /21 | 255.255.248.0 | 0.0.7.255 | 2,048 | 2,046 | Campus subnet |
| /20 | 255.255.240.0 | 0.0.15.255 | 4,096 | 4,094 | Medium VPC |
| /19 | 255.255.224.0 | 0.0.31.255 | 8,192 | 8,190 | Large VPC |
| /18 | 255.255.192.0 | 0.0.63.255 | 16,384 | 16,382 | Very large LAN |
| /17 | 255.255.128.0 | 0.0.127.255 | 32,768 | 32,766 | Massive subnet |
| /16 | 255.255.0.0 | 0.0.255.255 | 65,536 | 65,534 | Class B equivalent |
| /15 | 255.254.0.0 | 0.1.255.255 | 131,072 | 131,070 | Multiple /16s |
| /14 | 255.252.0.0 | 0.3.255.255 | 262,144 | 262,142 | Large org |
| /13 | 255.248.0.0 | 0.7.255.255 | 524,288 | 524,286 | Huge org |
| /12 | 255.240.0.0 | 0.15.255.255 | 1,048,576 | 1,048,574 | RIR allocation |
| /8 | 255.0.0.0 | 0.255.255.255 | 16,777,216 | 16,777,214 | Class A equivalent |
* /31 in RFC 3021 mode allows 2 usable hosts on point-to-point links (no network/broadcast).
For the underlying concepts of CIDR notation and netmasks, see subnet mask CIDR explained.
Why “Usable Hosts” Is Less Than “Total Addresses”
In standard IPv4, each subnet reserves:
- Network address (first address) — Identifies the subnet itself.
- Broadcast address (last address) — Sends to all hosts on the subnet.
So a /24 with 256 addresses has 254 usable hosts: 192.168.1.0 (network) and 192.168.1.255 (broadcast) are reserved; 192.168.1.1-254 are usable.
Exceptions:
- /31 (RFC 3021): for point-to-point links. No broadcast needed; both addresses usable.
- /32: single host; concept of network/broadcast doesn’t apply.
Common Cloud Subnet Choices
AWS VPC sizing
- VPC: /16 to /28. Default new VPCs are /16.
- Subnets within VPC: /16 to /28. Each subnet must be in one Availability Zone.
- Common subnet size: /24 (256 addresses) or /20 (4096 addresses).
- AWS reserves 5 addresses per subnet for AWS internal use, in addition to the network/broadcast.
So a /24 in AWS gives you 251 usable host IPs.
GCP and Azure
Similar conventions. GCP subnets are typically /24 to /20. Azure subnets reserve 5 addresses too.
Kubernetes pod CIDRs
- /14 for the whole cluster (4096 pods × 4096 hosts).
- /22 to /24 per node (pods on that node).
Specific numbers vary by CNI plugin; the orders of magnitude are similar.
Converting Between Forms
CIDR to host count
hosts = 2^(32 - cidr) - 2 (for cidr ≤ 30).
/22 → 2^10 - 2 = 1022 usable hosts.
Host count to CIDR
Round up to next power of 2, then cidr = 32 - log2(hosts + 2).
Need 100 hosts → 128 addresses → /25 (with 126 usable hosts).
Netmask to CIDR
Count the 1-bits in the binary netmask.
255.255.252.0 = 11111111.11111111.11111100.00000000 = 22 ones → /22.
CIDR to netmask
Number of 1-bits then 0-bits, packed into octets.
/22 = 22 ones then 10 zeros → 11111111.11111111.11111100.00000000 → 255.255.252.0.
Calculating Network Address from IP + CIDR
To find which subnet an IP belongs to:
IP: 203.0.113.42
CIDR: /27 (224 in last octet)
42 / 32 = 1 remainder 10
Network: 203.0.113.32 (first multiple of 32 ≤ 42)
Range: 203.0.113.32 - 203.0.113.63Or programmatically with ipaddress in Python:
import ipaddress
net = ipaddress.ip_network('203.0.113.42/27', strict=False)
print(net.network_address) # 203.0.113.32
print(net.broadcast_address) # 203.0.113.63Subnet Adjacency
For multi-region networks where you need non-overlapping CIDRs:
A /16 covers 65536 addresses. Splitting into /24s gives you 256 /24 subnets. Splitting into /20s gives 16 /20 subnets.
Example allocation plan for a multi-region deployment:
us-east: 10.0.0.0/16 (10.0.0.0 - 10.0.255.255)
us-west: 10.1.0.0/16 (10.1.0.0 - 10.1.255.255)
eu-west: 10.2.0.0/16 (10.2.0.0 - 10.2.255.255)
ap-south: 10.3.0.0/16 (10.3.0.0 - 10.3.255.255)Each /16 can be subdivided into /20s, /24s, etc., for AZ subnets within the region.
Variable Length Subnet Masking (VLSM)
You don’t have to give every subnet the same size. VLSM lets you allocate efficiently:
Building network: 192.168.0.0/22 (1024 addresses)
HR (50 users): 192.168.0.0/26 (64 addresses)
Engineering (200): 192.168.0.64/25 (128 addresses)
Wait — overlaps. Better:
Engineering: 192.168.1.0/24 (256 addresses)
Sales (100): 192.168.2.0/25 (128 addresses)
Servers: 192.168.3.0/24 (256 addresses)VLSM is standard practice in 2026. Modern routers handle arbitrary prefix lengths.
IPv6 Sizing
IPv6 uses different conventions:
- /128 — single host.
- /64 — standard subnet (auto-config requires this).
- /56 — typical home assignment (256 /64 subnets).
- /48 — typical enterprise allocation (65,536 /64 subnets).
- /32 — typical LIR allocation (4 billion /64 subnets).
The IPv6 world doesn’t conserve addresses the way IPv4 does. You always use /64 for end subnets; you delegate /48 or /56 to sites. See IPv6 deployment guide.
Practical Sizing Guide
When designing a new network, ask:
- How many hosts in the largest subnet? Pick the smallest CIDR that fits.
- How many subnets total? Multiply.
- Growth? Add 2-4x headroom.
- Multi-region? Make sure regions don’t overlap.
- Future VPN peering? Avoid common ranges (10.0.0.0/24, 192.168.1.0/24).
A typical “design a corporate network for 500 employees in 3 offices” looks like:
Corp HQ: 10.10.0.0/16 (potential 65k hosts; we'll use a fraction)
Engineering: 10.10.10.0/23 (510 hosts)
Sales: 10.10.20.0/24 (254 hosts)
Servers: 10.10.30.0/24 (254 hosts)
Wi-Fi: 10.10.40.0/22 (1022 hosts)
Branch 1: 10.20.0.0/16
Branch 2: 10.30.0.0/16Each office has plenty of room within its /16. Inter-office VPN connects them without overlap.
Tools
A few practical tools for working with subnets:
ipcalc— CLI tool.ipcalc 192.168.0.0/22gives all the details.sipcalc— More features than ipcalc.- Python
ipaddress— Programmatic subnet math. - Online calculators —
subnet-calculator.com,ipcalc.co.uk.
TL;DR
- Reference the table for prefix length → mask → host count.
- Each subnet reserves network + broadcast; usable hosts = total − 2.
- AWS reserves 5 additional addresses per subnet.
- /31 for point-to-point (RFC 3021); both addresses usable.
- VLSM lets you mix subnet sizes for efficient allocation.
- For multi-region, give each region a non-overlapping /16 or /20.
- For future VPN peering, avoid common ranges that everyone else picks.
- IPv6 uses /64 standard subnets; allocate /48 or /56 to sites.
Subnetting is one of those skills that gets fluent with practice. The table above covers 95% of what comes up in modern network design. For the underlying concepts, see subnet mask CIDR explained; for the private ranges most of your networks will live in, private IP ranges RFC 1918.