Subnet Masks Explained: /8, /16, /24 and How They Work

If you've configured a router, set up a cloud VPC, or read a firewall rule, you've seen notation like 192.168.1.0/24 or 10.0.0.0/16. The number after the slash is the network prefix length — and understanding it makes network design, troubleshooting, and security configuration far more intuitive.

How an IP Address Is Structured

An IPv4 address like 192.168.1.100 is actually a 32-bit binary number, split into four 8-bit groups (octets) for readability. Internally it looks like 11000000.10101000.00000001.01100100. Every IP address has two parts: a network part (which network it belongs to) and a host part (which specific device on that network).

What the Prefix Length Means

CIDR notation (/n) tells you how many of the 32 bits are reserved for the network. The remaining bits identify individual hosts on that network.

💡 /24 = first 24 bits are the network → 8 bits left for hosts → 2⁸ = 256 addresses (254 usable)

Common Prefix Lengths at a Glance

Prefix	Subnet Mask	Total IPs	Usable Hosts	Typical Use
/8	255.0.0.0	16,777,216	16,777,214	ISPs, large enterprises
/16	255.255.0.0	65,536	65,534	Corporate networks, AWS VPC
/24	255.255.255.0	256	254	Office LAN, home network
/28	255.255.255.240	16	14	Small AWS subnets
/30	255.255.255.252	4	2	Router point-to-point links
/32	255.255.255.255	1	Single host	Specific host routes, firewall rules

Breaking Down Each Common Prefix

/24 — The Most Common Choice

192.168.1.0/24: the first three octets (192.168.1) identify the network; the last octet (.0 to .255) identifies hosts. Two addresses are reserved: the network address (.0) and the broadcast address (.255), leaving 254 usable. Default for home routers and small office networks.

/16 — Medium to Large Scale

10.0.0.0/16 gives you 65,534 usable addresses. Ideal for AWS VPCs where you'll divide the space into multiple smaller /24 or /28 subnets across availability zones.

/8 — Very Large Networks

The entire 10.0.0.0/8 private range contains over 16 million addresses. Used by large data centers and ISPs for internal routing. RFC 1918 defines three private ranges that are non-routable on the public internet.

Private IP Address Ranges (RFC 1918)

Range	CIDR	Common Use
10.0.0.0 – 10.255.255.255	/8	Enterprise networks
172.16.0.0 – 172.31.255.255	/12	Mid-size internal networks
192.168.0.0 – 192.168.255.255	/16	Home / SOHO networks

These ranges are never routed on the public internet. Use them freely for internal addressing.

Practical Examples

Home router: Default is usually 192.168.0.0/24 or 192.168.1.0/24 — gives 254 devices.
AWS VPC: Create a 10.0.0.0/16 VPC, then carve out /24 subnets per availability zone.
Firewall rule: Allow traffic from 203.0.113.0/24 to restrict access to a specific IP block.
Router link: Use /30 between two routers — only two host addresses needed.

💡 The subnet calculator below lets you enter any IP address and prefix, then instantly shows the network address, broadcast address, and full usable host range — no mental arithmetic required.