Subnet / CIDR

A subnet (subnetwork) is a logical subdivision of an IP network, and CIDR (Classless Inter-Domain Routing) is the notation and allocation scheme used to describe it. CIDR was standardized in RFC 4632 to replace the old rigid class boundaries, allowing prefixes of any length. A CIDR block is written as an address followed by a slash and a prefix length, such as 10.0.0.0/24, where the number after the slash states how many of the 32 bits (for IPv4) identify the network portion.

Reading the notation

The prefix length and the dotted-decimal subnet mask are two ways of writing the same thing: the count of leading one-bits in the mask. A /24 equals 255.255.255.0 and leaves 8 host bits, giving 256 addresses (254 usable after the network and broadcast addresses). A /20 equals 255.255.240.0 with 12 host bits and 4,096 addresses. Smaller prefixes mean larger networks; larger prefixes mean smaller, more numerous segments. This is the arithmetic behind every routing table entry, including the prefixes networks announce via BGP.

Why segment a network

Subnetting lets you carve one address range into purpose-built segments, for example one subnet for trusted workstations, another for IoT and miners, and another for a perimeter zone. This improves performance by shrinking broadcast domains and improves security by giving each segment its own boundary to filter at. Subnets are commonly paired with a VLAN so that the logical IP segment and the Layer 2 broadcast domain line up, a clean foundation for isolating a DMZ or a noisy mining rig.