Understand IPv4 subnetting, CIDR notation, private vs public IPs, and how to plan your cloud network architecture — no networking degree required.
Networking is one of those topics developers avoid until they're setting up a cloud VPC or debugging a mysterious connection issue. This guide gives you the practical knowledge you need without a networking degree.
An IPv4 address is 32 bits, written as four 8-bit octets in decimal:
192.168.1.100
^ ^ ^ ^
| | | └── last octet: 0-255
| | └──── third octet: 0-255
| └──────── second octet: 0-255
└──────────── first octet: 0-255
In binary: 11000000.10101000.00000001.01100100
These ranges are reserved for private networks (RFC 1918) — they're not routable on the public internet:
| Range | CIDR | Use case |
|---|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | Large enterprise / cloud VPCs |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | Docker default bridge network |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | Home/office networks |
Special addresses:
127.0.0.1 — loopback (localhost)0.0.0.0 — all interfaces (bind to all network interfaces)255.255.255.255 — broadcast to all devices on local networkCIDR (Classless Inter-Domain Routing) notation is IP/prefix. The prefix length tells you how many bits are the network portion:
192.168.1.0/24
^^
24 bits = network portion
8 bits left = host portion = 2^8 = 256 addresses
Network: 192.168.1.0
Broadcast: 192.168.1.255
Usable: 192.168.1.1 – 192.168.1.254 (254 hosts)
| CIDR | Subnet Mask | Total IPs | Usable Hosts |
|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 |
| /16 | 255.255.0.0 | 65,536 | 65,534 |
| /24 | 255.255.255.0 | 256 | 254 |
| /25 | 255.255.255.128 | 128 | 126 |
| /28 | 255.255.255.240 | 16 | 14 |
| /30 | 255.255.255.252 | 4 | 2 |
| /32 | 255.255.255.255 | 1 | 1 (single host) |
When setting up AWS VPC, GCP VPC, or Azure VNet, start with a large block and subnet it:
VPC: 10.0.0.0/16 (65,534 usable IPs)
├── Public subnets (for load balancers, NAT gateways)
│ ├── 10.0.1.0/24 — us-east-1a (254 hosts)
│ ├── 10.0.2.0/24 — us-east-1b (254 hosts)
│ └── 10.0.3.0/24 — us-east-1c (254 hosts)
│
├── Private subnets (for application servers)
│ ├── 10.0.11.0/24 — us-east-1a
│ ├── 10.0.12.0/24 — us-east-1b
│ └── 10.0.13.0/24 — us-east-1c
│
└── Database subnets (for RDS, ElastiCache)
├── 10.0.21.0/24 — us-east-1a
└── 10.0.22.0/24 — us-east-1b
Docker creates a bridge network 172.17.0.0/16 by default. Each container gets an IP in this range:
# See container IPs
docker inspect <container> | grep IPAddress
# Create a custom network
docker network create --subnet 10.10.0.0/24 mynet
# docker-compose custom subnet
networks:
default:
ipam:
config:
- subnet: 172.20.0.0/24
# Your current IP addresses
ip addr show # Linux
ipconfig /all # Windows
ifconfig # macOS
# Default gateway (router IP)
ip route show default
# Check if IP is reachable
ping 8.8.8.8
# Trace the network path
traceroute google.com # Linux/macOS
tracert google.com # Windows
# DNS lookup
nslookup heolab.com
dig heolab.com A
Use the CIDR Calculator to compute subnet ranges, broadcast addresses, and host counts for any CIDR block. Use the IP Lookup tool to check the geolocation and ISP of any IP address.