If you can subnet in your head, you save 5 minutes of fumbling every time you set up a VLAN, write a firewall rule, or design a VPC. If you cannot, you either reach for a calculator or trust whatever the documentation says — both of which have failure modes. This article teaches the "magic number" method that lets you handle any subnetting question in under 30 seconds without binary arithmetic.

If you just want the answer for a one-off calculation, our CIDR calculator will do it for you. But if you want to internalize subnet math so you can sanity-check tools and read configs at a glance, the method below is the foundation.

The two things you must memorize

Everything else builds on these:

1. Powers of 2 up to 256

2, 4, 8, 16, 32, 64, 128, 256.

2. The octet-to-bits table

Octet valueBinaryLeading 1sMagic number (256-x)
128100000001128
19211000000264
22411100000332
24011110000416
2481111100058
2521111110064
2541111111072
2551111111181

These eight values are the only ones that appear in a valid subnet mask octet (other than 0 or 255). The "magic number" column is what we will use to find subnet boundaries.

The magic number method

Given any CIDR like 192.168.10.42/26, here is how to find the subnet it belongs to:

  1. Identify the interesting octet — the one where the mask transitions from 255 to a smaller number. For /26, the mask is 255.255.255.192, so the interesting octet is the fourth.
  2. Find the mask value in that octet: 192.
  3. Compute the magic number: 256 − 192 = 64.
  4. Subnets start at multiples of the magic number in that octet: .0, .64, .128, .192.
  5. Find which subnet contains your host: largest multiple of 64 that is ≤ 42 is 0. Subnet = 192.168.10.0/26.
  6. Broadcast: add (magic number − 1) to the subnet start: 192.168.10.63.
  7. Usable range: 1 above network, 1 below broadcast: 192.168.10.1 – 192.168.10.62.

Worked example: /20

Find the subnet for 10.30.71.5/20.

  1. /20 mask = 255.255.240.0. Interesting octet = 3rd (value 240).
  2. Magic number = 256 − 240 = 16.
  3. Subnets in the third octet at: 0, 16, 32, 48, 64, 80, 96...
  4. Host has 71 in the third octet. Largest multiple of 16 ≤ 71 is 64.
  5. Subnet = 10.30.64.0/20.
  6. Broadcast = 10.30.79.255 (third octet = 64 + 16 − 1 = 79; fourth octet = 255).
  7. Usable hosts = 10.30.64.1 – 10.30.79.254 (4,094 hosts).

Worked example: /27

Find the subnet for 172.16.4.200/27.

  1. /27 mask = 255.255.255.224. Interesting octet = 4th (value 224).
  2. Magic number = 256 − 224 = 32.
  3. Subnets in the fourth octet at: 0, 32, 64, 96, 128, 160, 192, 224.
  4. Host has 200 in the fourth octet. Largest multiple of 32 ≤ 200 is 192.
  5. Subnet = 172.16.4.192/27.
  6. Broadcast = 172.16.4.223.
  7. Usable hosts = 172.16.4.193 – 172.16.4.222 (30 hosts).

What about /22, /23?

The same method works for shorter prefixes — the interesting octet just moves left.

For 10.0.6.42/22:

  1. /22 mask = 255.255.252.0. Interesting octet = 3rd (value 252).
  2. Magic number = 256 − 252 = 4.
  3. Subnets in third octet at: 0, 4, 8, 12, 16, 20, 24...
  4. Host has 6 in third octet. Largest multiple of 4 ≤ 6 is 4.
  5. Subnet = 10.0.4.0/22.
  6. Broadcast = 10.0.7.255 (third octet = 4 + 4 − 1 = 7).
  7. Usable hosts = 10.0.4.1 – 10.0.7.254 (1,022 hosts).

Host count for any prefix

Usable hosts = 2^(32 − prefix) − 2. For mental math:

  • /24 = 2^8 − 2 = 254
  • /25 = 2^7 − 2 = 126
  • /26 = 2^6 − 2 = 62
  • /27 = 2^5 − 2 = 30
  • /28 = 2^4 − 2 = 14

Each step shorter doubles the usable count: /23 = 510, /22 = 1,022, /21 = 2,046.

Sizing subnets for N hosts

Given a host count requirement, find the smallest power of 2 that is at least N + 2, then the prefix is 32 − log₂(that power).

  • Need 25 hosts → 25 + 2 = 27 → next power of 2 is 32 → prefix = 32 − 5 = /27 (30 usable, 5 to spare).
  • Need 200 hosts → 200 + 2 = 202 → next power of 2 is 256 → prefix = 32 − 8 = /24 (254 usable, 54 to spare).
  • Need 1000 hosts → 1000 + 2 = 1002 → next power of 2 is 1024 → prefix = 32 − 10 = /22 (1022 usable, 22 to spare).

Common mistakes to avoid

  • Forgetting the −2. A /27 has 32 total addresses but only 30 usable. The network and broadcast are not assignable.
  • Misaligning the magic number. Subnets must start at multiples of the magic number. 10.0.0.5/27 is not a valid subnet — it gets normalized to 10.0.0.0/27 (containing .5).
  • Treating /31 like a regular subnet. /31 has 2 usable hosts per RFC 3021 — it has no network or broadcast. Used on point-to-point links. See our article on /30 vs /31.
  • Forgetting cloud reservations. AWS reserves 5 IPs per subnet. A /28 has 14 usable normally but only 11 on AWS.

When to skip the math

Mental subnet math is great for quick sanity checks, but for any production design you should still use a tool to catch typos and edge cases. Use our CIDR calculator for one-off conversions and the VLSM Designer for full subnet planning. The Validate tool catches overlaps in a list of CIDRs.

Key takeaways

  • The magic number is 256 − the mask value in the interesting octet. Subnets start at multiples of it.
  • Find the subnet by rounding the host's octet down to the nearest multiple of the magic number.
  • Broadcast = subnet start + magic number − 1 in the interesting octet, with .255 in any following octets.
  • Usable hosts = 2^(32-prefix) − 2 (except /31 = 2, /32 = 1).
  • For N hosts needed, round N + 2 up to the next power of 2 and derive the prefix.