Overview
IP addressing and subnetting form the foundation of network communications and are heavily tested on the CompTIA Network+ exam. This guide covers IPv4 and IPv6 addressing structures, classful vs. classless routing, subnet calculations, and special address types. Mastery of these concepts requires both conceptual understanding and hands-on calculation practice.
---
IPv4 Fundamentals
Address Structure
• An IPv4 address is 32 bits long, divided into four 8-bit octets
• Written in dotted-decimal notation (e.g., `192.168.1.1`)
• Each octet ranges from 0–255 in decimal
• Every address has two logical parts: the network portion and the host portion, determined by the subnet mask
Classful Addressing
| Class | First-Octet Range | Default Subnet Mask | CIDR | Host Bits |
|-------|-------------------|---------------------|------|-----------|
| A | 1–126 | 255.0.0.0 | /8 | 24 |
| B | 128–191 | 255.255.0.0 | /16 | 16 |
| C | 192–223 | 255.255.255.0 | /24 | 8 |
| D | 224–239 | N/A (Multicast) | — | — |
| E | 240–255 | N/A (Experimental) | — | — |
Key Terms
• Octet – One of four 8-bit groups in an IPv4 address
• Network portion – Bits identified by the subnet mask as belonging to the network
• Host portion – Remaining bits used to identify individual devices
Private IPv4 Address Ranges (RFC 1918)
• `10.0.0.0/8` → 10.0.0.0 – 10.255.255.255 (Class A)
• `172.16.0.0/12` → 172.16.0.0 – 172.31.255.255 (Class B)
• `192.168.0.0/16` → 192.168.0.0 – 192.168.255.255 (Class C)
> Private addresses are not routable on the public internet — NAT is required.
Special IPv4 Addresses
| Address/Range | Purpose |
|---------------|---------|
| `127.0.0.1` (127.x.x.x) | Loopback – tests local TCP/IP stack |
| `169.254.0.0/16` | APIPA – self-assigned when DHCP is unavailable |
| `255.255.255.255` | Limited broadcast – reaches all hosts on local subnet |
| `0.0.0.0` | Represents "this host" or "any address" |
⚠️ Watch Out For
• 127.x.x.x is reserved for loopback — Class A technically starts at 1, not 0
• APIPA (169.254.x.x) addresses mean the host cannot reach a DHCP server — a common troubleshooting indicator
• Class D (224–239) is multicast, not unicast — hosts cannot be assigned these as regular IPs
• The private 172.x range is 172.16–172.31, NOT all 172.x.x.x addresses
---
Subnetting & CIDR
CIDR – Classless Inter-Domain Routing
• Replaces rigid classful addressing with flexible prefix lengths
• Written as IP address followed by a slash and prefix length (e.g., `192.168.1.0/26`)
• Solves: IP address waste and accelerated IPv4 exhaustion
• Enables route summarization (aggregating multiple routes into one)
The Core Subnetting Formulas
| Formula | Purpose |
|---------|---------|
| 2^n − 2 | Usable host addresses (n = host bits remaining) |
| 2^n | Number of subnets created (n = bits borrowed) |
| 256 − subnet mask octet | Block size / subnet increment |
Common Subnet Reference Table
| CIDR | Dotted-Decimal Mask | Host Bits | Usable Hosts | Block Size |
|------|---------------------|-----------|--------------|------------|
| /24 | 255.255.255.0 | 8 | 254 | 256 |
| /25 | 255.255.255.128 | 7 | 126 | 128 |
| /26 | 255.255.255.192 | 6 | 62 | 64 |
| /27 | 255.255.255.224 | 5 | 30 | 32 |
| /28 | 255.255.255.240 | 4 | 14 | 16 |
| /29 | 255.255.255.248 | 3 | 6 | 8 |
| /30 | 255.255.255.252 | 2 | 2 | 4 |
Step-by-Step Subnetting Process
1. Identify the prefix length and convert to dotted-decimal if needed
2. Calculate host bits → 32 − prefix length
3. Calculate usable hosts → 2^(host bits) − 2
4. Calculate block size → 256 − value of subnet mask in the interesting octet
5. List subnet increments starting from 0, incrementing by block size
6. Identify network address (first address in block) and broadcast address (last address before next subnet)
Worked Example: 192.168.10.130/25
• Mask: 255.255.255.128 → block size = 256 − 128 = 128
• Subnets: 192.168.10.0 and 192.168.10.128
• 130 falls in the second block → Network: 192.168.10.128
• Broadcast: 192.168.10.255 (one before the next subnet at .256, which wraps to the next network)
• Usable hosts: 192.168.10.129 – 192.168.10.254
Borrowing Bits for Subnets
• Each bit borrowed from the host portion doubles the number of subnets
• Each bit borrowed halves the number of available hosts per subnet
• Formula: Subnets = 2^(new prefix − original classful prefix)
- Example: Taking a /24 to /27 → borrowed bits = 27 − 24 = 3 → 2³ = 8 subnets
VLSM – Variable Length Subnet Masking
• Allows different subnet sizes within the same address space
• Match subnet size to actual need (e.g., /30 for router links, /24 for large departments)
• Requires a routing protocol that carries subnet mask information (e.g., OSPF, EIGRP)
• Process: Allocate largest subnets first, then progressively smaller ones
Special Case: /30 Subnets
• Mask: `255.255.255.252`
• Provides exactly 2 usable host addresses
• Ideal for point-to-point WAN links between two routers — no address waste
Key Terms
• CIDR – Classless Inter-Domain Routing; flexible prefix-based addressing
• VLSM – Variable Length Subnet Masking; different-sized subnets within one network
• Block size – The increment between subnet starting addresses
• Network address – First address in subnet; all host bits = 0; non-assignable
• Broadcast address – Last address in subnet; all host bits = 1; non-assignable
• Borrowed bits – Host bits repurposed to create additional subnets
⚠️ Watch Out For
• Always subtract 2 for usable hosts (network + broadcast are reserved)
• The subnet mask octet for block size calculation is only the interesting (changing) octet
• For VLSM, assign largest subnets first to avoid overlap
• /31 and /32 are special cases: /31 is used for point-to-point links (RFC 3021, 0 usable by traditional rules), /32 is a host route
---
IPv6 Addressing
Address Structure
• 128 bits long — provides ~3.4 × 10³⁸ unique addresses
• Written as eight groups of four hexadecimal digits separated by colons
• Example: `2001:0db8:85a3:0000:0000:8a2e:0370:7334`
Abbreviation Rules
1. Leading zeros within any group may be dropped → `0db8` becomes `db8`
2. One consecutive run of all-zero groups may be replaced with `::` (only once per address)
- `2001:0db8:0000:0000:0000:0000:0000:0001` → `2001:db8::1`
IPv6 Address Types
| Type | Prefix | Description |
|------|--------|-------------|
| Global Unicast | 2000::/3 | Publicly routable; equivalent to public IPv4 |
| Link-Local | FE80::/10 | Auto-assigned; local link only; non-routable |
| Multicast | FF00::/8 | Replaces IPv4 broadcast; targets groups |
| Loopback | ::1 | Tests local IPv6 stack; equivalent to 127.0.0.1 |
| Unspecified | :: | Represents "no address" (0:0:0:0:0:0:0:0) |
| Unique Local | FC00::/7 | Private IPv6; similar to RFC 1918 |
Interface ID Generation
| Method | How It Works | Privacy |
|--------|-------------|---------|
| EUI-64 | Derived from 48-bit MAC address; splits MAC, inserts `FF:FE`, flips 7th bit | Lower — trackable |
| Random | OS generates a random 64-bit value | Higher — preferred for clients |
SLAAC – Stateless Address Autoconfiguration
• Host self-configures an IPv6 address without DHCPv6
• Process:
1. Host sends Router Solicitation (RS)
2. Router replies with Router Advertisement (RA) containing the network prefix
3. Host combines prefix with its own interface ID to form a complete /128 address
• Uses NDP (Neighbor Discovery Protocol) — replaces ARP from IPv4
Key Terms
• EUI-64 – Extended Unique Identifier; MAC-based interface ID generation
• SLAAC – Stateless Address Autoconfiguration; auto-assign without DHCP server
• RA/RS – Router Advertisement / Router Solicitation; NDP message types
• NDP – Neighbor Discovery Protocol; IPv6 replacement for ARP
• Link-local – FE80::/10; required on every IPv6 interface; non-routable
⚠️ Watch Out For
• `::` can only appear once in an IPv6 address — its position determines how many zero groups it replaces
• Link-local addresses are not routable — they cannot be used as source/destination across routers
• IPv6 has no broadcast — multicast (FF00::/8) fills that role
• The loopback is `::1`, NOT `::0` or `FE80::1`
• Global unicast starts at 2000::/3 — memorize this range (2000:: to 3FFF::)
---
Special Addresses & Key Concepts
Unicast, Multicast, and Broadcast Comparison
| Type | IPv4 Range | Targets |
|------|-----------|---------|
| Unicast | Any standard address | Single host |
| Multicast | 224.0.0.0 – 239.255.255.255 (Class D) | Defined group of hosts |
| Broadcast | 255.255.255.255 or directed (e.g., 172.16.5.255) | All hosts on subnet |
Directed Broadcast
• Last address in a subnet (all host bits = 1)
• Example: subnet `172.16.5.0/24` → directed broadcast = `172.16.5.255`
• Routers typically block directed broadcasts (security risk)
Supernetting / Route Summarization
• Combines multiple contiguous networks into one routing entry using a shorter prefix
• Example: Four /24 networks summarized into one /22
• Reduces routing table size and improves router efficiency
• Opposite of subnetting (longer prefix = smaller subnet; shorter prefix = larger supernet)
NAT and PAT
| Feature | Standard NAT | PAT (NAT Overload) |
|---------|-------------|-------------------|
| Mapping | One private IP → One public IP | Many private IPs → One public IP |
| Tracking | IP address only | IP address + unique port number |
| Use Case | Servers needing consistent public IP | Home/office internet sharing |
| Also called | Static NAT | NAT Overload |
• NAT allows RFC 1918 private addresses to communicate on the public internet
• PAT is the most common form — used in virtually all home routers
Key Terms
• Directed broadcast – Subnet's last address; all host bits set to 1
• Network address – Subnet's first address; all host bits set to 0; identifies the subnet
• Supernet – Aggregation of networks using a shorter prefix
• NAT – Network Address Translation; maps private to public IPs
• PAT – Port Address Translation; many-to-one NAT using port numbers
⚠️ Watch Out For
• The network address and broadcast address cannot be assigned to hosts — always subtract 2 from total addresses
• 255.255.255.255 is a limited broadcast (local subnet only); a directed broadcast is subnet-specific
• NAT and PAT break end-to-end connectivity — relevant for protocols like IPsec and SIP
• Supernetting uses a shorter prefix (e.g., /22 vs /24); subnetting uses a longer prefix
---
Quick Review Checklist
IPv4 Fundamentals
• [ ] IPv4 = 32 bits, dotted-decimal, four octets
• [ ] Class A: 1–126, /8 | Class B: 128–191, /16 | Class C: 192–223, /24
• [ ] Three RFC 1918 private ranges: 10.x, 172.16–31.x, 192.168.x
• [ ] Loopback = 127.0.0.1 (tests local TCP/IP stack)
• [ ] APIPA = 169.254.x.x (no DHCP server reachable)
Subnetting & CIDR
• [ ] Usable hosts = 2^(host bits) − 2
• [ ] Subnets created = 2^(borrowed bits)
• [ ] Block size = 256 − subnet mask value in interesting octet
• [ ] Know common masks: /24=254 hosts, /25=126, /26=62, /27=30, /28=14, /29=6, /30=2
• [ ] VLSM allows different prefix lengths within the same address space
• [ ] /30 is standard for point-to-point router links
IPv6
• [ ] IPv6 = 128 bits, eight hex groups separated by colons
• [ ] Two abbreviation rules: drop leading zeros; use `::` once for zero groups
• [ ] Loopback = ::1 | Link-local = FE80::/10 | Global unicast = 2000::/3
• [ ] Multicast = FF00::/8 (replaces broadcast)
• [ ] SLAAC uses Router Advertisement to auto-configure address without DHCPv6
• [ ] EUI-64 derives interface ID from MAC address
Special Concepts
• [ ] Network address (first) and broadcast address (last) cannot be assigned to hosts
• [ ] Directed broadcast = all host bits set to 1 in a