IP Addresses and Subnets
At the network layer (layer 3, Article 1), each device is identified by an IP address. Understanding IP and subnets is the foundation for understanding routing, NAT, firewalls, and nearly everything else. This article focuses on IPv4 (still the most common) and then introduces IPv6.
What an IPv4 address is
An IPv4 address is a 32-bit number, written as 4 groups of decimal numbers (0–255) separated by dots — "dotted decimal":
192 . 168 . 71 . 168
└┬┘ └┬┘ └┬┘ └┬┘
8 bit 8 bit 8 bit 8 bit = 32 bits total
Each group (octet) is 8 bits, so values run 0–255. The full 32 bits gives about 4.3 billion addresses — sounds like a lot, but they've actually run out (the reason IPv6 exists, end of this article).
The network part and the host part
This is the most important idea: an IP address has two parts — one that identifies the network and one that identifies the device (host) within that network. Like a street address: "District 1, Le Loi Street" (network) + "house number 123" (host).
How many bits go to the network part is decided by the subnet mask. The modern way to write it is CIDR: add /N after the IP, meaning the first N bits are the network part.
A real example from a Mac on a home network:
ifconfig en0 | grep inet
inet 192.168.71.168 netmask 0xffffff00 broadcast 192.168.71.255
netmask 0xffffff00 (macOS hexadecimal) = 255.255.255.0 = /24. Reading it:
192.168.71.168 /24
┌──────────────┴───────────────┐
24 bits network | 8 bits host
192 . 168 . 71 . 168
└──── network ─┘ └host┘
→ Every machine of the form 192.168.71.X is on the same network
→ 8 host bits = 256 addresses, usable .1 to .254 (254 machines)
Two addresses in each network are "special" and not assigned to a host:
- The network address (
192.168.71.0) — represents the network as a whole. - The broadcast address (
192.168.71.255) — sends to every host on the network (exactly thebroadcastline above).
/24 (256 addresses) is the most common size for a home/small-office network. CIDR allows flexible sizes: /16 (65,536 addresses), /30 (4 addresses — often used for point-to-point links). The smaller the number, the larger the network.
The ipcalc tool computes these quickly:
ipcalc 192.168.71.168/24
It prints the network address, broadcast, and usable host range — handy when carving up subnets.
Private and public IPs
Notice: the Mac above has IP 192.168.71.168, but when you ask "what's my IP out to the Internet":
curl https://checkip.amazonaws.com
203.0.113.45
The two addresses are completely different. Why? There are two kinds of IP:
- Private IP — used only within a local network (home, office, VPC). Not routable on the Internet. Per RFC 1918, three ranges are reserved for this purpose:
10.0.0.0/8 (10.x.x.x) — large networks
172.16.0.0/12 (172.16–31.x.x) — medium
192.168.0.0/16 (192.168.x.x) — home/small networks ← the Mac is here
- Public IP — globally unique, routable on the Internet. The IP
203.0.113.45belongs to the router/ISP, shared by the whole household.
Every device in your home uses a private IP (192.168.x.x), but out to the Internet they "hide" behind a single public IP belonging to the router. The mechanism that converts between the two is called NAT — the subject of Article 5. (This is also why so many devices can share the scant few billion IPv4 addresses.)
A few special addresses worth knowing
127.0.0.1 loopback — this machine itself (localhost)
0.0.0.0 "any address" — when a service binds 0.0.0.0 it listens on every interface
192.168.x.255 broadcast for that network
169.254.x.x self-assigned address when no IP could be obtained (a sign of DHCP failure)
Remember Article 13 of the Linux series: a service bound to 127.0.0.1 is only reachable from the machine itself; binding 0.0.0.0 lets outsiders in. Now you understand why: 0.0.0.0 means every interface.
IPv6: why and what's different
The 4.3 billion IPv4 addresses have run out (too many devices). IPv6 solves it with 128-bit addresses — a virtually limitless supply. Written in hexadecimal, 8 groups separated by colons:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
(shortened: consecutive 0 groups replaced by ::, leading zeros dropped)
2001:db8:85a3::8a2e:370:7334
IPv6 is gradually becoming common (mobile, cloud), but IPv4 is still everywhere and is what you'll encounter most while learning. The network/host and routing concepts are still similar; IPv6 doesn't need NAT because there are enough addresses for every device. This series focuses on IPv4; knowing that IPv6 exists and why is enough for now.
Wrap-up
An IPv4 address is a 32-bit number, made of a network part + a host part, divided by the subnet mask written in CIDR (/24 = 24 network bits). Each network has its own network and broadcast addresses. Private IPs (RFC 1918: 10/8, 172.16/12, 192.168/16) are for internal use; public IPs are routable on the Internet — and your machine has both (private on the LAN, public via the router, thanks to NAT). IPv6 (128-bit) arose because IPv4 ran out.
You now know how a device is identified. Article 3 goes one layer down (the link layer): within a local network, how machines actually find and talk to each other — via MAC and ARP.