What does a subnet calculator tell you?

A subnet calculator takes an IP address and a subnet mask or CIDR prefix and returns the complete network breakdown including network address, first and last usable host, broadcast address, total hosts, wildcard mask, and binary mask. It may also display the IP class and whether the address is private or public.

What is the difference between a subnet mask and a CIDR prefix?

A subnet mask and a CIDR prefix represent the same information in different formats. A subnet mask such as 255.255.255.0 uses dotted decimal notation, while a CIDR prefix such as /24 indicates how many leading bits are set to 1. Both formats are interchangeable.

What is the difference between FLSM and VLSM?

Fixed-Length Subnet Masking (FLSM) divides a network into subnets that are all the same size and use the same subnet mask. Variable-Length Subnet Masking (VLSM) creates subnets of different sizes based on host requirements, which makes more efficient use of IP address space.

When should I use FLSM instead of VLSM?

FLSM is useful when all network segments require the same number of hosts, such as in structured lab environments or simple legacy networks. In most modern networks VLSM is preferred because it uses address space more efficiently.

How does VLSM allocate subnets?

VLSM sorts host requirements from largest to smallest and assigns the smallest possible subnet that can support each requirement. For example, if a network needs 100, 50, and 20 hosts, it may allocate a /25, then a /26, then a /27 to minimize wasted addresses.

Does this calculator find free or unused IP addresses?

Yes. After performing FLSM or VLSM calculations, the calculator can generate a Free or Unused IP Network table that shows which address ranges remain unallocated and available for future subnetting.

What is Supernetting (Route Summarization)?

Supernetting, also called route summarization, combines multiple contiguous smaller networks into one larger summary route. This reduces routing table size, improves router efficiency, and simplifies network management.

What are the rules for supernetting to work correctly?

For supernetting to work correctly, the networks must be contiguous with no gaps, the number of networks must be a power of two such as 2, 4, 8, or 16, and the first network must start on the correct boundary for the summarized prefix.

Do I need to create an account or install software?

No. The calculator runs entirely in your browser and does not require account creation, downloads, or installation. All calculations are performed locally.

Can I calculate IPv6 subnets here?

This page focuses on IPv4 subnetting. A separate IPv6 subnet calculator can be used to analyze IPv6 prefixes and address details.

What other tools are available on this site?

The site offers multiple networking tools including subnet calculators, VLSM and FLSM calculators, supernetting tools, subnet overlap checkers, IPv6 calculators, EUI-64 generators, IP range to CIDR converters, wildcard mask converters, MAC address tools, and other utilities.

Are the results accurate enough to use in a real network design?

Yes. The calculations are based on the same binary and bitwise logic used by routers and networking systems, making them suitable for production network planning, certification study, firewall configuration, and cloud network design.

AWS VPC Subnet Calculator

Plan your AWS network with ease. This tool helps you divide your VPC into Public, Private, and Isolated subnets. We automatically remove the 5 reserved AWS IPs from your host counts, giving you a perfect and accurate IP plan for your cloud setup.

Multi-Zone Support Accurate IP Counts 3-Tier Design Easy CSV Export

VPC Configuration

VPC Base IP:

Subnet Mask:

CIDR / Prefix:

/16

AWS reserves 5 IPs per subnet — the network address, VPC router (.1), DNS server (.2), future use (.3), and broadcast address. These are subtracted automatically from your usable host count.

No. of Subnets:

No subnets yet

VPC Subnet Plan

VPC Address Utilization

Free / Unallocated IP Blocks

Block	Network (CIDR)	First IP	Last IP	Broadcast	Total IPs	Usable IPs	Netmask	Wildcard

Free blocks are listed in sequential address order — smallest block first, largest last. These represent unallocated address space inside your VPC CIDR that is ready for future subnets, VPN connections, or AWS service integrations such as PrivateLink endpoints.

How to Use the AWS VPC Subnet Calculator

What This Tool Does

When you create a VPC in AWS you have to decide upfront how to divide your IP block into subnets. Getting this wrong means running out of IPs in a busy subnet while other subnets sit mostly empty. This calculator uses VLSM to allocate exactly the right block size for each subnet — the same logic AWS architects use when planning production environments.

AWS-specific detail: Every subnet you create in AWS loses 5 IP addresses to AWS internal use. This tool subtracts those 5 addresses automatically so the host counts you see are what you can actually assign to EC2 instances, load balancers, and other resources.

Step 1 — Set Your VPC CIDR Block

Enter the IP address block that AWS will assign to your VPC. This is the total pool all subnets will be carved from.

1Enter a VPC Base IP — typically a private RFC 1918 address like 10.0.0.0, 172.16.0.0, or 192.168.0.0.
2Drag the CIDR slider or type a Subnet Mask. AWS VPCs support /16 to /28. A /16 gives 65,536 addresses — the most common choice for production VPCs.

Avoid future peering conflicts: If you plan to connect this VPC to your office network or other VPCs via VPC Peering or Transit Gateway, make sure the CIDR ranges do not overlap. Plan the range once and it cannot be changed later without recreating the VPC.

Step 2 — Enter the Number of Subnets and Fill in the Details

Type how many subnets your VPC needs into the No. of Subnets box and click Generate Rows. One blank row appears for each subnet — fill in the four fields for each one:

→Subnet Name — a label you will recognise in the AWS console, for example web-public-1a or db-isolated-1b. Use a consistent naming scheme across your team.
→Availability Zone — type the AZ exactly as AWS names it, for example us-east-1a or eu-west-1b. This field is free-text so you can use any region and any AZ naming convention.
→Type — type public, private, or isolated. Public subnets face the internet via an Internet Gateway. Private subnets reach the internet only through a NAT Gateway. Isolated subnets have no internet route at all — for databases and internal services.
→Hosts Needed — the number of resources you expect to place in this subnet. Size generously — you cannot expand a subnet after it is created in AWS. The calculator rounds up to the nearest power-of-2 block and deducts the 5 AWS-reserved addresses automatically.

Add or remove rows freely. Use Generate Rows to create a fresh batch, Add One More Row to append a single extra row, or click the ✕ on any row to remove it. You can mix and match as needed before clicking Generate Plan.

Common pattern — 3-tier across 2 AZs: Set No. of Subnets to 6. Create Public (web/ALB), Private (app/ECS), and Isolated (RDS) subnets in each of us-east-1a and us-east-1b. Add a third AZ for critical workloads.

Step 3 — Generate and Read Your Plan

Click Generate Plan. The calculator allocates subnets from largest to smallest (VLSM order) to minimise gaps, then shows you the complete IP layout. Here is what each column means:

→Subnet Name / Type — your label and a colour-coded badge (green = Public, amber = Private, red = Isolated).
→AZ — the Availability Zone you selected.
→Network (CIDR) — the exact CIDR block to enter in the AWS console when creating this subnet.
→Total IPs — the full size of the block including AWS-reserved addresses.
→AWS Reserved — always 5. Shown separately so you can see exactly what AWS takes.
→Usable IPs — what you can actually assign to resources. This is Total IPs minus 5.
→Netmask — the subnet mask in dotted-decimal format.

Copy or Download — use the Copy button to paste the full plan into a document or spreadsheet, or click Download to save it as a CSV file. Both buttons include the free IP blocks table as well.

AWS Subnet Sizing Best Practices

A few rules that AWS and AWS Well-Architected Framework recommend when sizing subnets:

1Size up, not down. You cannot resize a subnet after creation. It is better to allocate a /24 (251 usable) when you only need 50 hosts today — you can always leave addresses unused.
2Keep subnets within one AZ. AWS subnets span exactly one AZ. Create one subnet per tier per AZ — not one shared subnet across AZs.
3Public subnets can be smaller. Public subnets typically hold load balancers and NAT Gateways — not application instances. A /27 or /28 is often enough.
4Private subnets need the most space. Application servers and containers scale horizontally. Give Private subnets the largest blocks (/22 or /23) so auto-scaling groups have room to grow.
5Reserve space for the future. Leave at least 25–30% of your VPC CIDR unallocated. AWS lets you add a secondary CIDR later but the primary range is fixed.

Tier	Typical Size	Reason
Public (ALB / NAT GW)	/27 – /26	Small — only a few elastic IPs and load balancers
Private (App / ECS)	/23 – /22	Large — horizontal scaling of application containers
Isolated (RDS / Cache)	/26 – /25	Medium — fixed number of DB instances per AZ

Frequently Asked Questions

Why does AWS reserve 5 IP addresses per subnet?

AWS reserves the first four and the last IP address in every subnet. In order: the network address, the VPC router address (.1), the AWS DNS server (.2), an address reserved for future use (.3), and the broadcast address (last IP). These five are unavailable to your instances regardless of subnet size — a /28 with 16 total addresses only gives you 11 to use.

What CIDR block should I use for my VPC?

Use a private RFC 1918 range — 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. For most production environments, a /16 from the 10.x range is the standard starting point. It gives 65,536 addresses and enough room to add secondary CIDRs later. Avoid ranges that already exist in your data centre or other VPCs you might peer with in future.

What is the difference between Public, Private, and Isolated subnets?

A Public subnet has a route to an Internet Gateway — resources inside get a public IP and can communicate directly with the internet. A Private subnet routes outbound traffic through a NAT Gateway in a public subnet, so instances can download updates and call external APIs but are not reachable from the internet. An Isolated subnet has no internet route at all — it is used for databases and internal services where any internet connectivity is a security risk.

Can I change a subnet CIDR after creating it in AWS?

No. Once a subnet is created in AWS its CIDR block is permanent. The only way to change it is to delete the subnet and create a new one — which also means terminating any resources inside it first. This is why careful upfront planning with a tool like this one matters. It is far easier to adjust numbers here than to rebuild a live environment.

How many Availability Zones should I use?

AWS recommends at least two AZs for high availability. Most well-architected production workloads use three — if one AZ has an outage, two-thirds of capacity remains. Each AZ gets its own set of subnets (public, private, isolated), so three AZs means nine subnets for a standard three-tier application. The calculator supports all three major AZs for the most common AWS regions.

What is the smallest subnet size AWS allows?

The minimum subnet size in AWS is a /28, which has 16 total IP addresses. After the 5 AWS-reserved addresses, you have 11 usable IPs. This is acceptable for small infrastructure subnets — a NAT Gateway only needs one IP, and a VPN endpoint rarely needs more than a handful. Do not use /28 for application or container subnets that might need to scale.