What does a subnet calculator tell you?

A subnet calculator takes an IP address and a subnet mask or CIDR prefix and returns the complete network breakdown including network address, first and last usable host, broadcast address, total hosts, wildcard mask, and binary mask. It may also display the IP class and whether the address is private or public.

What is the difference between a subnet mask and a CIDR prefix?

A subnet mask and a CIDR prefix represent the same information in different formats. A subnet mask such as 255.255.255.0 uses dotted decimal notation, while a CIDR prefix such as /24 indicates how many leading bits are set to 1. Both formats are interchangeable.

What is the difference between FLSM and VLSM?

Fixed-Length Subnet Masking (FLSM) divides a network into subnets that are all the same size and use the same subnet mask. Variable-Length Subnet Masking (VLSM) creates subnets of different sizes based on host requirements, which makes more efficient use of IP address space.

When should I use FLSM instead of VLSM?

FLSM is useful when all network segments require the same number of hosts, such as in structured lab environments or simple legacy networks. In most modern networks VLSM is preferred because it uses address space more efficiently.

How does VLSM allocate subnets?

VLSM sorts host requirements from largest to smallest and assigns the smallest possible subnet that can support each requirement. For example, if a network needs 100, 50, and 20 hosts, it may allocate a /25, then a /26, then a /27 to minimize wasted addresses.

Does this calculator find free or unused IP addresses?

Yes. After performing FLSM or VLSM calculations, the calculator can generate a Free or Unused IP Network table that shows which address ranges remain unallocated and available for future subnetting.

What is Supernetting (Route Summarization)?

Supernetting, also called route summarization, combines multiple contiguous smaller networks into one larger summary route. This reduces routing table size, improves router efficiency, and simplifies network management.

What are the rules for supernetting to work correctly?

For supernetting to work correctly, the networks must be contiguous with no gaps, the number of networks must be a power of two such as 2, 4, 8, or 16, and the first network must start on the correct boundary for the summarized prefix.

Do I need to create an account or install software?

No. The calculator runs entirely in your browser and does not require account creation, downloads, or installation. All calculations are performed locally.

Can I calculate IPv6 subnets here?

This page focuses on IPv4 subnetting. A separate IPv6 subnet calculator can be used to analyze IPv6 prefixes and address details.

What other tools are available on this site?

The site offers multiple networking tools including subnet calculators, VLSM and FLSM calculators, supernetting tools, subnet overlap checkers, IPv6 calculators, EUI-64 generators, IP range to CIDR converters, wildcard mask converters, MAC address tools, and other utilities.

Are the results accurate enough to use in a real network design?

Yes. The calculations are based on the same binary and bitwise logic used by routers and networking systems, making them suitable for production network planning, certification study, firewall configuration, and cloud network design.

Azure VNet Subnet Calculator

Calculate your Azure network requirements with ease. This tool helps you find the right CIDR blocks for Gateway, Public, and Private subnets. We automatically remove the 5 reserved Azure IPs from your host counts, giving you a perfect and accurate calculation for your cloud setup.

Precise Azure Math Accurate IP Counts Hub & Spoke Ready Easy CSV Export

VNet Configuration

VNet Base IP:

Subnet Mask:

CIDR / Prefix:

/16

Azure reserves 5 IPs per subnet — the network address (.0), Azure default gateway (.1), Azure DNS mapping (.2 and .3), and the broadcast address (last IP). These are subtracted automatically from your usable host count.

No. of Subnets:

No subnets yet

VNet Subnet Plan

VNet Address Utilization

Free / Unallocated IP Blocks

Block	Network (CIDR)	First IP	Last IP	Broadcast	Total IPs	Usable IPs	Netmask	Wildcard

Free blocks are listed in sequential address order — smallest block first, largest last. These represent unallocated address space inside your VNet CIDR that is ready for future subnets, VNet peering connections, or Azure service integrations such as Private Endpoints.

How to Use the Azure VNet Subnet Calculator

What This Tool Does

When you create a Virtual Network in Azure you have to divide your address space into subnets upfront. Sizing them incorrectly means running out of IPs in one subnet while others sit empty — and Azure does not let you resize a subnet that already contains resources. This calculator uses VLSM to give each subnet exactly the right block size based on your host requirements, then shows you all remaining free space as ready-to-use CIDR blocks.

Azure-specific detail: Every subnet in Azure loses 5 IP addresses to platform use — the network address, the default gateway, two Azure DNS addresses, and the broadcast address. This tool deducts those 5 addresses automatically so the usable counts you see reflect what you can actually assign to VMs, containers, and other resources.

Step 1 — Set Your VNet Address Space

Enter the IP address block that Azure will assign to your Virtual Network. Every subnet will be carved out of this pool.

1Enter a VNet Base IP — use a private RFC 1918 address such as 10.0.0.0, 172.16.0.0, or 192.168.0.0.
2Drag the CIDR slider or type a Subnet Mask. Azure VNets support /8 to /29. A /16 is the standard starting point for production environments — it gives 65,536 addresses to divide.

Plan for peering early: If you intend to connect this VNet to other VNets or your on-premises network via VNet Peering or VPN Gateway, ensure none of the address spaces overlap. The VNet address space can be expanded later by adding more ranges, but existing ranges cannot be changed while resources are present.

Step 2 — Enter the Number of Subnets and Fill in the Details

Type how many subnets you need into the No. of Subnets box and click Generate Rows. One blank row appears for each subnet — fill in the four fields for each one:

→Subnet Name — a label you will recognise in the Azure portal, for example GatewaySubnet, web-public-eastus, or db-service-westeu. Azure requires the dedicated gateway subnet to be named exactly GatewaySubnet.
→Region / Zone — type the Azure region or availability zone this subnet belongs to, for example eastus, westeurope, or eastus-az1. This field is free-text and accepts any naming convention.
→Type — type gateway, public, private, or service. Gateway subnets host VPN or ExpressRoute gateways. Public subnets hold internet-facing resources such as Application Gateways. Private subnets host VMs and app services. Service subnets are dedicated to Azure PaaS services like Azure Kubernetes Service node pools or SQL Managed Instance.
→Hosts Needed — how many resources you expect in this subnet. Size generously since Azure does not allow you to shrink or move a subnet that contains resources. The calculator rounds up to the nearest power-of-2 block and subtracts the 5 Azure-reserved addresses automatically.

Add or remove rows freely. Use Generate Rows to create a fresh batch, Add One More Row to append a single extra row, or click ✕ to remove any row. You can adjust everything before clicking Generate Plan.

Typical hub-spoke layout: Set No. of Subnets to 5. Add a GatewaySubnet (gateway, 27 hosts), an AzureFirewallSubnet (service, 27 hosts), a public-facing Application Gateway subnet (public, 50 hosts), a private app subnet (private, 200 hosts), and a service subnet for your database tier (service, 50 hosts).

Step 3 — Generate and Read Your Plan

Click Generate Plan. Subnets are allocated from largest to smallest (VLSM order) to minimise gaps and boundary-alignment waste. The results table shows your complete IP layout. Here is what each column means:

→Subnet Name / Type — your label and a colour-coded type badge (blue = Gateway, green = Public, amber = Private, red = Service).
→Region / Zone — the region or zone you entered.
→Network (CIDR) — the exact address prefix to enter in the Azure portal when creating this subnet.
→Total IPs — the full block size including Azure-reserved addresses.
→Azure Reserved — always 5. Shown separately so you can see exactly what Azure takes from every subnet.
→Usable IPs — addresses available to assign to resources. This is Total IPs minus 5.
→Netmask — the subnet mask in dotted-decimal format for reference.

Copy or Download — use the Copy button to paste the full plan into a document or spreadsheet, or click Download to save it as a CSV. Both buttons include the free IP blocks table.

Azure Subnet Sizing Best Practices

Key rules from the Azure Well-Architected Framework and Azure networking documentation when sizing subnets:

1Size up, not down. Azure does not allow you to resize a subnet that contains resources. Allocate more space than you need today — unused addresses cost nothing but running out of IPs in a live subnet is a serious incident.
2GatewaySubnet must be named exactly. Azure requires the subnet hosting a VPN or ExpressRoute gateway to be named GatewaySubnet. A /27 (27 usable) is the minimum recommended size; use /26 if you plan to deploy both VPN and ExpressRoute gateways.
3AzureFirewallSubnet needs a /26. If you are deploying Azure Firewall, its dedicated subnet must be named AzureFirewallSubnet and be at least a /26 (59 usable IPs).
4AKS node pools need large subnets. Each AKS node can consume many IPs in CNI mode — plan for the maximum node count multiplied by the max pods per node. A /22 or larger is common for production AKS node pool subnets.
5Reserve space for growth. Leave at least 25–30% of your VNet address space unallocated. Unlike AWS, Azure allows you to add additional address ranges to an existing VNet, but careful upfront planning is still far easier than emergency expansion.

Subnet Purpose	Typical Size	Reason
GatewaySubnet (VPN / ER)	/27 – /26	Fixed number of gateway instances
AzureFirewallSubnet	/26	Azure requirement — minimum /26
Application Gateway (public)	/26 – /25	Scales with instance count; needs room
App / VM tier (private)	/23 – /22	Horizontal scaling of VMs and containers
AKS node pool (service)	/22 – /21	Many IPs consumed per node in CNI mode
Database / PaaS (service)	/26 – /25	Fixed instance count, moderate reservation

Frequently Asked Questions

Why does Azure reserve 5 IP addresses in every subnet?

Azure reserves the first four and the last IP address in every subnet. The first is the network address, the second is the default gateway (.1), the third and fourth are mapped to Azure DNS (.2 and .3), and the last is the broadcast address. These five cannot be assigned to any resource. A /29 with 8 total addresses only gives you 3 usable IPs — plan accordingly and avoid very small subnets where the 5-address overhead is significant.

What address space should I use for my Azure VNet?

Use a private RFC 1918 range — 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. For most production VNets, starting with a /16 from the 10.x space gives 65,536 addresses and room to grow. If you plan to connect this VNet to other VNets via peering or to on-premises networks via VPN or ExpressRoute, ensure the ranges do not overlap — peered VNets cannot have overlapping address spaces.

What is the difference between the four subnet types in this calculator?

Gateway subnets host Azure VPN Gateways or ExpressRoute Gateways and must be named GatewaySubnet. Public subnets hold internet-facing services such as Azure Application Gateway or Azure Load Balancer with a public IP. Private subnets host virtual machines, App Services, and other workloads that only need outbound internet access through a NAT Gateway or firewall. Service subnets are delegated to specific Azure PaaS services — AKS node pools, Azure SQL Managed Instance, Azure Firewall — each with their own sizing and naming requirements from Microsoft.

Can I resize or delete a subnet in Azure after creating it?

You can only resize a subnet if it contains no resources. Once a VM, NIC, or service endpoint is deployed into a subnet, Azure will not allow you to change its address range. Deleting and recreating a subnet requires first removing all resources inside it. This is the most common and most painful Azure networking mistake — always plan your subnet sizes generously before deploying anything into them.

How does this calculator handle the VLSM allocation order?

The calculator sorts your subnets from largest required block to smallest before allocating addresses. This is the correct VLSM approach — placing the largest subnets first minimises boundary-alignment waste and ensures all subnets fit within the VNet address space without gaps. Your subnets are then re-sorted by network address for display, so the results table shows them in the natural sequential order they occupy in memory.

What is the Free / Unallocated IP Blocks table?

After all your subnets are placed, the remaining address space inside your VNet CIDR is decomposed into boundary-aligned CIDR blocks and shown in the free table. These are real, usable address ranges — not gaps or wasted space. You can assign any of these blocks to a new subnet at any time without disrupting existing subnets. The blocks are listed in sequential address order, smallest first, so the first entry is the one immediately after your last allocated subnet.

What is the smallest subnet size Azure allows?

The smallest subnet Azure supports is a /29, which has 8 total IP addresses. After the 5 Azure-reserved addresses, only 3 usable IPs remain. This is only suitable for very constrained infrastructure subnets — for example, a point-to-site VPN subnet or a small Private Endpoint subnet. Do not use /29 for any subnet that might need to scale. For most workloads, /27 (27 usable) is the practical minimum.