Subnet Planning Suite

Introduction:

A clean IPv4 plan is part arithmetic and part inventory discipline. The arithmetic says which ranges fit inside a larger allocation. The inventory discipline decides whether those ranges are usable for real VLANs, routed links, firewall objects, DHCP scopes, cloud networks, or lab segments without colliding with addresses that already exist.

CIDR notation writes a network as an address plus a prefix length, such as 10.24.0.0/20. The prefix length says how many of the 32 IPv4 bits identify the network. The remaining bits identify addresses inside that network. Moving from a /20 parent to /24 children adds four network bits, which creates 16 equal child blocks. Moving the child prefix one step longer doubles the child count and cuts the raw address capacity of each child in half.

Real subnet plans often mix several pressures. A campus may need one range per VLAN, a data center may need predictable ranges for firewall objects, a lab may need disposable blocks that are easy to reset, and a WAN design may use very small point-to-point links. Cloud networks add provider-specific reservations, while enterprise networks add route summarization, DHCP boundaries, monitoring systems, and address-management records.

The common mistake is to treat subnet math as proof that a range is available. It only proves that the proposed blocks fit inside the parent. Availability still depends on address-management records, existing routes, DHCP leases, firewall policy, provider reservations, and device support for special cases such as /31 links.

How to Use This Tool:

Start with the parent network from your allocation request, route plan, site design, or lab note. Enter it as CIDR notation or as an address with a dotted mask. If the address is a host inside the block, the result will show the normalized network base so you can catch accidental boundary errors.

1. Set the child prefix you want to carve from the parent. Use a broader child prefix for more host capacity, or a longer child prefix when you need more small ranges.
2. Enter the usable hosts per child and the number of child subnets needed. Set the host target to 0 when you only need an address ledger and prefix math.
3. Choose the reserve percentage that should remain outside normal allocation. This changes the deployable capacity check without hiding the full usable-host count.
4. Use LAN or VLAN mode for ordinary shared subnets. Use point-to-point /31 mode only for two-endpoint links where both devices support RFC 3021 addressing.
5. Open the advanced controls when you need custom row labels, a gateway host offset, a mixed demand list, more rendered ledger rows, a shareable parameter link, or a specific export filename stem.
6. For a mixed demand plan, enter one segment per line as a label and host count. Rows are packed in the order you enter them, so place fixed, large, or high-priority segments first.

Use the table, chart, and JSON exports as planning artifacts for review, not as deployment approval. A copied link includes the current planning parameters in the URL, so avoid sharing sensitive internal address plans more broadly than intended.

Interpreting Results:

Allocation Brief is the first place to check. It reports the normalized parent, planned child count, host fit, reserve impact, rendered-row limit, and recommendation status. A Ready result means the entered plan is internally consistent.

Subnet Ledger lists equal child ranges in address order. Each row includes the CIDR block, first usable address, suggested gateway, last usable address, broadcast address, usable-host count, and whether the row is part of the requested allocation count.

Demand Fit Plan is separate from the equal-size ledger. Each demand row receives the smallest fitting prefix after reserve is considered, then the next row starts at the next valid boundary. A later segment can fail when earlier rows used enough space or forced alignment gaps.

Prefix Ladder and Address Math explain the mechanics behind the recommendation. The ladder compares every valid child prefix from the parent boundary through /32; address math exposes masks, wildcard masks, integer spans, and binary prefix boundaries.

Prefix Capacity Curve, Subnet Fit Stack, and Demand Fit Bars are visual checks. Use them to spot steep capacity changes, reserve pressure, and rows that overflow the available host capacity.

Warnings such as Reserve is tight, Child prefix too small, and Needs broader parent are planning blockers unless a network owner accepts the tradeoff. Verify the selected ranges against live IP address management and routing sources before making production changes.

Technical Details:

IPv4 has 2^32 possible addresses. A CIDR prefix divides those bits into a network part and a host part. A child subnet must keep all parent network bits and add zero or more child bits, which is why a child prefix cannot be numerically smaller than its parent prefix.

Subnet capacity has two related numbers. Raw address capacity is the power-of-two block size. Usable-host capacity applies IPv4 addressing rules, then deployable capacity removes the selected reserve headroom. For ordinary LAN and VLAN networks, the network and broadcast addresses are not assignable to hosts. A /32 represents one address, and an RFC 3021 /31 point-to-point link treats both addresses as endpoint addresses.

Formula Core:

For equal-size planning, the child count comes directly from the added prefix bits. For mixed demand planning, the host target and reserve percentage determine the smallest prefix that can still meet each segment. After a segment is placed, the next segment is aligned to its own block size. That alignment can leave gaps, which is why demand order can change whether the full list fits.

Limitations, Privacy, and Accuracy Notes:

The calculation is deterministic subnet arithmetic. It does not query routers, DHCP servers, cloud accounts, spreadsheets, or IP address management systems, so it cannot prove that a proposed range is unused. Treat the result as a planning draft that still needs operational review.

The entered addresses and host targets are processed in the browser for calculation. Exported files, copied rows, copied JSON, and copied links can contain internal network details. Share those artifacts only through channels appropriate for your organization.

Vendor and cloud platforms sometimes reserve extra addresses or disallow certain prefix lengths. Apply those platform-specific rules after confirming the generic IPv4 plan.

Worked Examples:

1. Site VLAN split. A 10.24.0.0/20 parent split into /24 children produces 16 equal subnets. In LAN mode, each child has 254 usable hosts. With 15% reserve, 39 hosts are held back and 215 remain deployable.
2. Host target too large. Keeping the same parent but using /25 children gives 126 usable LAN hosts before reserve. A target of 180 hosts produces Child prefix too small, so the plan needs a broader child prefix.
3. Ordered demand packing. Demand rows such as Core services, 180, Office users, 120, Guest Wi-Fi, 60, and Network gear, 30 are placed in that order. Each row gets the smallest prefix that satisfies its host count after reserve, then the next row is aligned.
4. Point-to-point link. A /31 child in point-to-point mode has two endpoint addresses. The same /31 in LAN mode has no ordinary usable host addresses, so it should not be used for a shared subnet.

Advanced Tips:

• Put fixed or large rows first in Demand list. Ordered VLSM packing is predictable, but a smaller early row can create an alignment gap that later blocks a larger segment.
• Use Reserve headroom to test a growth policy, not to hide known hosts. A warning that hosts only fit by using reserve usually means the child prefix is too long for normal deployment.
• Keep Host address rule on LAN or VLAN subnet unless the range is a two-endpoint link. Point-to-point /31 mode changes the usable-host rule and should match device support.
• Change Gateway host offset only after matching your network standard. The suggested gateway helps documentation, but it does not change the subnet boundaries or usable-host count.
• Lower Ledger rows to render for very large parents when you only need the summary and charts. The brief still reports the full child count while the page avoids rendering thousands of rows.
• Compare Prefix Capacity Curve with Demand Fit Bars before reserving addresses. One chart shows what each prefix can hold; the other shows whether the current demand order wastes space or spills past the parent.

FAQ:

Glossary:

Broadcast address

The highest address in an ordinary IPv4 subnet, reserved for broadcast meaning rather than host assignment.

CIDR

Classless Inter-domain Routing, a notation and routing method that describes IPv4 blocks by prefix length.

Deployable hosts

Usable hosts minus reserve headroom.

Gateway offset

The selected usable-address position used for a suggested gateway address inside each planned subnet.

Wildcard mask

The inverse of the subnet mask, commonly seen in routing and access-list contexts.

References:

• RFC 4632: Classless Inter-domain Routing (CIDR)
• RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links
• RFC 1918: Address Allocation for Private Internets
• How to create a Docker bridge network, Simplified Guide.