IP Address Basics: IPv4 vs IPv6, CIDR Notation and Subnetting

What is an IP Address?

An IP address (Internet Protocol Address) is a unique identifier for devices on a network. Think of it as a mailing address for your computer — without it, other devices cannot find you on the internet.

Two versions exist today: IPv4 and IPv6. IPv4 is the old workhorse, still carrying the majority of internet traffic. IPv6 is the future, designed to solve the address exhaustion problem that IPv4 created.

IPv4: The Classic

An IPv4 address is a 32-bit number, written as four decimal octets separated by dots:

192.168.1.1

Each octet ranges from 0 to 255. That gives 2^32 = about 4.3 billion addresses total. When the internet was designed in the 1980s, that seemed like plenty.

Private vs Public IPs

Some IPv4 ranges are reserved for private networks and never routed on the public internet:

10.0.0.0 - 10.255.255.255   (10.0.0.0/8, 16.7M addresses)
172.16.0.0 - 172.31.255.255 (172.16.0.0/12, 1M addresses)
192.168.0.0 - 192.168.255.255 (192.168.0.0/16, 65K addresses)
127.0.0.0 - 127.255.255.255 (loopback/localhost)

If you have a home router, your devices likely use 192.168.x.x internally. The router uses NAT (Network Address Translation) to map many private IPs to one public IP.

CIDR Notation

CIDR (Classless Inter-Domain Routing) is how you specify an IP range. The format is:

<base-ip>/<prefix-length>

The prefix length tells you how many bits are the network portion:

192.168.1.0/24  -> network: 24 bits, hosts: 8 bits (254 usable addresses)
10.0.0.0/8      -> network: 8 bits, hosts: 24 bits (16.7M addresses)
172.16.0.0/12   -> network: 12 bits, hosts: 20 bits (~1M addresses)

Subnet Mask Cheat Sheet

/32 = 255.255.255.255 (1 address — a single host)
/30 = 255.255.255.252 (4 addresses — 2 usable, for point-to-point links)
/28 = 255.255.255.240 (16 addresses — 14 usable)
/24 = 255.255.255.0   (256 addresses — 254 usable, common for small offices)
/16 = 255.255.0.0     (65,536 addresses)
/8  = 255.0.0.0       (16,777,216 addresses)

Calculating a Subnet

Practical example: you have 192.168.1.0/28 and need to know the usable range.

# Python subnet calculation
import ipaddress

net = ipaddress.ip_network("192.168.1.0/28", strict=False)
print(f"Network: {net.network_address}")
print(f"Broadcast: {net.broadcast_address}")
print(f"Usable: {list(net.hosts())}")

# Output:
# Network: 192.168.1.0
# Broadcast: 192.168.1.15
# Usable: 192.168.1.1 - 192.168.1.14 (14 addresses)

IPv6: The Successor

IPv6 uses 128-bit addresses, written as eight groups of four hexadecimal digits:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

That is 2^128 addresses — enough to assign an IP to every grain of sand on Earth with room to spare.

IPv6 Shortening Rules

Full:    2001:0db8:85a3:0000:0000:8a2e:0370:7334
Rule 1:  2001:db8:85a3:0:0:8a2e:370:7334  (leading zeros removed)
Rule 2:  2001:db8:85a3::8a2e:370:7334     (double colon for consecutive zeros)

Only one double colon is allowed per address. The abbreviation is unambiguous because the router calculates how many zero groups are missing.

IPv6 Address Types

IPv6 eliminates broadcast and introduces new address types:

Why IPv6 Adoption Matters

The Asia-Pacific region ran out of IPv4 addresses in 2011. Europe ran out in 2019. The US ran out in 2015. If you are deploying new infrastructure today, supporting IPv6 is not optional — major cloud providers charge extra for IPv4 addresses now.

AWS charged $3.65 per IPv4 address per month as of 2024. A moderate deployment of 50 IPs costs $2,190 a year just for the addresses. IPv6 addresses are free.

Checking Your IP

# Your public IP (IPv4)
curl -4 ifconfig.me

# Your public IP (IPv6)  
curl -6 ifconfig.me

# Local network configuration
ip addr show  # Linux
ifconfig      # macOS

Wrap Up

Common IP Tools and Commands

Every developer needs basic IP troubleshooting skills:

# Ping a host
ping -c 4 google.com

# Trace the route to a host
traceroute google.com  # Linux/macOS
tracert google.com     # Windows

# DNS lookup
nslookup google.com
dig google.com

# Check open ports
netstat -tuln | grep LISTEN
ss -tuln  # Modern Linux alternative

IP and Firewall Rules

Understanding CIDR is essential for writing firewall rules:

# Allow SSH from a specific subnet
ufw allow from 192.168.1.0/24 to any port 22

# Block a malicious IP range
iptables -A INPUT -s 10.0.0.0/8 -j DROP

# Allow traffic from your office VPN
aws ec2 authorize-security-group-ingress     --group-id sg-12345     --protocol tcp --port 443     --cidr 203.0.113.0/24

One of my most memorable production incidents: I wrote a firewall rule allowing 192.168.1.0/24 but the VPN assigned addresses in 10.0.0.0/8. Took me three hours to realize the mismatch because I assumed the VPN used the same range as the office network. Always verify your IP ranges before writing firewall rules.

Understanding IP addresses, subnet masks, and CIDR notation is not just network-admin trivia. When you deploy a cloud server, configure a firewall, or debug a connection timeout, this knowledge saves hours of guesswork. The transition from IPv4 to IPv6 is happening slowly but surely — knowing both ensures you are not caught off guard.