101
0/240
Loading content...
The Internet connects billions of devices, yet packets find their destinations in milliseconds. This feat isn't accomplished through brute-force memorization of every device—it's achieved through hierarchical addressing, an elegant design principle that transforms an impossible problem into a tractable one.
Hierarchical addressing is the reason the Internet's global routing table contains roughly 900,000 entries rather than 20 billion. It's why a router in Tokyo doesn't need to know about every laptop in New York—only how to reach the networks those laptops inhabit.
This page explores hierarchical addressing in depth: the fundamental division between network and host portions, how subnet masks define this boundary, the revolutionary impact of CIDR, and the architectural principles that make modern internetworking possible.
By the end of this page, you will understand: (1) The two-level hierarchy of network and host addresses, (2) How subnet masks define address boundaries, (3) The prefix notation and CIDR system, (4) Route aggregation and its impact on scalability, and (5) The relationship between addressing hierarchies and routing efficiency.
Every IP address encodes two distinct pieces of information:
This two-level structure is the cornerstone of hierarchical addressing. It mirrors the structure of physical addresses: a street name (network) and house number (host) within that street.
Conceptual Division:
Consider the IPv4 address 192.168.1.100 with subnet mask 255.255.255.0:
IP Address: 192.168.1.100
├────────┤ └──┤
Network Host
Portion Portion
The network portion (192.168.1) identifies the network. Every device on this network shares this prefix. The host portion (.100) uniquely identifies this specific device among all devices on that network.
| Component | Example | Purpose | Scope of Uniqueness |
|---|---|---|---|
| Network Portion | 192.168.1 | Identifies the network segment | Must be globally unique (public) or organizationally unique (private) |
| Host Portion | 100 | Identifies device within network | Must be unique within that network only |
| Complete Address | 192.168.1.100 | Uniquely identifies device globally | Globally unique (public) or organizationally unique (private) |
Why This Division Matters:
The network-host division enables two critical capabilities:
1. Efficient Routing
Routers only need to know how to reach networks, not individual hosts. A router with an entry for 192.168.1.0/24 can forward packets to any of the 254 possible hosts on that network without 254 separate routing entries.
2. Local Autonomy Network administrators have complete control over host address assignments within their allocated network prefix. They can add, remove, or reassign hosts without coordinating with the global Internet infrastructure.
This autonomy is profound: the organization owning 192.168.1.0/24 can assign addresses .1 through .254 however they wish. The Internet at large neither knows nor cares about these internal assignments—it only routes to the network prefix.
The network-host division mirrors telephone number structure: country code + area code + local number. International switches route based on country codes, regional switches use area codes, and local exchanges handle individual numbers. Each level of the hierarchy only manages its scope. IP addressing works identically, enabling networks of networks to scale without centralized coordination.
The subnet mask is the key that reveals where the network portion ends and the host portion begins. Understanding subnet masks is essential for IP address manipulation, subnetting, and routing.
What is a Subnet Mask?
A subnet mask is a 32-bit value where:
By convention, all 1s appear on the left (network) and all 0s on the right (host), creating a contiguous block structure.
Common Subnet Masks:
| Prefix | Dotted Decimal | Binary | Host Bits | No. of Hosts |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 11111111.00000000.00000000.00000000 | 24 | 16,777,214 |
| /16 | 255.255.0.0 | 11111111.11111111.00000000.00000000 | 16 | 65,534 |
| /24 | 255.255.255.0 | 11111111.11111111.11111111.00000000 | 8 | 254 |
| /25 | 255.255.255.128 | 11111111.11111111.11111111.10000000 | 7 | 126 |
| /26 | 255.255.255.192 | 11111111.11111111.11111111.11000000 | 6 | 62 |
| /27 | 255.255.255.224 | 11111111.11111111.11111111.11100000 | 5 | 30 |
| /28 | 255.255.255.240 | 11111111.11111111.11111111.11110000 | 4 | 14 |
| /30 | 255.255.255.252 | 11111111.11111111.11111111.11111100 | 2 | 2 |
| /32 | 255.255.255.255 | 11111111.11111111.11111111.11111111 | 0 | 1 (host route) |
The Masking Operation:
To determine which network an IP address belongs to, perform a bitwise AND between the address and the subnet mask:
IP Address: 192.168.1.100 = 11000000.10101000.00000001.01100100
Subnet Mask: 255.255.255.0 = 11111111.11111111.11111111.00000000
─────────────────────────────────────
AND Result: 192.168.1.0 = 11000000.10101000.00000001.00000000
(Network Address)
The result (192.168.1.0) is the network address—the identifier for the entire network. Every device on this network, regardless of its specific host portion, produces the same network address when masked.
1234567891011121314151617181920212223242526
// Example 1: Determine network address// IP: 10.45.128.200 with mask 255.255.240.0 (/20) IP Address: 10.45.128.200Binary: 00001010.00101101.10000000.11001000 Mask: 255.255.240.0 Binary: 11111111.11111111.11110000.00000000 AND Result: 00001010.00101101.10000000.00000000Decimal: 10.45.128.0 ← Network Address // The host portion (.0.200 in the last 12 bits) is masked out // Example 2: Identify the broadcast address// Network: 10.45.128.0/20 // Set all host bits to 1:Network: 00001010.00101101.10000000.00000000Host bits (1): 00000000.00000000.00001111.11111111OR Result: 00001010.00101101.10001111.11111111Broadcast: 10.45.143.255 // Host range: 10.45.128.1 to 10.45.143.254// (4,094 usable hosts)Within each network, two addresses are reserved: the network address (all host bits = 0) and the broadcast address (all host bits = 1). For a /24 network with 256 possible combinations, only 254 are usable for hosts. For a /30 network (4 combinations), only 2 hosts are possible—commonly used for point-to-point links.
Classless Inter-Domain Routing (CIDR) revolutionized IP addressing by freeing it from the rigid constraints of classful addressing. CIDR allows subnet boundaries at any bit position, not just at octet boundaries.
The /Prefix Notation:
CIDR notation appends a prefix length to an IP address, indicating how many bits constitute the network portion:
192.168.1.0/24
└────┬────┘ └┬┘
IP address Prefix length (24 network bits)
This compact notation conveys the same information as a full subnet mask but is more concise and immediately reveals the network size:
/24 = 8 host bits = 2⁸ - 2 = 254 hosts/16 = 16 host bits = 2¹⁶ - 2 = 65,534 hosts/22 = 10 host bits = 2¹⁰ - 2 = 1,022 hosts| Prefix | Addresses | Usable Hosts | Common Use |
|---|---|---|---|
| /30 | 4 | 2 | Point-to-point links |
| /29 | 8 | 6 | Small departmental segments |
| /28 | 16 | 14 | Small network segments |
| /27 | 32 | 30 | Medium departmental LANs |
| /26 | 64 | 62 | Medium network segments |
| /25 | 128 | 126 | Large departmental segments |
| /24 | 256 | 254 | Standard network allocation |
| /23 | 512 | 510 | Medium enterprise networks |
| /22 | 1,024 | 1,022 | Large campus networks |
| /16 | 65,536 | 65,534 | Major institutional allocation |
Historical Context: The Classful Era
Before CIDR (pre-1993), addresses were allocated in fixed classes:
This rigid system caused severe problems:
CIDR solved these problems by allowing allocation at any prefix length. A company needing 500 addresses receives a /23 (512 addresses)—a nearly perfect fit.
CIDR extended IPv4's useful life by approximately 20 years, delaying exhaustion from the mid-1990s to 2011. It reduced routing table growth by enabling aggregation and allowed fine-grained address allocation. Without CIDR, the Internet would have collapsed under its own weight long ago.
Address aggregation (also called supernetting or route summarization) is the most powerful consequence of hierarchical addressing. It allows multiple contiguous network addresses to be represented by a single routing entry.
The Aggregation Principle:
Consider an ISP that owns these four /24 networks:
192.168.0.0/24 (192.168.0.0 - 192.168.0.255)
192.168.1.0/24 (192.168.1.0 - 192.168.1.255)
192.168.2.0/24 (192.168.2.0 - 192.168.2.255)
192.168.3.0/24 (192.168.3.0 - 192.168.3.255)
Instead of advertising four separate routes, the ISP can advertise a single aggregate:
192.168.0.0/22 (192.168.0.0 - 192.168.3.255)
The /22 route covers all addresses in the four /24 networks. This is possible because the networks are contiguous and share the same upper 22 bits.
Binary Analysis of Aggregation:
192.168.0.0 = 11000000.10101000.000000|00.00000000
192.168.1.0 = 11000000.10101000.000000|01.00000000
192.168.2.0 = 11000000.10101000.000000|10.00000000
192.168.3.0 = 11000000.10101000.000000|11.00000000
│
└─ Varies in bits 23-24
The first 22 bits are identical (11000000.10101000.000000). Only bits 23-24 vary. Therefore, we can summarize with a /22 prefix.
Aggregation Requirements:
For routes to be aggregated:
If an ISP owns 192.168.0.0/24 and 192.168.5.0/24 (non-contiguous), they cannot be aggregated. Aggregating to /22 would include addresses the ISP doesn't own (192.168.1-4.x), causing routing black holes. Careful address allocation planning is essential for effective aggregation.
Hierarchical addressing fundamentally transforms routing efficiency. Let's quantify the difference it makes.
Without Hierarchy (Flat Addressing):
With Hierarchy (Current Internet):
| Metric | Flat Addressing | Hierarchical Addressing | Improvement |
|---|---|---|---|
| Global routes for 1M hosts | 1,000,000 | ~4,000 (/24 blocks) | 250× |
| Memory per router (1M hosts) | ~80 MB minimum | ~320 KB | 250× |
| Lookup time (worst case) | O(n) = 1M comparisons | O(log n) ≈ 12 comparisons | 83,000× |
| Route update scope | Global broadcast | Local containment | Qualitative |
| Scalability limit | ~10,000 hosts | Billions of hosts | Orders of magnitude |
Multi-Level Hierarchy in Practice:
The Internet's routing hierarchy has multiple levels:
Level 0: Individual hosts (/32)
│
└─ Aggregated into...
Level 1: Enterprise networks (/24, /23, /22, etc.)
│
└─ Aggregated into...
Level 2: ISP customer aggregates (/16, /17, etc.)
│
└─ Aggregated into...
Level 3: Regional allocations (/8, /10, etc.)
│
└─ Aggregated into...
Level 4: Continental allocations
At each level, aggregation occurs. A home user's device never appears in global routing tables—only the ISP's aggregate that contains it.
When multiple routes match a destination (e.g., 10.0.0.0/8 and 10.1.0.0/16 both match 10.1.2.3), routers use the longest prefix match rule—the most specific route wins. This allows aggregation at higher levels while still permitting specific overrides where needed, combining efficiency with flexibility.
Let's examine hierarchical addressing through concrete examples that illustrate its practical application.
Example 1: University Network Design
A university receives the allocation 10.0.0.0/8 from their ISP (a very large block for illustration). They design a hierarchical structure:
12345678910111213141516171819
University: 10.0.0.0/8 (16.7 million addresses)├── Engineering College: 10.1.0.0/16 (65,534 hosts)│ ├── Computer Science: 10.1.1.0/24 (254 hosts)│ │ ├── Labs: 10.1.1.0/26 (62 hosts)│ │ ├── Offices: 10.1.1.64/26 (62 hosts) │ │ ├── Servers: 10.1.1.128/26 (62 hosts)│ │ └── Reserved: 10.1.1.192/26 (62 hosts)│ ├── Electrical Engineering: 10.1.2.0/24│ └── Mechanical Engineering: 10.1.3.0/24│├── Arts College: 10.2.0.0/16├── Medical School: 10.3.0.0/16├── Library: 10.4.0.0/24├── Administration: 10.5.0.0/24└── Dormitories: 10.10.0.0/12 (1 million addresses) // External routing: ISP only needs route to 10.0.0.0/8// Internal routing: Core routers have /16 entries// Department routing: Local routes for /24sExample 2: ISP Address Allocation
An ISP receives 198.51.0.0/16 from their Regional Internet Registry (RIR). They subdivide for customers:
123456789101112131415161718192021222324
ISP Allocation: 198.51.0.0/16 (65,534 usable addresses) Enterprise Customers (need many addresses):├── Large Corp A: 198.51.0.0/20 (4,094 addresses)├── Large Corp B: 198.51.16.0/20 (4,094 addresses)├── Medium Biz C: 198.51.32.0/22 (1,022 addresses)└── Medium Biz D: 198.51.36.0/22 (1,022 addresses) Small Business Customers:├── 198.51.64.0/26, /26, /26... (62 each × 64 blocks)└── Total: 64 small businesses with 62 IPs each Residential Aggregation:├── 198.51.128.0/17 (32,766 addresses)└── Individual homes get dynamic single IPs Infrastructure:├── 198.51.252.0/24 Router interconnections├── 198.51.253.0/24 Management network├── 198.51.254.0/24 DNS/Services└── 198.51.255.0/24 Reserved // To Internet: Single advertisement of 198.51.0.0/16// Result: One BGP announcement covers all customersPoor address planning prevents aggregation. If a university assigns addresses randomly (10.5.1.0/24 to Computer Science, 10.200.3.0/24 to Electrical Engineering), they cannot aggregate departmental routes meaningfully. Thoughtful hierarchical allocation during initial planning saves enormous routing complexity later.
IPv6 was designed from the start with hierarchical addressing as a first-class principle, learning from IPv4's challenges.
IPv6 Address Structure:
An IPv6 address is 128 bits, typically displayed as eight groups of four hexadecimal digits:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
└─┬─┘└─┬─┘└─┬─┘└───────────┬──────────┘
Global Site Subnet Interface ID
Prefix ID ID (64 bits)
Standard IPv6 Hierarchy:
| Bits | Component | Purpose |
|---|---|---|
| 3 | Global Routing Prefix Start | Identifies as Global Unicast (001) |
| 45 | Global Routing Prefix | ISP/RIR allocation hierarchy |
| 16 | Subnet ID | Organization's internal subnets |
| 64 | Interface ID | Host identifier (often from MAC via EUI-64) |
IPv6 Allocation Example:
RIR (ARIN) allocates to ISP: 2001:db8::/32 (96 bits for ISP to use)
ISP allocates to customer: 2001:db8:acme::/48 (80 bits for customer)
Customer creates subnets: 2001:db8:acme:0001::/64 through
2001:db8:acme:ffff::/64
(65,536 possible subnets!)
Advantages of IPv6 Hierarchy:
IPv6's 128-bit space isn't just 'more addresses'—it's deliberately structured to prevent the problems that plagued IPv4. The fixed 64-bit interface ID, standard /48 allocations to end sites, and massive address space all derive from lessons learned during IPv4's evolution. Hierarchical addressing in IPv6 is a feature, not an afterthought.
Hierarchical addressing is the architectural foundation that makes global internetworking possible. Let's consolidate the key concepts:
What's Next:
Hierarchical addressing only works if addresses are unique—otherwise, packets could be delivered to the wrong destination. The next page explores address uniqueness: how it's maintained, what happens when it's violated, and the systems that ensure every connected device has an unambiguous identity.
You now understand the fundamental architecture that allows the Internet to scale from its original handful of hosts to billions of devices. This hierarchy—network portions, subnet masks, CIDR, and aggregation—is the intellectual foundation for subnetting, routing, and network design. Every topic that follows builds on these concepts.