IP addressing is the foundation of all network communication. Cloud engineers work with IP addresses daily — designing VPC address spaces, configuring security groups, and troubleshooting connectivity. This is worth learning well.
IPv4 Addresses
An IPv4 address is a 32-bit number, written as four decimal octets separated by dots: 192.168.1.100
Each octet is 0–255 (8 bits). The address has two parts:
- Network portion: Identifies the network
- Host portion: Identifies the specific device within that network
CIDR Notation
CIDR (Classless Inter-Domain Routing) notation specifies both the address and the size of the network:
192.168.1.0/24
# /24 means the first 24 bits are the network prefix
# Binary: 11000000.10101000.00000001 | 00000000
# (network, 24 bits) | (host, 8 bits)
# Result: 256 addresses (2^8), 254 usable (network and broadcast reserved)Common Subnet Sizes
| CIDR | Addresses | Usable Hosts | Use Case |
|---|---|---|---|
| /32 | 1 | 1 | Single host (security group rules) |
| /30 | 4 | 2 | Point-to-point links |
| /28 | 16 | 14 | Small subnet |
| /27 | 32 | 30 | Small team |
| /24 | 256 | 254 | Standard subnet |
| /22 | 1,024 | 1,022 | Medium subnet |
| /20 | 4,096 | 4,094 | Large subnet |
| /16 | 65,536 | 65,534 | VPC (AWS default) |
| /8 | 16,777,216 | — | Class A range |
| /0 | All (internet) | — | Default route |
Private Address Ranges
These ranges are reserved for private use (RFC 1918) — they are not routable on the public internet:
| Range | CIDR | Addresses | Typical Use |
|---|---|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | 16.7M | Enterprise, cloud VPCs |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | 1M | Docker default bridge |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | 65K | Home networks |
Devices on private networks access the internet via NAT (Network Address Translation) — a router translates private IPs to a public IP before forwarding to the internet.
Subnetting a Network
Say you have a VPC with CIDR 10.0.0.0/16 and you want to create subnets for public and private tiers across 3 availability zones:
VPC: 10.0.0.0/16 (65,536 addresses)
Public subnets:
10.0.1.0/24 — Public AZ-a (256 addresses)
10.0.2.0/24 — Public AZ-b
10.0.3.0/24 — Public AZ-c
Private subnets:
10.0.10.0/24 — Private AZ-a
10.0.11.0/24 — Private AZ-b
10.0.12.0/24 — Private AZ-c
Database subnets:
10.0.20.0/24 — DB AZ-a
10.0.21.0/24 — DB AZ-b
10.0.22.0/24 — DB AZ-cUsing small, organised CIDR blocks per tier makes routing rules, security groups, and VPC peering much easier to reason about.
Special Addresses
- 127.0.0.1 — Loopback (localhost)
- 0.0.0.0/0 — All traffic / default route
- 169.254.0.0/16 — Link-local (APIPA); on AWS EC2, 169.254.169.254 is the Instance Metadata Service
- 255.255.255.255 — Broadcast
IPv6
IPv6 uses 128-bit addresses written in hexadecimal: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (shortened: 2001:db8:85a3::8a2e:370:7334)
- 3.4 × 10³⁸ addresses — enough to give every grain of sand on Earth a billion addresses
- No NAT needed — every device can have a public address
- AWS VPCs support dual-stack IPv4/IPv6
/64is the standard subnet size for IPv6
Next: DNS — how domain names are resolved to IP addresses, the record types you need to know, and how Route 53 works.