Small Subnet: /28 (16 Addresses)
Learn about /28 subnets with 16 addresses (14 usable). Covers use cases for DMZ zones, load balancers, NAT gateways, and small service tiers.
Detailed Explanation
/28 Subnets: Minimal but Efficient
A /28 subnet provides exactly 16 IP addresses (14 usable after reserving network and broadcast). This tight address space is ideal for small, purpose-specific network segments.
Range Details (Example: 10.0.1.0/28)
| Property | Value |
|---|---|
| Network Address | 10.0.1.0 |
| Broadcast Address | 10.0.1.15 |
| Subnet Mask | 255.255.255.240 |
| Wildcard Mask | 0.0.0.15 |
| Total Addresses | 16 |
| Usable Hosts | 14 |
Address Breakdown
10.0.1.0 -> Network address (reserved)
10.0.1.1 -> Gateway
10.0.1.2 -> AWS reserved (DNS)
10.0.1.3 -> AWS reserved (future)
10.0.1.4-14 -> 11 usable addresses
10.0.1.15 -> Broadcast (reserved)
In AWS, 5 addresses are reserved per subnet, leaving only 11 usable in a /28. This is important to account for when sizing cloud subnets.
Ideal Use Cases for /28
- DMZ / Public subnet — Load balancers and NAT gateways need very few IPs
- Management subnet — Bastion hosts, jump boxes, VPN endpoints
- Database subnet — Primary + replica + spare = 3-5 IPs needed
- Transit Gateway attachments — AWS recommends /28 for TGW subnets
Fitting 16 /28 Subnets into a /24
A single /24 can be divided into exactly 16 non-overlapping /28 subnets:
10.0.1.0/28, 10.0.1.16/28, 10.0.1.32/28, 10.0.1.48/28,
10.0.1.64/28, 10.0.1.80/28, 10.0.1.96/28, 10.0.1.112/28,
10.0.1.128/28, 10.0.1.144/28, 10.0.1.160/28, 10.0.1.176/28,
10.0.1.192/28, 10.0.1.208/28, 10.0.1.224/28, 10.0.1.240/28
This demonstrates how CIDR allows fine-grained address allocation without wasting IP space.
Use Case
Creating a small DMZ subnet for public-facing load balancers in AWS, allocating a management subnet for bastion hosts, or sizing a Transit Gateway attachment subnet that only needs a handful of IPs.