What is CIDR notation?

CIDR (Classless Inter-Domain Routing) notation writes an IP range as an address and a prefix length, like 10.0.1.0/24. The prefix says how many leading bits are the network portion; the rest address hosts. A /24 has 256 addresses, of which 254 are usable for hosts.

How many usable hosts does a subnet have?

For IPv4, a subnet with prefix /n has 2^(32-n) total addresses. Two are reserved — the network address and the broadcast address — so usable hosts are that total minus two. A /24 gives 254 usable, a /28 gives 14. The tool computes this for each subnet you enter.

What is a security group?

A security group is a virtual firewall that controls inbound and outbound traffic to resources in a cloud network. Each rule allows traffic from a source (an IP range or another group) on a specific port and protocol. Documenting them makes the network's trust boundaries explicit.

Should subnets be public or private?

Public subnets route to an internet gateway and host load balancers or bastions; private subnets have no direct internet route and host application servers and databases. A standard pattern places only what must be reachable in public subnets and everything else in private ones.

Is my network spec sent anywhere?

No. The specification, CIDR validation, and host-count math all run in your browser. Nothing is uploaded, so you can document internal network designs privately.

Network Topology Diagram Spec Builder

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

The Network Topology Diagram Spec Builder produces a precise, text-based network spec — zones, subnets, security rules, and flows — with every CIDR block validated and its host count computed. A network diagram drawn from wrong CIDRs is worse than none; capturing the topology as a checked spec catches subnet overlaps and sizing mistakes before they reach production.

How it works

You define zones (a VPC, an availability zone, or a tier) each with a CIDR block. The tool validates the CIDR — the address must be four octets of 0–255 and the prefix 0–32 — and computes the usable host count as 2^(32 − prefix) − 2 (subtracting the network and broadcast addresses). You then add security group rules (source, port, protocol) and data flow paths between zones. The output is a numbered specification with a subnet table showing each block’s range and capacity, plus the rules and flows, ready to hand to a diagramming tool or a reviewer.

Tips and example

Leave room to grow. Size subnets larger than today’s host count; resizing a CIDR in a live network is painful, so a /24 where you need a /26 today is cheap insurance.
Keep databases in private subnets. Only load balancers and bastions belong in public subnets with internet routes; everything else should be unreachable from outside.
Avoid overlapping CIDRs. Two zones with overlapping ranges cannot be peered or routed cleanly; plan a non-overlapping address plan up front.

Example: a VPC 10.0.0.0/16 with a public subnet 10.0.1.0/24 (254 hosts) for the load balancer and a private subnet 10.0.10.0/24 for app servers, allowing inbound 443 from anywhere to the public tier only.