The /21 subnet, explained.

The /21 subnet uses 255.255.248.0 as its subnet mask — meaning the first 21 bits of every address identify the network, and the remaining 11 bits identify the host within that network. That gives you 2,048 total addresses (2,046 usable on standard RFC math, after subtracting the network and broadcast addresses).

The wildcard mask — the bitwise inverse of the subnet mask — is 0.0.7.255. Wildcards are what Cisco access-control lists and OSPF area definitions use instead of subnet masks; the "1" bits mark "don't care" positions. For a /21, that leaves 11 don't-care host bits.

To find the network address for any IP in a /21 block, perform a bitwise AND between the IP and the subnet mask. To find the broadcast, OR the network address with the wildcard. Modern tools — like our subnet calculator — do this in microseconds, but the underlying mechanics are straightforward binary arithmetic.

A /21 contains 2,048 addresses. Useful when you want eight /24s' worth of address space in one aggregate route. Common in branch-office WAN design.

Cloud-provider quirks matter at every prefix size: AWS and Azure reserve 5 IPs per subnet, GCP reserves 4, and OCI reserves 3. So a /21 on standard RFC math gives you 2,046 usable hosts, but on AWS or Azure that drops to 2,043. The capacity-planning gap bites hardest at small prefixes (a /28 has 14 usable on paper, only 11 on AWS) but exists at every size. Our cloud-aware calculator applies the right math automatically.