Why can't I use the first or last address in a subnet?
In a /24 network you can't use 0
because it is the identification of the network (devices use it to recognize the different networks they are connected to).
In a Windows PC open a Command Prompt and type netstat -r
. You will get the routing table used by the PC, each network is listed using the network identification (first address).
The last address, 255
in the case of a /24 network, is the broadcast address. Devices connected to the network use it to send a broadcast, a message intended for all devices on the network.
In general the first address is the network identification and the last one is the broadcast, they cannot be used as regular addresses.
Note that you can not use the first and last address in the range if it is used to number devices in a broadcast domain (i.e. a physical network or a vlan etc.). As the other answer indicates indeed the first and last are used as network and broadcast address respectively in that scenario. In addition in some scenarios the first address is also interpreted as broadcast.
However there are other usage scenarios where you can use the first and last address. E.g. if you are a firewall admin and you are given the 10.0.0.0-10.0.0.255 range by your network admin, then you can use all 256 addresses as NAT addresses on your firewall. I admit that I have not seen this done very often, and when it's done it may cause some confusion - as most people's first reaction is to think it is not allowed - and this confusion may well be a reason to advise against it.
If you're nitpicking then ok, strictly speaking the 10.0.0.0-10.0.0.255 in that scenario is not a /24 network, it's a range or a block of addresses but I believe that it is common practice to still refer to this as "the 10.0.0.0/24 subnet" in such a scenario.
A reading of Internet Standard Subnetting Procedure, Toward an Internet Standard Scheme for Subnetting and specifically BROADCASTING INTERNET DATAGRAMS IN THE PRESENCE OF SUBNETS section 7 describes the rationale for the choices you present.
Your hypothesis is correct for CIDR subnets with continguous bitmasks.
It is easier to regard the broadcast address as Bcast = Host | ~Mask
. This explicitly ignores the choice of bits in the subnet. Correspondingly the network address is Net = Bcast & ~Mask
.
Strictly, the all zeros (.0 for CIDR/24) address can be used, but could confuse some software, while all ones (.255) is reserved as a well-known broadcast address.
Some early BSD Unix 4.2 releases before RFC 919 were shipped using the Net
address as the broadcast. This caused some confusion in mixed environments until the 4.3 release.