What Is CIDR
CIDR (Classless Inter-Domain Routing) is a modern method for allocating and routing IP addresses. It replaced older classful networking (Class A, B, C) which wasted massive amounts of address space.
CIDR uses a notation: an IP address followed by a forward slash and a prefix length. For example, 192.168.1.0/24. The prefix length tells you how many bits of the address define the network.
Reading CIDR Notation
CIDR notation has two parts:
192.168.10.0/24 ^network IP ^prefix length
The prefix length (the number after the slash) indicates how many bits from the left define the network, and the remaining bits define individual hosts.
For /24:
- First 24 bits = network portion
- Last 8 bits = host portion (32 - 24 = 8)
- Allows 2^8 = 256 total addresses
For /16:
- First 16 bits = network portion
- Last 16 bits = host portion (32 - 16 = 16)
- Allows 2^16 = 65,536 total addresses
Calculating the Host Range
From a CIDR block, you can derive four key pieces of information:
1. Network Address (All Host Bits = 0)
The lowest IP in the block. Set all host bits to 0.
2. Broadcast Address (All Host Bits = 1)
The highest IP in the block. Set all host bits to 1.
3. First Usable Host (Network Address + 1)
The network and broadcast addresses cannot be assigned to devices, so the first usable address is network + 1.
4. Last Usable Host (Broadcast Address - 1)
Similarly, the last usable address is broadcast - 1.
5. Host Count Formula
Total addresses = 2^(32 - prefix_length) Usable hosts = 2^(32 - prefix_length) - 2 (Subtract 2 for network and broadcast)
Worked Example: 192.168.10.0/24
Let's calculate all values for this subnet:
Given: 192.168.10.0/24
Prefix length: 24 bits (network), 8 bits (hosts)
Network Address: 192.168.10.0
Broadcast Address: 192.168.10.255
First Usable Host: 192.168.10.1
Last Usable Host: 192.168.10.254
Total Addresses: 2^8 = 256
Usable Hosts: 256 - 2 = 254
So any device on this network uses an IP between 192.168.10.1 and 192.168.10.254.
Subnet Masks
A subnet mask is the traditional way to express the network/host boundary. CIDR notation is simpler, but they represent the same concept.
The subnet mask has 1s for network bits and 0s for host bits:
| CIDR | Subnet Mask | Binary (Mask) |
|---|---|---|
| /8 | 255.0.0.0 | 11111111.00000000.00000000.00000000 |
| /16 | 255.255.0.0 | 11111111.11111111.00000000.00000000 |
| /24 | 255.255.255.0 | 11111111.11111111.11111111.00000000 |
| /25 | 255.255.255.128 | 11111111.11111111.11111111.10000000 |
| /30 | 255.255.255.252 | 11111111.11111111.11111111.11111100 |
Supernetting: Aggregating Routes
Supernetting combines multiple smaller networks into one larger block for route summarization.
Example: If you have four /26 networks (192.168.10.0/26, 192.168.10.64/26, 192.168.10.128/26, 192.168.10.192/26), you can summarize them as one /24: 192.168.10.0/24.
Supernetting reduces routing table size and enables efficient network administration.
VPC and Cloud CIDR Planning
When creating a Virtual Private Cloud (VPC) in AWS, GCP, or Azure, you choose a CIDR block that doesn't conflict with your on-premises network or other VPCs.
Important: You cannot easily resize a VPC's CIDR block after creation. Plan carefully.
Common strategies:
- Development environment: 10.0.0.0/24 (254 hosts)
- Small production: 10.0.0.0/16 (65,534 hosts)
- Large production: 10.0.0.0/8 (16.7 million hosts)
Once chosen, you segment the VPC into subnets for different tiers (web, app, database). Each subnet gets its own /24 or /25 from the parent VPC block.
Private IP Ranges
RFC 1918 reserves three ranges for private (non-routable) networks. These are safe to use internally:
| Range | CIDR | Usable Hosts | Best For |
|---|---|---|---|
| 10.0.0.0 to 10.255.255.255 | 10.0.0.0/8 | 16.7 million | Large enterprises, cloud VPCs |
| 172.16.0.0 to 172.31.255.255 | 172.16.0.0/12 | 1.04 million | Medium networks, Docker |
| 192.168.0.0 to 192.168.255.255 | 192.168.0.0/16 | 65,534 | Small networks, home labs |
Choose one range and avoid overlapping with other networks you might connect to.
Common CIDR Blocks Reference
| CIDR | Subnet Mask | Hosts per Subnet | Typical Use |
|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,214 | Entire organization |
| /16 | 255.255.0.0 | 65,534 | Large department or VPC |
| /24 | 255.255.255.0 | 254 | Standard subnet, office LAN |
| /25 | 255.255.255.128 | 126 | Split a /24 in half |
| /28 | 255.255.255.240 | 14 | Small subnet, IoT devices |
| /29 | 255.255.255.248 | 6 | Point-to-point links |
| /30 | 255.255.255.252 | 2 | Router-to-router links |
| /31 | 255.255.255.254 | 2 (no broadcast) | Point-to-point (RFC 3031) |
| /32 | 255.255.255.255 | 1 | Host route, single IP |
Pro tip: /32 and /31 are special. A /32 represents a single IP address (used for host routes). A /31 contains exactly 2 IPs and is used for point-to-point links where broadcast isn't needed.
Practical Subnetting Example
You're setting up a VPC with 10.0.0.0/16. You need three subnets:
- Web tier: 10.0.1.0/24 (254 hosts)
- App tier: 10.0.2.0/24 (254 hosts)
- Database tier: 10.0.3.0/24 (254 hosts)
Each tier is isolated and can be managed independently. The /16 parent block contains all three /24 subnets with room to grow.
Overlap and Conflicts
CIDR blocks cannot overlap. If you use 10.0.0.0/24 in one VPC and try to peer it with another VPC using 10.0.0.128/25, routing conflicts occur. Always verify CIDR ranges before creating infrastructure.
Related Tools
Calculate and convert CIDR blocks:
- CIDR / IP Converter - Convert between CIDR and subnet mask, find network ranges
- Binary to IP - Convert binary to IP addresses
- IP to Binary - Convert IP addresses to binary
Learn More
- Network & IP Guide - Comprehensive IP and network fundamentals