CIDR
Classless Inter-Domain Routing
A compact notation for specifying IP address ranges — the /24 in 192.168.1.0/24 — that replaced rigid class-based addressing and made efficient subnet design possible.
CIDR (Classless Inter-Domain Routing) notation expresses an IP network as a base address plus a prefix length: 192.168.1.0/24. The prefix length (the number after the slash) tells you how many leading bits are fixed as the network portion. The remaining bits are available for host addresses within that network.
What CIDR replaced: classful addressing
Before CIDR, IPv4 addresses were divided into rigid classes. Class A (/8) gave a single organization 16 million addresses. Class B (/16) gave 65,536. Class C (/24) gave 256. This was wasteful — a company needing 500 addresses was assigned a Class B (65,536 addresses), leaving 65,000 unused but unavailable to anyone else. CIDR, introduced in 1993, eliminated these fixed classes and allowed any prefix length from /0 to /32. An organization needing 500 hosts gets a /23 (512 addresses) instead of a /16, and the remaining address space stays available for other allocations.
Reading CIDR notation
For 192.168.1.0/24: the first 24 bits (192.168.1) are fixed — all addresses in this block share those three octets. The remaining 8 bits (host portion) range from 0 to 255, giving 256 total addresses. The formula for host count is 2^(32 − prefix length) − 2: subtract 2 for the network address (first address, all host bits zero) and the broadcast address (last address, all host bits one). For /24: 2^8 − 2 = 254 usable hosts.
Common CIDR prefix sizes
| Prefix | Subnet mask | Total addresses | Usable hosts | Common use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | Large ISP or country allocation |
| /16 | 255.255.0.0 | 65,536 | 65,534 | Large enterprise network |
| /24 | 255.255.255.0 | 256 | 254 | Home LAN, small office |
| /28 | 255.255.255.240 | 16 | 14 | Small VLAN segment |
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point router links |
| /32 | 255.255.255.255 | 1 | 1 | Single host route, loopback |
Route aggregation and supernetting
CIDR's most important contribution to internet scalability is route aggregation (also called supernetting). Instead of advertising many specific routes, an ISP can summarize a contiguous block into a single shorter prefix. If an ISP owns 10.0.0.0/24 through 10.0.255.0/24 (256 separate /24 blocks), it can announce a single aggregate route — 10.0.0.0/16 — to the rest of the internet. BGP routers globally only need to store one entry instead of 256. Without CIDR and route aggregation, the global BGP routing table — already over 900,000 entries — would be unmanageable. CIDR is what allows the internet to scale.
CIDR in firewall rules and ACLs
CIDR notation is the standard way to express address ranges in firewall rules, access control lists (ACLs), and routing policies. A rule allowing traffic from 10.10.0.0/16 permits any source address in the range 10.10.0.0–10.10.255.255. A rule for 0.0.0.0/0 matches all IPv4 addresses (the default route). Firewall rules are processed in order and use longest-prefix matching — a more specific /32 rule takes precedence over a broader /24 rule covering the same address.
Private address CIDR ranges (RFC 1918)
Three IPv4 address blocks are reserved for private use and are never routed on the public internet. These are the ranges used by home and enterprise networks behind NAT:
10.0.0.0/8— 16.7 million addresses; common in large enterprises172.16.0.0/12— 1 million addresses (172.16.0.0–172.31.255.255)192.168.0.0/16— 65,536 addresses; the default range for home routers
IPv6 CIDR
IPv6 uses identical CIDR notation with 128-bit addresses. The standard LAN prefix for IPv6 is /64 — the first 64 bits identify the network, the last 64 bits identify the host (often auto-configured via SLAAC). ISPs typically assign a /48 or /56 prefix to customers, leaving room to subdivide into many /64 subnets. IPv6 eliminates the shortage that made CIDR necessary for IPv4 — there are 2^128 addresses — but CIDR notation and prefix-length concepts apply identically. A /128 in IPv6 is equivalent to a /32 in IPv4: a single host address.
Frequently Asked Questions
What does the /24 mean in 192.168.1.0/24?
The first 24 bits are the network part; the remaining 8 bits are for hosts. A /24 gives 256 addresses (192.168.1.0–192.168.1.255), with 254 usable for devices — the first is the network address, the last is broadcast.
What CIDR range does my home network use?
Most home routers default to 192.168.1.0/24 or 192.168.0.0/24. Run ipconfig on Windows or ip route on Linux to see your subnet alongside your local IP address.
How does CIDR reduce internet routing table size?
CIDR allows route aggregation — many adjacent prefixes summarized as one shorter prefix. An ISP can announce 10.0.0.0/8 instead of 16 million individual /32 routes. This keeps BGP routing tables at a manageable size.