What is CIDR and how to read it?

While working with the network infrastructure you will undoubtedly run into defining subnets and groups of IP addresses. If you’re new to this, you probably find it challenging to understand the logic behind the notation that is most commonly used to describe a range of IP addresses.

This short article will help you understand what CIDR is and how to read it .

To make it easier to define an IP address range we use CIDR. It stands for Classless Inter-Domain Routing and it is an annotation system. When you saw something like 10.0.0.0/16 — it was a CIDR block.

It is very handy to be able to read it and understand how to translate it into a range of IP addresses. And it is not difficult, once you notice the logic behind it 😉.

Let’s start with some examples for IPv4, here is a list of CIDR blocks with their corresponding IP address ranges:

You can notice that every CIDR notation consists of two parts. These are a base IP address and a number (let’s call it suffix), defining how many bits cannot be changed in the base IP address.

When we’re working with IPv4, the suffix value is a number between 0 and 32. From the table above you can see that the smaller the suffix is, the bigger is the number of IP addresses in the range. Hence /0 covers widest possible range, while /32 stands for a specific IP address. It might seem counterintuitive at first, but once we look at the logic behind it, it will start making sense!

To understand why the suffix value is between 0 and 32 we need to look at the IP address expressed as a binary number. For example, the example base IP address we looked at before, 10.0.0.0, is 00001010.00000000.00000000.00000000 in its binary form. If you count number of bits — they add up to exact 32 values!

To define a range, we should specify which values out of these 32 are flexible to be changed and which are fixed and will stay as they are.

Let’s look at the IP address defined in binary representation and several different suffixes. We’ll start at 32 and will go down to be able to notice a pattern.

With a suffix value equal to 32, all values are locked and no changes are possible, so we have just one single IP address:

10.0.0.0 in its binary form with all values locked

Next, let’s look at what happens if our suffix is 31. It means that the first 31 values of our base IP address in the binary representation are stuck with values they already have. But last number can be changed, and there are only two possible options it can take — either 1 or 0. That’s why, we have two IP addresses inside a range defined by 10.0.0.0/31:

10.0.0.0 in its binary form with last value unlocked

Next, it is turn for 10.0.0.0/30 where the suffix is 30. First 30 numbers of our IP address are stuck with the values they already have, but the other two values have total freedom to be changed.

10.0.0.0 in its binary form with last two values unlocked

And for changes in two last values we have four different possibilities (00, 01, 10, 11, in binary form). Thus CIDR block 10.0.0.0/30 gives as a range of four IP addresses:

Let’s now look at 10.0.0.0/29. With 29 numbers fixed and 3 numbers which can take either ‘0’ or ‘1’ we have 8 possible different IP addresses in our CIDR block.

10.0.0.0 in its binary form with last three values unlocked

We can continue like this and will finally get into 10.0.0.0/0. Where all bits have freedom to change, so we have all possible variations of IP addresses.

All values are flexible, all combinations are possible

You might have noticed that every time we add a value to our suffix, we double the amount of IP addresses in a range. This is just how binary math works and it makes easy for us to have a reference table to map suffix value to the changes in base IP address:

The above examples are all dealing with IPv4, but the same concept can be applied to IPv6. Although, since with IPv6 we’re dealing with greater number of addresses, the upper limit to the suffix will be 128 instead of 32, for example 2001:db8::/106

With this you can now understand how to read CIDR notations, the logic behind its format and what suffix value means. I hope it helps when you encounter a CIDR block next time!

Software engineer, who is passionate about agility and sustainable software development achieved through simplicity, technical excellence and good design.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store