What is CIDR and how to read it?
While working with the network infrastructure you will undoubtedly run into defining subnets and groups of IP addresses. If you’re new to this, you probably find it challenging to understand the logic behind the notation that is most commonly used to describe a range of IP addresses.
This short article will help you understand what CIDR is and how to read it .
To make it easier to define an IP address range we use CIDR. It stands for Classless Inter-Domain Routing and it is an annotation system. When you saw something like 10.0.0.0/16 — it was a CIDR block.
It is very handy to be able to read it and understand how to translate it into a range of IP addresses. And it is not difficult, once you notice the logic behind it 😉.
Let’s start with some examples for IPv4, here is a list of CIDR blocks with their corresponding IP address ranges:
You can notice that every CIDR notation consists of two parts. These are a base IP address and a number (let’s call it suffix), defining how many bits cannot be changed in the base IP address.
When we’re working with IPv4, the suffix value is a number between 0 and 32. From the table above you can see that the smaller the suffix is, the bigger is the number of IP addresses in the range. Hence /0 covers widest possible range, while /32 stands for a specific IP address. It might seem counterintuitive at first, but once we look at the logic behind it, it will start making sense!
What is the deal with the number ‘32’?
To understand why the suffix value is between 0 and 32 we need to look at the IP address expressed as a binary number. For example, the example base IP address we looked at before, 10.0.0.0, is 00001010.00000000.00000000.00000000 in its binary form. If you count number of bits — they add up to exact 32 values!
To define a range, we should specify which values out of these 32 are flexible to be changed and which are fixed and will stay as they are.
Let’s look at the IP address defined in binary representation and several different suffixes. We’ll start at 32 and will go down to be able to notice a pattern.
With a suffix value equal to 32, all values are locked and no changes are possible, so we have just one single IP address:
Next, let’s look at what happens if our suffix is 31. It means that the first 31 values of our base IP address in the binary representation are stuck with values they already have. But last number can be changed, and there are only two possible options it can take — either 1 or 0. That’s why, we have two IP addresses inside a range defined by 10.0.0.0/31:
Next, it is turn for 10.0.0.0/30 where the suffix is 30. First 30 numbers of our IP address are stuck with the values they already have, but the other two values have total freedom to be changed.
And for changes in two last values we have four different possibilities (00, 01, 10, 11, in binary form). Thus CIDR block 10.0.0.0/30 gives as a range of four IP addresses:
Let’s now look at 10.0.0.0/29. With 29 numbers fixed and 3 numbers which can take either ‘0’ or ‘1’ we have 8 possible different IP addresses in our CIDR block.
We can continue like this and will finally get into 10.0.0.0/0. Where all bits have freedom to change, so we have all possible variations of IP addresses.
Power of two
You might have noticed that every time we add a value to our suffix, we double the amount of IP addresses in a range. This is just how binary math works and it makes easy for us to have a reference table to map suffix value to the changes in base IP address:
The above examples are all dealing with IPv4, but the same concept can be applied to IPv6. Although, since with IPv6 we’re dealing with greater number of addresses, the upper limit to the suffix will be 128 instead of 32, for example 2001:db8::/106
Thanks for reading
With this you can now understand how to read CIDR notations, the logic behind its format and what suffix value means. I hope it helps when you encounter a CIDR block next time!