IP Address & Network

CIDR

About 5 min read

Last updated: 2026-03-30

What Is CIDR

CIDR (Classless Inter-Domain Routing, pronounced "cider") is a notation for flexibly specifying the boundary between the network and host portions of an IP address. It is written as 192.168.1.0/24, where the number after the slash (prefix length) indicates how many leading bits represent the network.

Before CIDR, IP addresses were managed in rigid classes: Class A (8-bit network), Class B (16-bit), and Class C (24-bit). Class B provided 65,534 addresses - too many for mid-sized organizations - while Class C's 254 addresses were too few.

Introduced in 1993, CIDR abolished fixed classes and allowed network boundaries at any bit position, dramatically reducing IP address waste and controlling routing table growth.

Understanding Prefix Lengths

/8 (255.0.0.0)
8-bit network, 24-bit host. About 16.7 million addresses. Equivalent to old Class A. 10.0.0.0/8 is widely used as private address space.
/16 (255.255.0.0)
16-bit network, 16-bit host. 65,534 addresses. Equivalent to old Class B. 172.16.0.0/16 is a private address range.
/24 (255.255.255.0)
24-bit network, 8-bit host. 254 addresses. Equivalent to old Class C. The most common size for home and small office networks.
/32
Specifies a single IP address. Used in firewall rules to allow or deny exactly one host.

Larger prefix lengths mean smaller networks (fewer addresses). /0 represents all IP addresses (the entire internet) and is used for default routes.

Relationship with Subnet Masks

A subnet mask expresses the same information as CIDR in a different format. /24 equals 255.255.255.0; /16 equals 255.255.0.0. The mask sets network bits to 1 and host bits to 0.

For 192.168.1.100/24, the AND operation with 255.255.255.0 yields the network address 192.168.1.0. Usable hosts range from 192.168.1.1 to 192.168.1.254 (with .0 reserved as the network address and .255 as the broadcast address).

CIDR notation is more concise and easier to calculate, making it the standard in modern network design. However, OS network settings sometimes still use subnet mask format, so understanding both is practical.

AWS Security Group Examples

AWS security groups and network ACLs use CIDR notation to specify source and destination addresses. Understanding CIDR is essential for cloud infrastructure.

  • 0.0.0.0/0: All IPv4 addresses. Used to open HTTP/HTTPS ports on web servers, but dangerous for SSH ports as it allows login attempts from anywhere.
  • ::/0: All IPv6 addresses. The IPv6 equivalent of 0.0.0.0/0.
  • 203.0.113.50/32: A single IP address. Used to restrict SSH access to your office IP only.
  • 10.0.0.0/16: An entire VPC private subnet range. Used for internal communication rules.

When designing an AWS VPC, you choose a VPC CIDR block (e.g., 10.0.0.0/16) and subdivide it into subnets (e.g., 10.0.1.0/24 for public, 10.0.2.0/24 for private). Size the VPC CIDR generously to accommodate future growth.

Common Misconceptions

/24 is the same as Class C
/24 simply means the first 24 bits are the network portion, independent of the old class system. CIDR abolished classes entirely. For example, 10.0.1.0/24 is a /24 within the old Class A range.
CIDR is only for IPv4
CIDR is used with IPv6 as well. IPv6 uses /64 as the standard subnet size and /48 for typical site allocations. The notation is identical: 2001:db8::/32.
Share

Related Terms

IP Address A unique identifier assigned to every device connected to the internet. There ar… IPv6 A next-generation internet protocol designed to solve the IPv4 address exhaustio… NAT (Network Address Translation) A technology that translates between private and public IP addresses. Widely use… Firewall A security mechanism placed at network boundaries that inspects and controls inc… Network Segmentation A security technique that logically divides a network into isolated segments and… Zero Trust Security A security model built on the principle of 'never trust, always verify,' requiri…

Related Articles

IPv6 Basics: A Beginner's Guide to the Next-Generation Internet Protocol An accessible introduction to IPv6 address structure, notation, coexistence with IPv4, and privacy i… The Secret of 127.0.0.1 - Why localhost Is 127 Discover the historical reason why the loopback address is 127.0.0.1, the fact that 16.7 million add… What an IP Address Really Is - Explained with a Postal Analogy Understand IP addresses through a postal address analogy, the difference between IPv4 (4.3 billion) …
← Glossary