Why You Need to Understand CIDR
CIDR (Classless Inter-Domain Routing) notation appears everywhere in modern networking:
- AWS VPC and security group rules
- Docker and Kubernetes network configs
- Firewall allow/deny rules
- Cloud provider IP range allowlisting
- Router configuration
If you have ever seen 10.0.0.0/16 or 192.168.1.0/24 and wondered what the /16 or /24 means, this guide will make it click.
IP Address Basics
An IPv4 address is 32 bits long, written as four groups of 8 bits (octets) in decimal, separated by dots:
192.168.1.100
In binary, each octet is 8 bits, so the full address is:
11000000.10101000.00000001.01100100
There are 2³² = ~4.3 billion possible IPv4 addresses.
What the Slash Means
The /n in CIDR notation specifies how many leading bits of the address are the network prefix – the fixed part that identifies the network. The remaining bits identify individual hosts within that network.
192.168.1.0/24
/24means the first 24 bits are the network prefix- The remaining 8 bits (32 − 24) identify hosts
- Number of addresses: 2⁸ = 256 (ranging from 192.168.1.0 to 192.168.1.255)
CIDR Reference Table
| CIDR | Prefix bits | Host bits | Addresses | Usable hosts |
|---|---|---|---|---|
| /32 | 32 | 0 | 1 | 1 (single host) |
| /31 | 31 | 1 | 2 | 2 (point-to-point links) |
| /30 | 30 | 2 | 4 | 2 |
| /29 | 29 | 3 | 8 | 6 |
| /28 | 28 | 4 | 16 | 14 |
| /27 | 27 | 5 | 32 | 30 |
| /26 | 26 | 6 | 64 | 62 |
| /25 | 25 | 7 | 128 | 126 |
| /24 | 24 | 8 | 256 | 254 |
| /23 | 23 | 9 | 512 | 510 |
| /22 | 22 | 10 | 1,024 | 1,022 |
| /16 | 16 | 16 | 65,536 | 65,534 |
| /8 | 8 | 24 | 16,777,216 | 16,777,214 |
| /0 | 0 | 32 | All addresses | All |
The Subnet Mask
The subnet mask is the network prefix expressed differently – as a 32-bit number with the network bits set to 1 and host bits set to 0.
/24 → subnet mask 255.255.255.0 (24 ones followed by 8 zeros)
/16 → subnet mask 255.255.0.0
/8 → subnet mask 255.0.0.0
Both notations express the same thing. CIDR (/24) is more compact and modern; subnet masks (255.255.255.0) appear in older documentation and some device UIs.
Common Real-World CIDR Blocks
Private IP ranges (RFC 1918):
10.0.0.0/8– large private network (16M addresses)172.16.0.0/12– medium private network (1M addresses)192.168.0.0/16– home network default (65K addresses)
Common cloud configurations:
- A VPC
10.0.0.0/16contains 65,536 addresses, split into subnets like10.0.1.0/24(256 each) - A security group rule
0.0.0.0/0means "all IPv4 addresses" (allow from anywhere) x.x.x.x/32means exactly one specific IP address
Calculating Subnets
To find the network address and broadcast address for a CIDR block:
- Convert the IP to binary
- Apply the prefix length: the first n bits are fixed (network), the rest are host bits
- Network address: all host bits = 0
- Broadcast address: all host bits = 1
- First usable host: network address + 1
- Last usable host: broadcast address − 1
Example: 192.168.5.0/28
- /28 → 28 network bits, 4 host bits
- Addresses: 2⁴ = 16 (192.168.5.0 to 192.168.5.15)
- Network: 192.168.5.0
- Broadcast: 192.168.5.15
- Usable: 192.168.5.1 to 192.168.5.14 (14 hosts)
The CIDR / Subnet Calculator on this site calculates all these values instantly from any CIDR input.
Summary
CIDR notation IP/n splits an IP address into a fixed network prefix (n bits) and variable host bits (32-n bits). The number of addresses in the block is 2^(32-n). /24 = 256 addresses, /16 = 65,536, /8 = 16M. Understanding this makes cloud network configuration, firewall rules, and routing decisions readable and logical.