CIDR

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Send Mail Feedback
Save Permalink URL

CIDR

CIDR stands for Classless Inter-Domain Routing.

In the past, IP addresses were allocated in 'classes' (eg 123.x.y.z was a Class A address, 197.31.x.y was a Class B address and 241.12.63.x was a Class C address). This meant that some organisations were getting far more IP addresses than they needed. For instance, even if you just needed 5 public IP addresses, you were allocated a Class C address, meaning you had 256 addresses, and if you needed 300, you were allocated a Class B meaning you had 65536 addresses, and if you needed more than 65536, you were allocated a Class A giving you over 16 million addresses.

In 1993, when it started to become clear that the Internet was going to be popular, it was realised that this was very inefficient and would lead to rapid exhaustion of IPv4 addresses. The IETF then introduced CIDR which is 'Classless' rather than the previous 'Classful' addressing. With CIDR, an address range can be any power of 2 size (1,2,4,8,16 etc). Because 2 IP addresses are reserved for the network address and broadcast address, and one is needed for a router, the '2' and '4' sizes are almost never used but they are still valid addresses. This meant it was far more efficient: if you need 5 addresses, you can be allocated an 8 address range, or if you need 300 you can be allocated a 512 address range. It is still wasteful, but this is necessary to allow fast performance from routers.

CIDR Notation

CIDR networks are often notated using as <network address>/<prefix size>. This is known as 'CIDR notation'.

The "prefix size" is the number of '1's in the subnet mask when written in binary.

So, for instance, a subnet mask of 255.255.255.0 can be written as 11111111 11111111 11111111 00000000 which has 24 '1's, so the prefix size is /24

So, a network address of 192.168.3.0 with a subnet mask of 255.255.255.0 would be written in CIDR notation as 192.168.3.0/24

A single IP address of 192.168.3.72 could be written in CIDR notation as 192.168.3.72/32

Common Subnet mask -> CIDR prefix size conversions

•255.255.255.0 => /24

•255.255.255.240 => /28

•255.255.255.248 => /29

Technical information & IP routing

To understand CIDR and routing fully you need to understand basic binary mathematics and basic IP addressing.

Each IPv4 address consists of 4 numbers from 0 to 255. These can be written as 8 bit binary numbers

So, for instance, 192.168.72.15 can be written as 11000000 10101000 01001000 00001111

You may have encountered 'subnet masks'. In the above example, the subnet mask may be '255.255.255.0'.

255.255.255.0 can be written as 11111111 11111111 11111111 00000000

The CIDR "prefix size" is the number of '1's in the subnet mask when written in binary, so in the above case it would be 24.

CIDR uses the 'network address'. This is important because many problems are because people use host addresses in CIDR notation rather than the network address.

To determine the network address, you can perform a binary AND operation on the IP address and the subnet mask, this will give you the network address.

So, in the above example,

11000000 10101000 01001000 00001111 (192.168.72.15)

AND

11111111 11111111 11111111 00000000 (255.255.255.0)

results in

11000000 10101000 01001000 00000000 (192.168.72.0)

So, 192.168.72.0 is the network address for 192.168.72.15 with a subnet mask of 255.255.255.0.

Note that 192.168.72.0 is NOT ALWAYS the network address if the IP address is 192.168.72.15. The network address depends on the subnet mask as well. If the subnet mask was 255.255.255.248, then you would do

11000000 10101000 01001000 00001111 (192.168.72.15)

AND

11111111 11111111 11111111 11111000 (255.255.255.248)

results in

11000000 10101000 01001000 00001000 (192.168.72.8)

So, in this case, the network address is 192.168.72.8

The right-hand bits for a network address are always zeros.

The way network routing works, is that any IP aware device will do the binary AND operation to determine the network addresses for itself and the target device. If the network addresses are the same, then the two devices can communicate directly. If they are not the same, then the connection has to go via a router. These binary AND operations can be performed very quickly by computers so are efficient in high speed networking.

So, if 192.168.72.15 was trying to communicate with 192.168.72.182 and there is a subnet mask of 255.255.255.0 (CIDR prefix /24) on the source device, the source device will perform

11000000 10101000 01001000 00001111 (192.168.72.15)

AND

11111111 11111111 11111111 00000000 (255.255.255.0)

which results in

11000000 10101000 01001000 00000000 (192.168.72.0)

so, the source device knows that it's network address is 192.168.72.0, then it will perform

11000000 10101000 01001000 10110110 (192.168.72.182)

AND

11111111 11111111 11111111 00000000 (255.255.255.0)

which results in

11000000 10101000 01001000 00000000 (192.168.72.0)

The source device now knows that the target is on the same network as itself so it can communicate directly.

If 192.168.72.15 was trying to communicate with 15.25.83.11 and there is a subnet mask of 255.255.255.248 (CIDR prefix /29) on the source device, the source device will perform

11000000 10101000 01001000 00001111 (192.168.72.15)

AND

11111111 11111111 11111111 11111000 (255.255.255.248)

which results in

11000000 10101000 01001000 00001000 (192.168.72.8)

so, the source device knows that it's network address is 192.168.72.8, then it will perform

00001111 00011001 01010011 00001011(15.25.83.11)

AND

11111111 11111111 11111111 11111000 (255.255.255.248 - note it does not need to know the subnet mask for the target computer, it just uses its own subnet mask again here)

which results in

00001111 00011001 01010011 00001000 (15.25.83.8)

The source device now knows that the target is on a different network (15.25.83.8 or similar) from itself (192.168.72.8) so it knows it has to communicate via a router. It determines which router to use by consulting the Routing Table.

Routing Tables

On each IP aware device there will be a 'routing table' which tells the device how to communicate with any other IP address. Many people are used to the 'default gateway', which is the fallback routing table entry if no other entry matches, but the routing table can contain many route entries. On Windows, the routing table can be viewed and manipulated using the ROUTE command at a command prompt, eg ROUTE PRINT will display the routing table, or ROUTE ADD will add a routing table entry (use ROUTE ? to get basic help on the command).

If you think this help topic could be improved, please send us constructive feedback