TutorialsMonday, January 19, 2026|6 min read

Understanding CIDR Notation: A Practical Guide to IP Subnetting

Learn how CIDR notation works, why it replaced classful networking, and how to calculate subnets with our interactive CIDR calculator.

>By DevTools Team
#networking#cidr#ip-address#subnetting#devops

If you've ever configured a VPC in AWS, set up a Kubernetes cluster, or written firewall rules, you've encountered CIDR notation. Those cryptic numbers like 192.168.1.0/24 or 10.0.0.0/16 might seem intimidating at first, but they're actually an elegant solution to a fundamental problem in networking.

The Problem: IP Address Exhaustion

Back in the early days of the internet, IP addresses were assigned in fixed-size blocks called "classes":

ClassFirst Octet RangeDefault MaskHosts per Network
A1-126/816,777,214
B128-191/1665,534
C192-223/24254

This system was incredibly wasteful. Need 300 hosts? A Class C (/24) with 254 hosts isn't enough, so you'd get a Class B (/16) with 65,534—wasting over 65,000 addresses!

Enter CIDR (1993)

Classless Inter-Domain Routing solved this by allowing networks of any size. Instead of fixed classes, you specify exactly how many bits define the network vs. host portions of an address.

Reading CIDR Notation

CIDR notation has two parts:

plaintext
192.168.1.0/24
└────┬────┘ └┬┘
  IP Address  Prefix Length (network bits)

The prefix length (after the /) tells you how many leading bits identify the network. The remaining bits identify individual hosts.

Breaking Down 192.168.1.0/24

Let's visualize this in binary:

plaintext
IP Address:  192.168.1.0
Binary:      11000000.10101000.00000001.00000000
             └───────── 24 bits ─────────┘└─ 8 ─┘
                    Network               Host

With 24 network bits and 8 host bits:

  • Network address: 192.168.1.0
  • Broadcast address: 192.168.1.255
  • Usable host range: 192.168.1.1 - 192.168.1.254
  • Total addresses: 2^8 = 256
  • Usable hosts: 256 - 2 = 254 (excluding network and broadcast)

Try It Yourself

Use our interactive CIDR calculator to explore different subnets:

Tool "cidr-calculator" not available for embedding

Common CIDR Blocks

Here are the most frequently used CIDR notations and their purposes:

/8 - Large Enterprise Networks

  • 16,777,216 total addresses
  • Used by major cloud providers and large organizations
  • Example: AWS uses 10.0.0.0/8 internally

/16 - Medium Networks (65,536 addresses)

  • Default for AWS VPCs: 10.0.0.0/16
  • Kubernetes default pod CIDR
  • Docker default bridge: 172.17.0.0/16

/24 - Small Networks (256 addresses)

  • The most common "subnet" size
  • Perfect for small offices: 192.168.1.0/24
  • 254 usable hosts

/30 - Point-to-Point Links (4 addresses)

  • Only 2 usable hosts
  • Ideal for router-to-router connections
  • Minimizes IP waste on links

/32 - Single Host Route

  • Exactly 1 address
  • Used for loopback addresses
  • Common in routing tables

Private IP Ranges

RFC 1918 defines three private address ranges that can be used freely within organizations:

RangeCIDRTotal Addresses
10.0.0.0 - 10.255.255.25510.0.0.0/816,777,216
172.16.0.0 - 172.31.255.255172.16.0.0/121,048,576
192.168.0.0 - 192.168.255.255192.168.0.0/1665,536

These addresses are not routable on the public internet and require NAT (Network Address Translation) to communicate externally.

The Subnet Math

Understanding the binary math makes CIDR calculations intuitive:

Calculating Usable Hosts

plaintext
Usable hosts = 2^(32 - prefix) - 2

The -2 accounts for the network address (all host bits = 0) and broadcast address (all host bits = 1).

PrefixHost BitsTotalUsable
/248256254
/257128126
/2666462
/2753230
/2841614
/29386
/30242

Subnet Mask Conversion

The prefix length directly converts to a subnet mask:

plaintext
/24 = 255.255.255.0   (24 ones, 8 zeros)
/16 = 255.255.0.0     (16 ones, 16 zeros)
/25 = 255.255.255.128 (25 ones, 7 zeros)

Real-World Examples

AWS VPC Configuration

When creating a VPC in AWS:

hcl
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"  # 65,536 addresses
}
 
resource "aws_subnet" "public" {
  cidr_block = "10.0.1.0/24"  # 256 addresses for public subnet
}
 
resource "aws_subnet" "private" {
  cidr_block = "10.0.2.0/24"  # 256 addresses for private subnet
}

Kubernetes Pod CIDR

Kubernetes clusters typically use large CIDR blocks for pod networking:

yaml
# kubeadm configuration
networking:
  podSubnet: "10.244.0.0/16"     # Flannel default
  serviceSubnet: "10.96.0.0/12"  # Service cluster IPs

Docker Networks

Docker uses CIDR for container networking:

bash
# Create a custom network
docker network create --subnet=172.20.0.0/16 my-network
 
# Run container with specific IP
docker run --network my-network --ip 172.20.0.10 nginx

Firewall Rules

Security groups and firewalls use CIDR to define allowed traffic:

bash
# Allow SSH from office network only
iptables -A INPUT -p tcp --dport 22 -s 203.0.113.0/24 -j ACCEPT
 
# Allow HTTP from anywhere
iptables -A INPUT -p tcp --dport 80 -s 0.0.0.0/0 -j ACCEPT

IPv6 CIDR

IPv6 uses the same CIDR concept but with 128-bit addresses:

PrefixCommon Use
/32ISP allocation
/48Site allocation
/64Single subnet (standard)
/128Single host

Example: 2001:db8::/32 represents a /32 allocation with 2^96 possible addresses.

Quick Tips

  1. Powers of 2: Host counts are always powers of 2 (minus 2 for usable)
  2. Doubling rule: Each prefix decrease doubles the network size
  3. Subnet boundaries: Network addresses are always multiples of the subnet size
  4. VLSM: Use Variable Length Subnet Masking to right-size your subnets

Conclusion

CIDR notation is fundamental to modern networking. Whether you're designing cloud infrastructure, configuring Kubernetes, or setting up home networking, understanding how to read and calculate CIDR blocks will make you a more effective engineer.

Use our CIDR Calculator to practice with different subnets and visualize the binary breakdown.

Related Tools