CIDR notation is the surprisingly elegant way we’ve standardized IP address allocation, letting us carve up the internet into manageable chunks.
Let’s see it in action. Imagine you’re setting up a small office network. You’ve been assigned the IP address block 192.168.1.0/24. What does that /24 even mean?
# Let's look at the raw IP address and the prefix
IP_ADDRESS="192.168.1.0"
PREFIX_LENGTH=24
# Convert the prefix length to a subnet mask
# For /24, it's 255.255.255.0
# The binary representation is 24 ones followed by 8 zeros
# 11111111.11111111.11111111.00000000
SUBNET_MASK="255.255.255.0"
# The network address is the IP address ANDed with the subnet mask
# In our case, 192.168.1.0 AND 255.255.255.0 is 192.168.1.0
NETWORK_ADDRESS="192.168.1.0"
# The broadcast address is the network address ORed with the bitwise NOT of the subnet mask
# NOT(255.255.255.0) is 0.0.0.255
# 192.168.1.0 OR 0.0.0.255 is 192.168.1.255
BROADCAST_ADDRESS="192.168.1.255"
# The usable host addresses are from the network address + 1 to the broadcast address - 1
# So, 192.168.1.1 to 192.168.1.254
FIRST_HOST="192.168.1.1"
LAST_HOST="192.168.1.254"
echo "Network: ${NETWORK_ADDRESS}/${PREFIX_LENGTH}"
echo "Subnet Mask: ${SUBNET_MASK}"
echo "Broadcast: ${BROADCAST_ADDRESS}"
echo "Usable IPs: ${FIRST_HOST} - ${LAST_HOST}"
This /24 is the "prefix length" in CIDR notation. It tells us how many bits, starting from the left, are fixed for the network portion of the IP address. The remaining bits are for the host portion.
An IPv4 address is 32 bits long. So, a /24 means the first 24 bits define the network, and the remaining 32 - 24 = 8 bits are for individual devices (hosts) within that network. This gives us $2^8 = 256$ total addresses. However, the first address is reserved for the network itself (e.g., 192.168.1.0), and the last address is reserved for the broadcast address (e.g., 192.168.1.255). That leaves 256 - 2 = 254 usable IP addresses for devices.
When you see 192.168.1.0/24, it’s a shorthand for 192.168.1.0 with a subnet mask of 255.255.255.0. The / and the number are the CIDR notation. It’s a way to express a network address and its size without explicitly writing out the full subnet mask.
The magic happens in how these bits are interpreted. For 192.168.1.0/24:
192.168.1.0in binary is11000000.10101000.00000001.00000000- The
/24means the first 24 bits (11000000.10101000.00000001) are the network portion. - The remaining 8 bits (
.00000000) are the host portion.
This allows for flexible network design. If you need a smaller network, you can use a larger prefix length. For example, 192.168.1.0/25 would mean the first 25 bits are for the network, leaving 32 - 25 = 7 bits for hosts. This gives $2^7 = 128$ total addresses, or 128 - 2 = 126 usable IPs. This effectively splits the original /24 block into two /25 subnets: 192.168.1.0/25 (addresses 192.168.1.0 to 192.168.1.127) and 192.168.1.128/25 (addresses 192.168.1.128 to 192.168.1.255).
Conversely, if you have a large block and want to combine it with an adjacent one, you use a smaller prefix length. For instance, 192.168.0.0/23 covers addresses from 192.168.0.0 to 192.168.1.255. This is because the /23 means the first 23 bits are the network portion, leaving 32 - 23 = 9 bits for hosts, giving $2^9 = 512$ addresses in total. This single /23 block encompasses two /24 blocks: 192.168.0.0/24 and 192.168.1.0/24.
The beauty of CIDR is that it’s a unified system. Routers and network devices use this notation to understand network boundaries, determine if an IP address is on the local network or needs to be routed elsewhere, and manage IP address assignments efficiently. It eliminated the old classful addressing system (Class A, B, C), which was rigid and wasteful.
Most people think of a subnet mask as a fixed value like 255.255.255.0, but CIDR notation reveals that the mask is entirely dependent on the prefix length. The prefix length is the single, definitive value that dictates the size of the network and the range of IP addresses it contains.
The next step is understanding how these CIDR blocks are allocated and how they route traffic across the internet.