CIDR for Dummies

Solution 1:

CIDR (Classless Inter-Domain Routing, pronounced "kidder" or "cider" - add your own local variant to the comments!) is a system of defining the network part of an IP address (usually people think of this as a subnet mask). The reason it's "classless" is that it allows a way to break IP networks down more flexibly than their base class.

When IP networks were first defined, IPs had classes based on their binary prefix:

Class    Binary Prefix    Range                       Network Bits
A        0*               0.0.0.0-127.255.255.255     8
B        10*              128.0.0.0-191.255.255.255   16
C        110*             192.0.0.0-223.255.255.255   24
D        1110*            224.0.0.0-239.255.255.255
E        1111*            240.0.0.0-255.255.255.255

(Note that this is the source of people referring to a /24 as a "class C", although that's not a strictly true comparison because a class C needed to have a specific prefix)

These binary prefixes were used for routing large chunks of IP space around. This was inefficient because it resulted in large blocks being assigned to organizations who didn't necessarily need them, and also because Class Cs could only be assigned in 24 bit increments, meaning that routing tables could get unnecessarily large as multiple Class Cs were routed to the same location.

CIDR was defined to allow variable length subnet masks (VLSM) to be applied to networks. As the name applies, address groups, or networks, can be broken down into groups that have no direct relationship to the natural "class" they belong to.

The basic premise of VLSM is to provide the count of the number of network bits in a network. Since an IPv4 address is a 32-bit integer, the VLSM will always be between 0 and 32 (although I'm not sure in what instance you might have a 0-length mask).

The easiest way to start calculating VLSM/CIDR in your head is to understand the "natural" 8-bit boundaries:

CIDR    Dotted Quad
/8      255.0.0.0
/16     255.255.0.0
/24     255.255.255.0
/32     255.255.255.255

(By the way, it's perfectly legal, and fairly common in ACLs, to use a /32 mask. It simply means that you are referring to a single IP)

Once you grasp those, it's simple binary arithmetic to move up or down to get number of hosts. For instance, if a /24 has 256 IPs (let's leave off network and broadcast addresses for now, that's a different networking theory question), increasing the subnet by one bit (to /25) will reduce the host space by one bit (to 7), meaning there will be 128 IPs.

Here's a table of the last octet. This table can be shifted to any octet to get the dotted quad equivalent.

CIDR    Dotted Quad
/24     255.255.255.0
/25     255.255.255.128
/26     255.255.255.192
/27     255.255.255.224
/28     255.255.255.240
/29     255.255.255.248
/30     255.255.255.252
/31     255.255.255.254
/32     255.255.255.255

As an example of shifting these to another octet, /18 (which is /26 minus 8 bits, so shifted an octet) would be 255.255.192.0.

Solution 2:

Each octet is worth 8.

  • 255.0.0.0 /8
  • 255.255.0.0 /16
  • 255.255.255.0 /24
  • 255.255.255.255 /32

So you can quickly narrow down your subnet and then you're just worried about the last 8 bits.

128, 192, 224, 240, 248, 252, 254, 255

+1  , +2 , +3 , +4 , +5 , +6 , +7 , +8
  • 255.128.0.0 = /9
  • 255.192.0.0 = /10
  • 255.224.0.0 = /11
  • 255.240.0.0 = /12
  • 255.248.0.0 = /13
  • 255.252.0.0 = /14
  • 255.254.0.0 = /15

Hope thats clear enough

Solution 3:

A day (sic) late, hopefully not a dollar short. CIDR is the number of contiguous one bits in the IPv4 mask(32 bits) starting at the most significant bit.

10000000 00000000 00000000 00000000 where 1 = most significant bit

The common masks are /8, /16, /24 which all fall on an 8 bit(octet) boundary.

11111111 00000000 00000000 00000000 = /8 = 255.0.0.0

11111111 11111111 00000000 00000000 = /16 = 255.255.0.0

11111111 11111111 11111111 00000000 = /24 = 255.255.255.0

It isn't really hard when it is not octet aligned, but it does require some simple math and understanding of what an octet is.

11111111 11111111 11100000 00000000 = /19

The first two octets of the mask are 255.255 (/16 is less than /19). The last octet is 0(/19 is less than /24). So far we know

11111111 11111111 11100000 00000000 = /19 = 255.255.?.0

When looking at each octet remember it is an 8 bit value, 0 - 255. 

0 0 0 0 0 0 0 0 
1
2 6 3 1
8 4 2 6 8 4 2 1

So the third octet (?) 11100000 is 128 + 64 + 32 = 224. That means

11111111 11111111 11100000 00000000 = /19 = 255.255.224.0

Solution 4:

It is very error prone to calculate non trivial networks by hand. Try a CIDR Calculator instead.

Solution 5:

On the contrary, I think it's good to completely understand CIDR and be able to do calculations in your brain... but sometimes you want to double check your calculations. I like to use the PHP Subnet Calculator: http://share-foo.com/SubnetCalc.php

alt text

Tags:

Networking

Subnet

Cidr

Recent Posts