How can we explain CIDR notation with /24 and /32 to a manager?
Solution 1:
An ip address consists of four numbers separated with a dot between each. You read it from left to right, and each dot adds a level of detail. This is very similar to a real address, think about:
Country.City.Street.Housenumber
I'm sorry, but this is simply wrong. The dots do not have any significance. They are only there to make a 32-bit binary number (that's all that an IPv4 address is) easier for humans to read. You can't infer any hierarchy from them. If you're explaining IP addresses that way, you're misleading people.
I know you don't want to get into subnet masks or binary math, but there's really no way around it. I'll keep it as simple as I can.
IP addresses have a two-level hierarchy: network and host. Think of area code and number for your phone (at least in the US). Ten digit telephone numbers have a fixed format: 3 digits for the area code, and 7 digits for the phone number. Similarly, for IP addresses, part of that 32-bit binary number is the network address portion, and part is the host address portion.
Unlike phones, IP addresses do not have a fixed format for hierarchy. The number of (binary) digits that make up the network and host portions can vary. Where you divide the bits between the two is determined by the subnet mask (There. I said it).
The CIDR notation tells you how many bits of the address belong to the network portion. For example, /20 means the first 20 bits of the address are the network portion of the address -- the rest (32 - 20 = 12) are the host portion. /24 means 24 bits are the network and 8 are the host (32 - 24 = 8), and so on.
If all you're doing is typing in address into your browser, you don't need to know the binary math. But if you're creating networks and assigning addresses, you need to understand the binary math behind them. Otherwise you will make mistakes that lead to incorrect addresses.
EDIT:
I know that my answer will go over the heads of many so-called "managers", but it's important that YOU understand it so you can explain it better. It you're confused, your explanation will be confusing (and possibly wrong). Based on your scenario, the best simple explanation I can give is this:
IP addresses are divided into two parts - network and host, just like telephone numbers are divided into parts - area/city code and number. The /xx indicates how much of the IP address is the network part and how much is the host part.
I wouldn't go any deeper than that. If you get questions, then you'll have to bring in binary and subnet masks.
Solution 2:
You don't need even that detail. Simply treat them as magic values:
Short answer: An IP address has four blocks of digits. There is a standard notation called CIDR where if you put /24 at the end it means every IP address that starts by the same three numbers. So if you put 192.168.120.0/24 that means that access is allowed from every IP address from 192.168.120.0 to 192.168.120.255 so only those within the allowed range is allowed into the system.
Any network/security engineer actually needing to set that will understand that setting right away. If you sidetrack the product showcase into a Networking 101 you will lose time that could be used to present other features, while the technical people that is also in the meeting and that know perfectly about CIDR will be cringing about such waste of time.† And that manager won't need such information, anyway. It's best IMHO to ask them to question you after the meeting / send you a mail if they are interested in the long, detailed answer.
Nothing wrong about being curious and wanting to know more about it, but a product showcase is not the right place, and I suspect in reality such manager probably don't really mind about that detail.
† In fact, this simplified version may lead those network engineers to jump asking if you don't support IPv6, which they are using internally. A more accurate version of that answer would start by “An IPv4 address is formed by four octets...“ which would already get the manager lost in the first phrase.
Solution 3:
... how many house numbers the street has.
If you have more than 256 houses in a street, you need to use part of the street number for house numbers. This is only important to know when you want to know if someone else lives on the same street as you because you drop off letters directly instead of giving them to the post office.
Solution 4:
Here are some partial building blocks for you:
"Lets say you have an IP address, for example 123.4.5.6. It is a single IP address. However, if we change it a bit, we can get something like this: 123.0.0.0/8
That latter concept is something called a CIDR notation. You can think now that it is kind of a bunch of IP addresses. 123.0.0.0/8 means the same as 123.* .* .* Also, 123.0.0.0/16 means 123.0.* .*
So, the number after the slash tells how much of the address can be wildcards. The smaller the number, the bigger the amount of wildcards.
Wildcards start from the end of the address."
Solution 5:
Nobody has yet addressed the "why" of subnet masks. At least in my understanding...
A subnet mask represents the scope of a broadcast domain.
Computers/devices within a subnet domain are able to discover other devices within that subnet. They can also find out how to communicate (find each others address) even though they initially know nothing about each other.
Computers/devices across different subnet domains cannot discover each other. Something must be known about the device being sought (such as a device name in the DNS system) before the devices can communicate.
An (rather poor) analogy may be multiple open-plan offices within a building. I can walk around my open plan office and introduce myself to anyone else. However to find someone in a different open-plan office I need to walk to reception, identify a specific person by name, and ask the receptionist in which room, and at which desk the person maybe found.