LiveChat 
Support 
CIDR Explained: How Classless Inter-Domain Routing Works
If you have ever written a firewall rule, configured a virtual private cloud, or read a hosting provider’s IP allocation, you have run into something like `192.168.10.0/24`. That trailing `/24` is CIDR notation, and understanding it is the difference between guessing at network ranges and defining them with precision. CIDR — short for Classless Inter-Domain Routing — is the system that decides how IP address ranges are written, allocated, and routed across the entire internet. This guide breaks down exactly what CIDR is, how the notation works, how it maps to subnet masks, and why it quietly replaced the rigid system that came before it.
Key Takeaways
• CIDR (Classless Inter-Domain Routing) is a flexible method for allocating and writing IP address ranges, replacing the old fixed Class A/B/C system.
• CIDR notation appends a `/N` prefix to an IP address (e.g. `10.0.0.0/8`), where `N` is the number of bits that identify the network.
• A larger prefix number means a smaller network: `/24` holds 256 addresses, `/16` holds 65,536, `/8` holds over 16 million.
• Every CIDR prefix has an exact subnet mask equivalent — `/24` is the same as `255.255.255.0`.
• CIDR’s deeper purpose is route aggregation, which keeps the global internet’s routing tables from collapsing under their own weight.
What is CIDR?
CIDR stands for Classless Inter-Domain Routing. It is a method, introduced in 1993, for allocating IP addresses and writing IP address ranges flexibly, without being locked into fixed-size blocks. The word that matters most is *classless*.
Before CIDR, the internet used a *classful* addressing system that divided all IPv4 space into three rigid sizes:
- Class A networks held roughly 16 million addresses each.
- Class B networks held about 65,000 addresses each.
- Class C networks held 256 addresses each.
If your organization needed 2,000 addresses, a Class C block of 256 was far too small, but a Class B block of 65,000 was wildly too large. You took the Class B and wasted 63,000 addresses. Multiply that waste across thousands of organizations and you understand why IPv4 — with its ~4.3 billion total addresses — started running out far faster than the math should have allowed.
CIDR threw away those three fixed sizes. Instead of asking “which class do you fit into?”, CIDR lets you allocate *exactly* the size you need, in any power-of-two increment, by specifying how many bits define the network. That flexibility is the whole point: you describe a range by where the boundary between “network” and “host” falls, and you can put that boundary anywhere.
How does CIDR notation work?
CIDR notation writes an IP range as an address followed by a slash and a number: `192.168.1.0/24`. The number after the slash — the prefix length — tells you how many of the address’s 32 bits belong to the network portion. The remaining bits are free to identify individual hosts.
An IPv4 address is 32 bits long. In `192.168.1.0/24`:
- The `/24` means the first 24 bits are the network. They are fixed for every address in this range.
- That leaves `32 – 24 = 8` bits for hosts.
- Eight bits give you `2^8 = 256` possible addresses, from `192.168.1.0` through `192.168.1.255`.
The core relationship is simple and worth memorizing: more bits in the prefix means a smaller network with fewer hosts. A `/24` is smaller than a `/16`, which is smaller than a `/8`. Each step *down* in prefix number multiplies the address count.
Here is how the common prefixes break down:
| CIDR prefix | Host bits | Total addresses | Typical use |
|---|---|---|---|
| `/8` | 24 | 16,777,216 | Very large allocations; entire `10.0.0.0/8` private range |
| `/16` | 16 | 65,536 | Large corporate network or a sizeable VPC |
| `/24` | 8 | 256 | A standard subnet / LAN segment |
| `/32` | 0 | 1 | A single, specific host |
A `/32` is worth a special note: with zero host bits, it identifies exactly one address. You will see `/32` constantly in firewall rules, where it means “this one IP and nothing else.”
How do you calculate the number of addresses in a CIDR block?
The arithmetic is the most useful thing to carry with you, because it lets you size any network in your head.
Total addresses in a block equal `2^(32 – prefix)`. For a `/26`, that is `2^(32-26) = 2^6 = 64` addresses.
Usable host addresses are slightly fewer, because two addresses in every conventional subnet are reserved:
- The first address is the network address (the identifier for the subnet itself).
- The last address is the broadcast address.
So the formula for usable hosts is:
“` usable hosts = 2^(32 – prefix) – 2 “`
A `/24` therefore gives `256 – 2 = 254` usable hosts. A `/26` gives `64 – 2 = 62`. A `/30` — common for point-to-point links between two routers — gives `4 – 2 = 2` usable addresses, exactly enough for both ends of the link. If you want to go deeper on carving a network into these pieces, see the dedicated guide on .
What is the difference between CIDR and a subnet mask?
A CIDR prefix and a subnet mask describe the same boundary in two different formats. They are two ways of writing the identical piece of information: how many leading bits belong to the network.
A subnet mask is a 32-bit value where every network bit is a `1` and every host bit is a `0`. Written in dotted-decimal, `/24` becomes `255.255.255.0` — that is 24 ones followed by 8 zeros. The CIDR prefix is just the *count* of those leading ones, which is why it is so much more compact.
This table shows the equivalence for the most common boundaries:
| CIDR prefix | Subnet mask | Network bits set to 1 |
|---|---|---|
| `/8` | `255.0.0.0` | 8 |
| `/16` | `255.255.0.0` | 16 |
| `/24` | `255.255.255.0` | 24 |
| `/25` | `255.255.255.128` | 25 |
| `/26` | `255.255.255.192` | 26 |
| `/30` | `255.255.255.252` | 30 |
| `/32` | `255.255.255.255` | 32 |
Notice the `/25`, `/26`, and `/30` rows. Under the old classful system, a mask had to land neatly on an 8-bit boundary (`255.0.0.0`, `255.255.0.0`, `255.255.255.0`). CIDR’s classless nature is exactly what lets the boundary fall *inside* an octet, producing masks like `255.255.255.192`. That mid-octet flexibility is what makes variable-length subnetting possible. For more on how addresses themselves are structured, the guide covers the bit layout in detail.
Why did CIDR replace the old class system?
The short answer is efficiency on two fronts at once: it stopped wasting addresses, and it stopped overwhelming routers. The classful system failed at both, and by the early 1990s the failure was becoming an emergency.
The first problem was the address waste described earlier — organizations forced into blocks far larger than they needed. CIDR fixed this by letting allocations match real demand. Need ~2,000 addresses? A `/21` gives you 2,048. You take what fits.
But the second problem is the one most people never learn, and it is the more important one.
CIDR’s deeper purpose isn’t just “flexible subnet sizes” — it’s route aggregation, and that is what actually keeps the global internet’s routing tables from exploding.
Here is the mechanism. Every router on the public internet has to keep a *routing table* — a list of “to reach this network, send traffic this way.” Under the classful system, every individual network was advertised as its own separate route. As the internet grew, these tables ballooned toward millions of entries, and routers physically could not keep up. The internet was on track to run out of router memory before it ran out of addresses.
CIDR introduced supernetting. When a provider owns many adjacent small networks — say, 256 consecutive `/24` blocks — those blocks share a common set of leading bits. CIDR lets the provider advertise all 256 of them to the rest of the internet as a single summarized prefix, a `/16` “supernet.” Every router elsewhere on the planet then stores *one* route instead of 256.
This is the part worth pausing on. The same `/N` mechanism you use to define a private subnet in your hosting account is the *exact* mechanism that lets the entire internet’s routing stay manageable. CIDR notation is not two different ideas wearing the same syntax — it is one idea operating at two scales. A network engineer writing `10.0.0.0/8` for an internal VPC and a backbone provider summarizing thousands of customer networks into one BGP advertisement are doing the same arithmetic. That dual role — simultaneously ending IPv4 address waste *and* keeping global routing scalable — is why CIDR was urgent enough to justify redesigning IP allocation around it.
How do you read and use CIDR in practice?
CIDR shows up everywhere you touch infrastructure. A few concrete patterns:
Allowing an IP range in a firewall. Say you want to permit your office network — `203.0.113.0` through `203.0.113.255` — to reach a server. Rather than writing 256 rules, you write one:
“` allow from 203.0.113.0/24 to any port 22 “`
To allow a single administrator’s static IP, you use a `/32`:
“` allow from 198.51.100.45/32 to any port 22 “`
Defining a subnet in a VPC. When you carve up a virtual private cloud, you assign each subnet a CIDR block. A common layout gives the whole VPC a `/16` and splits it into several `/24` subnets:
“` VPC: 10.20.0.0/16 (65,536 addresses) web subnet: 10.20.1.0/24 (256 addresses) app subnet: 10.20.2.0/24 (256 addresses) db subnet: 10.20.3.0/24 (256 addresses) “`
Each subnet is a non-overlapping slice of the parent block, which is exactly the discipline CIDR enforces.
BGP route aggregation. At the provider level, CIDR is how routes get summarized into supernets before being advertised to peers, as described above.
A practical note on the private ranges you will use most: the blocks reserved for internal networks — `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16` — are all defined in CIDR notation. Knowing their sizes at a glance saves real time; the reference lists them with their usable counts.
Built for the networking control CIDR demands
CIDR matters most when you actually own the network. DarazHost VPS and dedicated servers give you that control: define firewall rules by CIDR range, set up private subnets, and manage IP allocations precisely with full root access. Whether you are summarizing routes, isolating a database subnet, or allowing a single `/32` for an admin, you get the addressing flexibility real infrastructure needs — backed by 24/7 support. It is the difference between renting a slice of someone else’s network and running your own.
When should you use a larger or smaller prefix?
The choice comes down to how many hosts a segment needs, plus a little headroom — never the maximum you can imagine.
- Use a small block (`/28`, `/29`, `/30`) for tightly scoped things: a handful of load balancers, a point-to-point router link, a management subnet. A `/30` with two usable addresses is the canonical choice for a link between two routers.
- Use a mid-size block (`/24`, `/25`, `/26`) for a typical application tier or LAN segment. A `/24`’s 254 usable hosts is the default mental model for “a subnet.”
- Use a large block (`/16` or larger) for an entire VPC or campus, then subdivide it.
The mistake to avoid is over-allocating at the top and under-planning the subdivisions. Reserve a generous parent block, but carve child subnets to fit. Because CIDR boundaries are powers of two, a subnet that is even one host too small forces you up to the next size — so size with a small buffer rather than guessing tight. Addressing strategy also intersects with protocol choice; the tradeoffs differ under , where address scarcity largely disappears.
For the full picture of how CIDR fits alongside DNS, routing, and the rest of the path a request takes to reach a server, see our pillar guide on networking and DNS for hosting.
Frequently asked questions
What does the /24 in an IP address mean? The `/24` is a CIDR prefix indicating that the first 24 bits of the 32-bit IPv4 address identify the network. That leaves 8 bits for hosts, giving 256 total addresses (254 usable). It is equivalent to the subnet mask `255.255.255.0`.
Is CIDR notation the same as a subnet mask? They express the same information in different formats. A subnet mask is a full 32-bit dotted-decimal value (`255.255.255.0`); a CIDR prefix is simply the count of leading network bits in that mask (`/24`). Both describe where the network portion ends and the host portion begins.
How many usable IP addresses are in a /24? A `/24` contains 256 total addresses but 254 usable host addresses. Two are reserved in every conventional subnet: the network address (first) and the broadcast address (last). The general formula is `2^(32 − prefix) − 2`.
Why is a smaller CIDR number a larger network? The number is a count of *network* bits. Fewer network bits leave more bits for hosts, and host count grows as `2^(host bits)`. So `/8` (24 host bits) is enormous, while `/30` (2 host bits) is tiny. The prefix number and the network size move in opposite directions.
What is route aggregation and why does CIDR enable it? Route aggregation, or supernetting, is combining many adjacent network blocks that share leading bits into a single summarized CIDR prefix. Routers elsewhere then store one route instead of many, which is what keeps the internet’s global routing tables from growing unmanageably large. It is CIDR’s most important contribution beyond flexible allocation.
