Saturday, May 30, 2009

Classless Inter-Domain Routing

Classless Inter-Domain Routing, or CIDR as it is also known, is a method used to divide IP address ranges into private networks. This replaces the classful network design, that was found to not be very scalable.

First a bit of background. An IP address is interpreted in two parts. The first part is a prefix that identifies the network, and then a host address that identifies a specific device in that network.

For  in the IP address 123.456.789.123, if 123 is the network prefix, then 456.789.123 is the host address.

An IP address consists of four octets of bits (four bytes), so 32 bits in total. Using the classful network method, network assignments are based on these octets. That means that the only choice with regards to the size of your network prefix, is weather it should be 8, 16 or 24 bits. This results in the choice of having a network size of 24, 16 or 8 bits.

I have written about this in a previous blog post. To summarize, 8 bits is to small for most networks except small home networks, while 16 bits is too large to be managed effectively even for many organizations.

If you have ever assigned a fixed IP address to a device, you probably also had to set the netmask. The common thing to do in a small private network is to set an IP address to, and the netmask to This means, in a simplified way, that the network prefix is the part of the IP address that corresponds to the 255's in the netmask. The rest is the host address. In this cased 192.168.0 is the network prefix, and the 0 is the host address.

To really make sense of this, I'm afraid that we will have to go binary.
11000000.10101000.00000000.00000000 (
11111111.11111111.11111111.00000000 (

Now it's easy to see that the network prefix is simply the part of the netmask that is set to a 1 and the host address is the part of the netmask set to a 0.

Now we can finally start understanding CIDR notation. In CIDR notation, the above IP address and netmask combination will simply be writen as, since there are 24 bits that are set to 1 in the netmask. This means that any IP address that starts with 192.168.0 belongs to the same network. In this case all the addresses from to

The benefit of this notation is that we can configure our network prefix to be other sizes then 8, 16 or 24 bits. For example Lets do that binary thing ones more.
11000000.10101000.00000000.00000000 (
11111111.11111111.11111110.00000000 (/23, this could be represented as

So, 23 bits for the network prefix and 9 for the host address. then means that any address between to would be considered part of the same private network.

We can clearly see this by typing it out in binary.
11000000.10101000.00000000.00000000 (
11000000.10101000.00000001.11111111 (
11111111.11111111.11111110.00000000 (/23)

We can see that both IP addresses have the same first 23 bits. We can also see that we can't use a greater IP address without also changing one of the 23 bits representing the network prefix.

If we instead use as an example, that would mean that all the IP addresses between to would belong to the same network address.
11000000.10101000.00000010.00000000 (
11000000.10101000.00000011.11111111 (
11111111.11111111.11111110.00000000 (/23)

As you can see,the first 23 bits are still the same.

Finally, I'll show you the same thing for
11000000.10101000.00000000.00000000 (
11000000.10101000.00000000.01111111 (
11111111.11111111.11111111.10000000 (/25)

Now the first 25 bits of the IP address needs to be the same, which naturally leads to a smaller IP address range for the private network.

This is of course only applicable to IPv4, but CIDR also exist for IPv6, which works in much the same way.

No comments: