The three-line definition

CIDR (Classless Inter-Domain Routing) is the modern way to describe an IP address range. A CIDR block is written as address/prefix-length — 10.0.0.0/16, 192.168.1.0/24, 2001:db8::/32. The number after the slash is how many leading bits of the address identify the network; the remaining bits identify hosts inside that network.

That is the whole notation. Everything below is the why and the which sizes do I use.

How the prefix splits the bits

An IPv4 address is 32 bits. A /24 means "the first 24 bits identify the network, the remaining 8 bits are the host portion." With 8 host bits you get 2⁸ = 256 total addresses inside the block — 254 of which are usable for hosts after subtracting the network address and the broadcast address.

Going wider increases the host space by powers of two:

flowchart LR
    A["/24<br/>256 addresses<br/>254 hosts"]
    B["/23<br/>512 addresses<br/>510 hosts"]
    C["/22<br/>1,024 addresses<br/>1,022 hosts"]
    D["/16<br/>65,536 addresses<br/>65,534 hosts"]
    A -->|1 fewer bit| B -->|1 fewer bit| C -->|6 fewer bits| D

Going narrower — /25, /26, /27 — halves the host count at each step. The smallest useful IPv4 sizes are /30 (4 addresses, 2 hosts — common for point-to-point links), /31 (2 addresses, both usable — RFC 3021 lets you skip the network and broadcast reservation on point-to-point links), and /32 (a single address — used for host routes and individual ACL entries).

Why CIDR exists

Before 1993 the IPv4 address space was carved into three classful sizes:

• Class A — first octet 1-126, fixed /8 (16 million hosts)
• Class B — first octet 128-191, fixed /16 (65,534 hosts)
• Class C — first octet 192-223, fixed /24 (254 hosts)

The waste was enormous. A company that needed 2,000 IP addresses had two choices: take a Class B and burn 63,534 unused addresses, or stitch together eight Class C blocks and bloat the global routing table. As the internet grew through the late 1980s, both effects compounded — running out of addresses and exploding routing tables at the same time.

RFC 1519 introduced CIDR in September 1993. The fixed class boundaries were dropped; the prefix length could now be any value from /1 to /32. The same RFC introduced route aggregation — multiple adjacent blocks summarised under one shorter prefix — which is how the global BGP table avoided collapsing under the weight of every individual /24 getting announced separately.

IPv6 uses the same notation, different bit widths

IPv6 addresses are 128 bits long, so the prefix lengths are correspondingly bigger. The notation is identical:

• /32 — typical block assigned to a regional internet registry's customer (still enormous, 2⁹⁶ addresses)
• /48 — typical end-site assignment from an ISP (65,536 /64s inside)
• /56 — common residential allocation
• /64 — the standard size for a single LAN segment (so the lower 64 bits can be used by stateless address autoconfiguration)

The math is the same; only the bit count under the slash is different.

Common IPv4 sizes engineers actually use

Reverse-DNS zones follow the same boundaries

A /24 reverses cleanly into a single in-addr.arpa zone: 192.168.1.0/24 → 1.168.192.in-addr.arpa. A /16 covers a two-label zone (168.192.in-addr.arpa), a /8 a one-label zone (192.in-addr.arpa). CIDR blocks that aren't on octet boundaries (e.g. /27) need RFC 2317 classless delegation tricks — same idea, more CNAME records.

Try the math interactively

The companion CIDR calculator at /tools/cidr computes the network, broadcast, host range, mask, binary representation, and reverse-DNS zone for any IPv4 or IPv6 CIDR block. Useful for confirming a /27 does what you think it does before you cut a firewall rule.