IP Range to CIDR Converter

The IP Range to CIDR Converter takes a start and end IP address and calculates the smallest set of CIDR (Classless Inter-Domain Routing) blocks that cover the range exactly. Instead of manually figuring out prefix lengths and binary boundaries, this tool does the math for you. It is designed for network engineers, cloud architects, and security professionals who need to translate arbitrary IP ranges into CIDR notation for firewalls, security groups, and routing tables.

What Is an IP Range vs CIDR?

An IP range defines a block of addresses by specifying a start address and an end address. For example, 10.0.0.0 to 10.0.0.255 covers 256 addresses. While this notation is human-readable, most networking equipment does not accept ranges directly.

CIDR notation expresses the same block as a base address followed by a prefix length: 10.0.0.0/24. The prefix length indicates how many leading bits are fixed, and the remaining bits define the host portion. CIDR was introduced in RFC 4632 to replace the rigid classful addressing system and allow more flexible allocation of IP address space.

Why Convert Ranges to CIDR?

Networking infrastructure overwhelmingly uses CIDR notation rather than arbitrary ranges:

Firewall rules: Products like iptables, pfSense, and Cisco ASA accept CIDR blocks, not start-end ranges. To block or allow a range in your firewall, you must express it as one or more CIDR prefixes.

Cloud security groups: AWS Security Groups, Azure NSGs, and Google Cloud firewall rules all require CIDR notation. When a threat intelligence feed provides a range, you need to convert it before adding it to your cloud configuration.

Network ACLs: Router access control lists and VPC network ACLs only understand CIDR prefixes. Converting ranges to CIDR ensures your rules are accepted without syntax errors.

BGP route announcements: Border Gateway Protocol advertises routes as CIDR prefixes. Understanding how ranges map to CIDR is fundamental to routing configuration.

How the Conversion Works

The algorithm converts the start and end addresses to their binary representations and then finds the largest power-of-2 aligned block that fits within the range starting from the current position. It works as follows:

1. Begin at the start address. Find the largest CIDR block (smallest prefix length) whose base address equals the current position and whose broadcast address does not exceed the end address.

2. Record that CIDR block, advance the current position to the next address after the block, and repeat.

3. Continue until the current position exceeds the end address.

Each CIDR block must be naturally aligned, meaning the base address must be evenly divisible by the block size. This constraint is why a single range often produces multiple CIDR blocks.

When Multiple CIDR Blocks Are Needed

A range maps to a single CIDR block only when it is perfectly aligned and its size is a power of 2. For example, 10.0.0.0 to 10.0.0.255 maps cleanly to 10.0.0.0/24 (256 addresses, aligned). However, 10.0.0.0 to 10.0.1.130 does not align to any single prefix. This range would be split into multiple CIDR blocks such as 10.0.0.0/24, 10.0.1.0/25, and 10.0.1.128/31, together covering exactly 387 addresses with no overlap or gaps.

The tool always produces the minimum number of CIDR blocks needed to represent the range precisely. This is important because fewer rules mean better performance in firewall rule evaluation and smaller routing tables.

Common Use Cases

Threat intelligence: Blocklists and threat feeds often publish IP ranges. Converting them to CIDR lets you import them directly into your firewall or SIEM.

IP allocation planning: When an ISP or RIR assigns a range, converting to CIDR helps determine how to announce it via BGP or delegate it to customers.

Migration and auditing: During cloud migrations, you may need to convert legacy range-based rules into CIDR format accepted by the new platform.

Compliance documentation: Security audits often require network boundaries expressed in standard CIDR notation rather than ambiguous range descriptions.

Related Tools

Do the reverse operation and expand CIDR blocks into full IP ranges with the CIDR to IP Range Converter. Calculate subnet details including network address, broadcast, and usable hosts with the Subnet Calculator.