My IP Help

CIDR Notation

Also known as: CIDR, Classless Inter-Domain Routing

A compact way to describe an IP address range, written as an address followed by a slash and a prefix length like 192.0.2.0/24.

Last updated:

What is CIDR notation?

CIDR notation (Classless Inter-Domain Routing) is the standard way to describe a range of IP addresses. It consists of an IP address followed by a slash and a prefix length — a number that specifies how many of the leading bits are fixed for the network portion. For example:

  • 192.0.2.0/24 — a range of 256 IPv4 addresses (192.0.2.0 through 192.0.2.255)
  • 10.0.0.0/8 — about 16.7 million addresses (the whole 10.x.x.x private range)
  • 2001:db8::/32 — an IPv6 range of 2⁹⁶ addresses

Introduced in RFC 4632, CIDR replaced the older class-based system (Class A, B, C), which wasted enormous amounts of address space by forcing allocations to power-of-2 boundaries.

How the prefix length works

The prefix length is the count of network bits from the left. In IPv4, a /24 means 24 network bits and 8 host bits (256 addresses). A /16 means 16 network bits and 16 host bits (65,536 addresses). The smaller the number, the larger the block:

| Prefix | IPv4 Host Count | Equivalent Subnet Mask | |--------|----------------:|------------------------| | /8 | 16,777,216 | 255.0.0.0 | | /16 | 65,536 | 255.255.0.0 | | /24 | 256 | 255.255.255.0 | | /30 | 4 | 255.255.255.252 |

Where CIDR is used

CIDR notation appears throughout networking: firewall rules (allow 203.0.113.0/24), routing tables, ASN prefix announcements, cloud provider allow-lists, geolocation databases, and abuse reports. Our CIDR to IP range tool converts CIDR blocks to explicit start/end addresses for firewall configuration.

Frequently Asked Questions

Take the prefix length and subtract from 32 (for IPv4) to get the number of host bits. The block contains 2^(host_bits) addresses. For `192.0.2.0/24`, host bits = 32 - 24 = 8, so the block has 2^8 = 256 addresses, from `192.0.2.0` through `192.0.2.255`. Most firewalls accept CIDR directly, but some legacy ones require the explicit start/end pair, which our CIDR-to-IP-range tool produces.
A `/32` prefix in IPv4 means all 32 bits are network bits and zero bits are for hosts — so the block contains exactly one address. It is how you write a single IP address in any notation that expects a CIDR block, such as a firewall rule (`allow 203.0.113.5/32`). The IPv6 equivalent for a single address is `/128`.
A `/0` prefix means zero network bits — the block matches every possible IPv4 address (`0.0.0.0/0`) or every possible IPv6 address (`::/0`). It is the wildcard "match anything" entry used in default routes and catch-all firewall rules. Always be cautious with `/0` in allow rules; it disables the filter entirely.
They describe the same boundary in two different formats. A subnet mask spells out which bits are network and which are host as a full dotted-decimal address (`255.255.255.0`); a CIDR prefix length is just the count of network bits (`/24`). They are interchangeable — `/24` and `255.255.255.0` describe identical blocks. CIDR is more compact and is used in modern routing tables, firewall configs, and cloud allow-lists; subnet masks linger in older OS network settings.
Classful addressing (Class A, B, C) forced allocations into rigid power-of-two boundaries — Class A = 16.7M addresses, Class B = 65K, Class C = 256. An organization that needed 1,000 addresses had to take a Class B (wasting 64,000) or four Class Cs (and then deal with routing complexity). CIDR (RFC 4632, 1993) lets blocks be any prefix length from /1 to /32, restoring efficient allocation and slowing IPv4 exhaustion by years.
Back to glossary