CIDR Notation Explained

What is CIDR?

CIDR stands for Classless Inter-Domain Routing. It replaced the old classful addressing system (Class A, B, C) in 1993 and has been the standard way to describe IP address ranges ever since. CIDR notation combines an IP address with a prefix length, written as a slash followed by a number: 192.168.1.0/24.

That prefix length tells you how large the network is. A /24 contains 256 addresses. A /16 contains 65,536. A /32 represents a single host. The beauty of CIDR is its simplicity: one number encodes the full subnet mask, network size, and address range.

Binary: The Foundation

To truly understand CIDR, you need to think in binary -- at least briefly. An IPv4 address is 32 bits long, organized into four groups of 8 bits (octets), separated by dots. The decimal address 192.168.1.0 looks like this in binary:

Decimal:   192      . 168      . 1        . 0
Binary:    11000000 . 10101000 . 00000001 . 00000000
Bit #:     31---24    23---16    15----8    7-----0

Each octet can represent values from 0 (00000000) to 255 (11111111). This 32-bit structure is the key to everything that follows.

How Subnet Masks Work

A subnet mask is also a 32-bit value, but with a strict pattern: it starts with consecutive 1s followed by consecutive 0s. The 1-bits mark the network portion of the address, and the 0-bits mark the host portion. There is never a gap -- you cannot have a 0 between two 1s in a valid subnet mask.

Mask:      255      . 255      . 255      . 0
Binary:    11111111 . 11111111 . 11111111 . 00000000
           |<--- 24 network bits --->|<- 8 host bits ->|

Address:   11000000 . 10101000 . 00000001 . 00000000
Mask:      11111111 . 11111111 . 11111111 . 00000000
           ─────────────────────────────────────────────
Network:   11000000 . 10101000 . 00000001 . 00000000  = 192.168.1.0

The CIDR prefix length is simply the count of leading 1-bits in the mask. A mask of 255.255.255.0 has 24 ones, so the prefix is /24. A mask of 255.255.0.0 has 16 ones, so the prefix is /16. The slash notation is just a shorthand for the full mask.

Network Bits vs. Host Bits

The prefix length divides the 32 address bits into two groups:

• Network bits (the first N bits): These are fixed and identify the network. All devices on the same subnet share the same network bits.
• Host bits (the remaining 32-N bits): These vary and identify individual devices within the network.

The number of host bits determines how many addresses exist in the subnet: 2^(host bits). For /24, there are 8 host bits, giving 2^8 = 256 total addresses. For /20, there are 12 host bits, giving 2^12 = 4,096 total addresses.

Of those total addresses, two are reserved in standard networking: the all-zeros host address (the network address itself) and the all-ones host address (the broadcast address). So usable hosts = total - 2, except for /31 (point-to-point) and /32 (single host). See our subnet cheat sheet for the complete table.

Visual Guide to Common Prefixes

The following diagrams show how the network/host boundary moves as the prefix length changes. Think of the 32 bits as a sliding divider: moving it right gives you more network specificity but fewer hosts.

|NNNNNNNN|HHHHHHHH.HHHHHHHH.HHHHHHHH|
 8 net     24 host bits
 Mask: 255.0.0.0

|NNNNNNNN.NNNNNNNN|HHHHHHHH.HHHHHHHH|
 16 net bits        16 host bits
 Mask: 255.255.0.0

|NNNNNNNN.NNNNNNNN.NNNNNNNN|HHHHHHHH|
 24 net bits                 8 host bits
 Mask: 255.255.255.0

|NNNNNNNN.NNNNNNNN.NNNNNNNN.NNNNNNNN|
 32 net bits                 0 host bits
 Mask: 255.255.255.255

Calculating Subnets by Hand

Let us walk through a complete calculation for 172.16.35.0/20. This exercise ties together all the concepts above.

Step 1: Write the Address in Binary

172      . 16       . 35       . 0
10101100 . 00010000 . 00100011 . 00000000

Step 2: Write the Subnet Mask

For /20, the mask has 20 ones followed by 12 zeros:

11111111 . 11111111 . 11110000 . 00000000
= 255.255.240.0

Step 3: Find the Network Address

Perform a bitwise AND between the address and the mask. Wherever the mask has a 1, keep the address bit. Wherever the mask has a 0, the result is 0.

Address:  10101100 . 00010000 . 00100011 . 00000000
Mask:     11111111 . 11111111 . 11110000 . 00000000
AND:      10101100 . 00010000 . 00100000 . 00000000
= 172.16.32.0

The network address is 172.16.32.0. Notice how the original address had “35” in the third octet, but the network address has “32”. The host bits in positions 0-3 of that octet were zeroed out.

Step 4: Find the Broadcast Address

Set all host bits to 1:

Network:  10101100 . 00010000 . 00100000 . 00000000
Host 1s:  00000000 . 00000000 . 00001111 . 11111111
OR:       10101100 . 00010000 . 00101111 . 11111111
= 172.16.47.255

Step 5: Determine the Usable Range

• Network address: 172.16.32.0 (not assignable)
• First usable host: 172.16.32.1
• Last usable host: 172.16.47.254
• Broadcast address: 172.16.47.255 (not assignable)
• Total addresses: 2^12 = 4,096
• Usable hosts: 4,094

CIDR and DNS: The Connection

Every domain name on the internet ultimately resolves to one or more IP addresses within specific CIDR ranges. When a DNS A record points example.com to 93.184.216.34, that IP lives inside a routable CIDR block allocated to the hosting provider. Understanding CIDR helps you reason about where a domain is hosted, whether its IP falls within a specific network range, and how reverse DNS (PTR records) map back from IP addresses to domain names. To analyze the full DNS, WHOIS, SSL, and security posture of any domain, try our Domain Dashboard.

Why CIDR Replaced Classful Addressing

Before CIDR, IP addresses were allocated in rigid classes. Class A (/8) had over 16 million addresses, Class B (/16) had 65,536, and Class C (/24) had 256. There was nothing in between. An organization needing 500 addresses would receive a Class B allocation of 65,536 addresses -- wasting over 99% of the space.

CIDR eliminated this waste by allowing any prefix length. Need 500 hosts? Use a /23 (510 usable) instead of a /16 (65,534 usable). This flexibility dramatically slowed the exhaustion of the IPv4 address space and reduced the size of global routing tables.

CIDR Aggregation (Supernetting)

CIDR also enables route aggregation: combining multiple smaller networks into a single, larger route. For example, four contiguous /24 networks can be advertised as a single /22:

10.0.0.0/24  +  10.0.1.0/24  +  10.0.2.0/24  +  10.0.3.0/24
= 10.0.0.0/22

This reduces the number of routes that routers must store and process, which is critical for internet-scale routing. Supernetting only works when the smaller networks are contiguous and align on the correct binary boundary.

Try It Yourself

Calculating subnets by hand is a valuable learning exercise, but for day-to-day work, let the computer do the math. Our Subnet Calculator shows the full breakdown for any CIDR you enter, including the binary representation with highlighted network and host bits. It is the fastest way to verify your mental math or explore unfamiliar prefix lengths.