23 October 2016

One of these days I find the need to create a VPC on AWS. “CIDR”, says an input box. Somewhere on the page is this:

An internet search and 10 minutes later, it all feels like bread-butter-jam. So what does “CIDR” mean?

IPv4 is a 32 bit addressing system. 32 not because of any scientific reason. Just that a bunch of people thought that would be sufficient to assign unique IP addresses to every computer in the world. Maybe they foresaw that manufacturers would put a computer in everything to make it smarter. Phone, camera, lock, etc.

The entire IPv4 address can be represented in 32 bits. And it is grouped into 8 bits separated by dots (Yes this is binary representation).

Caution: Binary representation coming up. May cause nausea.


Aptly called the “quad-dotted notation” (four groups of bits). Each group of 8 bits is an octet. So we have 4 octets.

Dots are for readability.

Consider 8 bits only (or 1 octet)

In 8 bits, the minimum you can represent is

0000 0000

which is 0.

To check the maximum we can represent in 8 bits, flip all the bits to 1. And you get

1111 1111

which is the binary representation for 255. No magic, I used WolframAlpha.

If you want to go one number further to 256, you’ll have to increase the number of bits from 8 to 9 bits. So 255 is the maximum that can be represented in 8 bits.

The IPv4 address

Going by what we learnt previously, the maximum IPv4 address we can have is

If x is the number of bits we use to represent our address, 2x is the number of unique IP addresses, we can have. For an IPv4 address, that is 232. That’s the total number of IPv4 addresses that can exist. (Only use-case to know the result of the calculation is to satisfy curiosity. Moving on.)

Representing range of IP addresses

We’ll find ourselves having to represent ranges of IP addresses like to

These ranges are called Subnets. This kind of grouping is called “subnetting”.

CIDR notation makes it easier to represent such ranges. The above mentioned range, for example can be written as

24 bits is the length of the Network Prefix. Meaning the first 24 bits should remain the same and everything else can change.

24 bits is three octets. In the above IP address, that is 4.2.2. Which means the last octet of bits can represent anything from 0 to 255. That is 256 IP addresses in the range.

Another example:

16 is two octets. Which means the first 16 bits is the Network Prefix and everything else can change.

The range specified above includes:

  • to
  • to
  • to
  • … up until to

For the sake of saving space, characters and time, that can simply be written as to

Calculating IP addresses in the subnet

To calculate the number of IP addresses in this subnet use 2x, where

x = totalAddressSizeInBits - size(NetworkPrefixInBits)
x = 32 - 16
x = 16

Number of IP addresses would be 216.

One last example:

This is an odd one. 20 is not a multiple of 8. You have some Sherlocky thoughts and figure out that 20th bit is somewhere in the 3rd octet.

We know that the first two octets 172.31, will remain the same, but for the 3rd octet, we’ll calculate in binary. 32 in binary is 100000. That is just 6 bits. We’ll prefix two zeroes to represent it in 8 bits (the value still remains 32):

Bit number 17th 18th 19th 20th 21th 22th 23th 24th
Bit value 0 0 1 0 0 0 0 0

Everything until the 20th bit is prefix and everything else after may change. The minimum value that can be represented using the prefix is already given to us. It’s 32.

Let’s see what maximum number can be represented by keepng the prefix the same. Flip the rest of the bits to maximum value ‘1’.

0010 1111

That is the binary value of 47 (again, the internet helped me). So our subnet’s starting IP is and ending IP is

The total number of IP addresses in this subnet is 212. That is 4096 IPs.

That is CIDR notation.

  • There are a number of CIDR calculators available online.
  • To understand why it was called “CIDR”, it’ll serve us well if we went on a history tour and read about what it replaced - “Classful Networks”.