# # Networking: Understanding CIDR
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

CIDR

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© November 1998 Tony Lawrence
See also Routing

Up till now, I've been talking about IP addresses and specifying the netmasks by spelling them out: network 192.168.13.0 with a netmask of 255.255.255.0. I've explained that the netmask indicates the bits that are the network part of the address, and that changing anything in those bits puts you on a different network or subnet.

Is there any real difference between a network and a subnet? Not really. Any network is a subnet of something larger, so in that sense, the terms are identical. However, you could look at this another way: your network is the addresses which you can subnet. Or, your network is the bits you cannot change because someone else assigned them to you. As it's always just the number of bits that is important, we can represent networks or subnets another way. The network 192.168.0 with that 255.255.255.0 netmask can be expressed as 192.168.13.0/24. The "24" is the number of bits set to "1" (remember, 8 bits in each section of a mask).

So, a 255.0.0.0 netmask would be /8, a 255.255.0.0 would be /16 and so on. Those are pretty easy. What about masks like 255.255.240.0? If you aren't used to thinking in bits, this might give you a little headache. But don't panic, it's not that hard. One way to think of it is how many bits are not set in the third octet. We have 8 each set in the first two, so that's 16, and it would be 24 if all the bits were set in the third, but bits adding up to 15 (255 - 240) are missing. That's the 8-4-2-1 bits (8 + 4 + 2 + 1 = 15), so 4 bits are missing, so it is a 20 bit mask: /20.



Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1



When you are working the other way, that is, when you've been told that this is network 192.168.16.0/23, I think it's even more useful to think about the "missing" bits. Let's take that one, for example. Obviously it is the "1" bit that is missing. What addresses does this network include?

First, remember that the bits that are masked are inviolate: you cannot change any of those or you are on a different network. So everything up through bit 23 is off limits. You can't change the 192, or the 168. The third octet can't be 18 or 192. That's obvious, right?

But you do have one bit in the third octet you can change, and that's the "1" bit. So the third octet could be 16 or 17 (use the Javascript Bit Twiddler if this is hard for you to see inside your head). Therefore, the possible addresses for 192.168.16.0/23 include 192.168.16.0 to 192.168.17.255. And that is an example of super-netting, which we'll touch more on later. Normally you won't see this kind of mask; you probably will see /25 through /30 (2 - 126 useable addresses). More on that below.

There's something very interesting about this situation, though. You have this 192.168.16.0/23 network. Obviously (I hope it's obvious), there are "unused" bits here that you aren't allowed to touch because of the mask.



Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1



Bits 3, 2 and 1 of the third octet (values 8, 4 and 2) are "covered" by the 23 bit netmask, but they are not set. The same is true for the 7, 6 and 5 bits. Those bits are all masked off, both unset and unavailable for you to use. Only the "16" bit is set within the 23 bit mask (but remember that it is within the mask, so it is off limits: you can't change it), and only the 0 bit is available for you to set or not set. Again, that gives you a subnet that covers both 16 and 17 in the 3rd octet. That gives you more adresses than you'd get with an old-style class C mask, but doesn't waste a class B.

What if you wanted to give someone less adresses than a class C? Simply, the mask would be more than /24. If you were given the CIDR address 201.123.45.48/30, you'd have 201.123.45.48, 201.123.45.49, 201.123.45.50 and 201.123.45.51 only.

Here's another way to think of all this:

A mask of 0 is 256 bits available (256 -0). That gives you 254 addresses because the bottom is the network and the top is the broadcast as always.

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 6.

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /30 is 4 addresses (but still only two useable).

Another way: In all cases, the /xx is the number of bits you can't change- the number of bits that fix your network. /32 is completely fixed to one address so is useless- and so is /31 which gives you 1 bit or two addresses. You can't do anything useful with 2 addresses because all you have is the network and the broadcast. The /30 (or 255.255.255.252) is the first useful mask. /30 gives you 2 bits to play with, so that's 4 addresses (but only two useable of course).

So:


/30 2 bits for you, 4 addresses, 2 useable.
/29 3 bits for you, 8 addresses, 6 useable.
/28 4 bits for you, 16 addresses, 14 useable.
/27 5 bits for you, 32 addresses, 30 useable.
/26 6 bits for you, 64 addresses, 62 useable.
/25 7 bits for you, 128 addresses, 126 useable.
/24 8 bits for you, 256 addresses, 254 useable.
 

What this is all leading up to is the concepts of Classless Interdomain Routing (CIDR) and Variable Length Subnet Masks (VLSM) . You may also have heard the term supernetting or network block; all of this stems from the abandonment of the original network classes (A, B, C).

What was wrong with the class scheme?

Mostly it's just that it was wasteful. Assigning an entire Class C ( /24 mask in the new terminology) to someone who needs half a dozen addresses or less is a terrible waste, and for a while it was looking as though running out of addresses was going to happen very quickly. A couple of things slowed that down, one of which was NAT (Network Address Translation, which means that a small subset of "real" addresses are used to let machines with "inside" addresses talk to the outside world. NAT is very much the same concept as proxying, except that the only thing that happens is that the address is translated) and the other was the CIDR concept we're discussing here.

A related problem was that the bigger guys, who needed more than Class C addresses, were looking at a rapidly diminishing pool of available Class B's (/16 masks), and most of them probably didn't need a full B block anyway. Supernetting multiple C blocks lets those folks get pretty close to what they actually need.

If you'd like to read more about this, I can suggest Managing IP Networks by Scott Ballew.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Networking: Understanding CIDR

4 comments


Inexpensive and informative Apple related e-books:

Take Control of Pages

Sierra: A Take Control Crash Course

Take Control of Apple Mail, Third Edition

Take Control of Numbers

Take Control of Upgrading to El Capitan





More Articles by © Tony Lawrence




---January 8, 2005

The line:

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /32 is 4 addresses (but still only two useable).

Should read:

and /30 is 4 addresses (but still only two useable).

I think...?


---January 8, 2005

Yes, thank you - fixed.

--TonyLawrence

---January 23, 2005

The line:

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 8.

Should read:

is 8, minus the top and bottom equals 6.

Ivan


---January 23, 2005

Thank you, corrected.

--TonyLawrence






Sun Jun 22 07:03:31 2008: 4355   NickPowers


/32 is used with PPP in dial-up Internet. It assigns a single IP address to the machine with a 255.255.255.255 netmask and the system uses that same IP address as it's default gateway. This causes the system to use the PPP link for it's default gateway (route of last resort). If you have ever worked at an Internet Service Provider (ISP) you would see many /32 subnets.

Nick Powers



Sun Jun 22 07:25:32 2008: 4356   NickPowers


Although /30 may seem silly since it only has two usable addresses but it is one of the most used subnets. It is used for creating point to point connections. For example, if I was an ISP and you bought a T1 circuit from me and I wanted to give you a /24 network (256 IP) I would first use a /30 to establish the 2 ends of the T1 circuit, one on your end and one on my end. Once I had done this then I would put a route in my router routing the /24 to the IP address I assigned to your end of the /30. This also is how DSL providers set up DSL circuits. I have often wondered why Cable modem providers don't use this method but they don't.

So say I have a /30 100.100.100.0/30 (which gives me 100.100.100.0 as a network address, 100.100.100.1 and 100.100.100.2 as usable IP addresses and 100.100.100.3 as my broadcast address). Also following the scenario above I want to route over 100.100.1.0/24 to you then I could do this:

ISP Router(100.100.100.1)-------T1 LINE-------YOU(100.100.100.2)

route add 100.100.1.0 255.255.255.255 100.100.100.2

So, you would have a router with 2 interfaces one is T1 and one is Ethernet. The T1 interface would be 100.100.100.2/30 and your Ethernet interface (the one you would set the computers on your Ethernet segment as their default gateway) could be any of the 100.100.1.0/24 but the most likely suspect would be 100.100.1.1/24 and then you would assign 100.100.1.2-100.100.1.254 for systems.

Your router would look like this:

----T1----(100.100.100.2/30)----Ethernet--(100.100.1.1/24)

Hope this helps

I agree though that /31 is useless, if anyone knows a practical use for this subnet please email me because I have never seen it used.

Nick Powers



Sun Jun 22 07:30:26 2008: 4357   NickPowers


oops this:

route add 100.100.1.0 255.255.255.255 100.100.100.2

should read:

route add 100.100.1.0 255.255.255.0 100.100.100.2

the previous is a /32 mask and the later is a /24.

Sorry for the mistake (it's late!)

Nick Powers



Tue Aug 23 22:30:12 2011: 9733   NickBarron

gravatar


Just having a trawl through these old articles, interesting and still very useful.

Thanks for showing the usage of /32 Nick

------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Technology is both a tool for helping humans and for destroying them. This is the paradox of our times which we're compelled to face. (Frank Herbert)




Linux posts

Troubleshooting posts


This post tagged:

Networking



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode