Loading learning content...
In the early 1990s, the Internet faced an existential crisis. The classful addressing system—with its rigid Class A, B, and C boundaries—was hemorrhaging IP addresses at an alarming rate. Organizations requesting just 500 addresses were allocated an entire Class B network of 65,536 addresses, wasting over 99% of the allocation. Meanwhile, the global routing tables were exploding in size, threatening to overwhelm router memory and processing capabilities.
The solution that emerged wasn't just an incremental improvement—it was a paradigm shift in how we think about IP addressing. That solution was Classless Inter-Domain Routing (CIDR).
By the end of this page, you will understand why CIDR was developed, how it fundamentally differs from classful addressing, the problems it solves, and why it remains the foundation of modern Internet addressing. You'll grasp the historical context that made CIDR necessary and the elegant mathematical principles that make it work.
To understand CIDR, we must first appreciate the magnitude of the problem it solved. The original IPv4 addressing scheme, designed in 1981, divided the 32-bit address space into five rigid classes:
The Fundamental Problem: Granularity Mismatch
Classful addressing offered only three usable network sizes for organizations:
But real-world organizations don't fit into neat categories. What about a company needing 1,000 addresses? Or 10,000? The classful system forced impossible choices.
| Hosts Needed | Class Assigned | Addresses Allocated | Addresses Wasted | Efficiency |
|---|---|---|---|---|
| 500 hosts | Class B | 65,534 | 65,034 | 0.76% |
| 2,000 hosts | Class B | 65,534 | 63,534 | 3.05% |
| 10,000 hosts | Class B | 65,534 | 55,534 | 15.26% |
| 300 hosts | 2× Class C | 508 | 208 | 59.06% |
| 1,000 hosts | 4× Class C | 1,016 | 16 | 98.4% |
The Two-Headed Monster
By the early 1990s, the Internet faced two simultaneous crises:
Address Depletion: Class B addresses were being exhausted rapidly. Organizations that needed more than 254 hosts but fewer than 65,534 were forced to request Class B allocations, wasting enormous chunks of the address space.
Routing Table Explosion: Attempts to conserve Class B addresses by assigning multiple Class C networks created a different problem—routing table explosion. An organization needing 2,000 addresses might receive 8 Class C networks, adding 8 separate entries to the global routing table instead of 1.
The math was brutal: if the Internet continued on its trajectory, routing tables would exceed router memory by 1995, and Class B addresses would be completely exhausted by 1994.
In 1992, the IETF projected that at the current allocation rate, Class B addresses would be completely exhausted by March 1994—just 18 months away. This wasn't theoretical; it was an imminent catastrophe that would have frozen Internet growth. CIDR was developed and deployed under extreme time pressure.
CIDR, defined in RFC 1518 and RFC 1519 (September 1993), represented a fundamental reconceptualization of IP addressing. Instead of the rigid class-based hierarchy, CIDR introduced a simple but profound idea: the network/host boundary can be placed at any bit position in the 32-bit address.
The Core Insight
In classful addressing, the first few bits of an IP address determined its class and, by extension, its network/host boundary:
/8 boundary (first 8 bits = network)/16 boundary (first 16 bits = network)/24 boundary (first 24 bits = network)CIDR eliminated these artificial constraints entirely. Instead, the network portion of an address could be any number of bits from 1 to 32, specified explicitly with a prefix length.
┌─────────────────────────────────────────────────────────────────┐│ CLASSFUL ADDRESSING: Implicit, Rigid Boundaries │├─────────────────────────────────────────────────────────────────┤│ ││ IP Address: 192.168.1.0 ││ ││ First bits reveal class: ││ 110xxxxx = Class C ││ ││ Therefore: Network = 192.168.1.0 (first 24 bits) ││ Hosts = .0 to .255 (last 8 bits) ││ Size = 256 addresses (fixed!) ││ │└─────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────────────────┐│ CIDR ADDRESSING: Explicit, Flexible Boundaries │├─────────────────────────────────────────────────────────────────┤│ ││ 192.168.0.0/22 → Network = first 22 bits ││ Hosts = last 10 bits ││ Size = 2^10 = 1,024 addresses ││ ││ 192.168.0.0/23 → Network = first 23 bits ││ Hosts = last 9 bits ││ Size = 2^9 = 512 addresses ││ ││ 192.168.0.0/25 → Network = first 25 bits ││ Hosts = last 7 bits ││ Size = 2^7 = 128 addresses ││ │└─────────────────────────────────────────────────────────────────┘The Power of Flexibility
This seemingly simple change had profound implications:
Right-Sized Allocations: An organization needing 1,000 addresses could now receive exactly a /22 (1,024 addresses) instead of wasting 64,000+ addresses on a Class B.
Arbitrary Subdivision: Large allocations could be subdivided at any granularity. A /16 (65,536 addresses) could be split into 256 /24s, 64 /22s, or any other combination.
Address Recovery: Unused portions of existing allocations could be reclaimed and reallocated without breaking the addressing structure.
But the true genius of CIDR wasn't just in flexible allocation—it was in how this flexibility enabled address aggregation, which we'll explore in subsequent pages.
CIDR is called 'Classless Inter-Domain Routing' because it operates between autonomous systems (domains) on the Internet, enabling aggregation at network boundaries. The 'classless' part emphasizes the complete rejection of the A/B/C/D/E classification scheme. Every address is treated the same way—as a base address plus a prefix length.
CIDR's power derives from the mathematical properties of binary numbers and prefix-based addressing. Understanding these foundations is essential for working with CIDR in practice.
The Prefix Length
A CIDR prefix length (the number after the /) specifies how many bits of the address are fixed (the network portion). The remaining bits can vary (the host portion).
/n means the first n bits are the network identifier32 - n bits are available for host addresses2^(32-n)| Prefix | Network Bits | Host Bits | Addresses | Subnet Mask | Classful Equivalent |
|---|---|---|---|---|---|
| /8 | 8 | 24 | 16,777,216 | 255.0.0.0 | 1 Class A |
| /16 | 16 | 16 | 65,536 | 255.255.0.0 | 1 Class B |
| /20 | 20 | 12 | 4,096 | 255.255.240.0 | 16 Class C |
| /22 | 22 | 10 | 1,024 | 255.255.252.0 | 4 Class C |
| /24 | 24 | 8 | 256 | 255.255.255.0 | 1 Class C |
| /26 | 26 | 6 | 64 | 255.255.255.192 | 1/4 Class C |
| /28 | 28 | 4 | 16 | 255.255.255.240 | 1/16 Class C |
| /30 | 30 | 2 | 4 | 255.255.255.252 | Point-to-point |
| /32 | 32 | 0 | 1 | 255.255.255.255 | Single host |
Block Alignment: The Critical Constraint
Not every IP address can serve as the start of any CIDR block. A CIDR block must be properly aligned—meaning the starting address must be divisible by the block size.
For example:
192.168.0.0/24 is valid (192.168.0.0 is divisible by 256)192.168.1.0/24 is valid (192.168.1.0 is divisible by 256)192.168.0.128/24 is invalid (192.168.0.128 is not divisible by 256)The alignment rule ensures that CIDR blocks don't overlap in unintended ways and can be aggregated cleanly.
12345678910111213141516171819202122
# Understanding CIDR Block Alignment# A block with prefix /n must start at an address divisible by 2^(32-n) Example: /22 block (1,024 addresses)Block size = 2^(32-22) = 2^10 = 1,024 Valid /22 blocks:192.168.0.0/22 → 192.168.0.0 = 3232235520 (divisible by 1024 ✓)192.168.4.0/22 → 192.168.4.0 = 3232236544 (divisible by 1024 ✓)192.168.8.0/22 → 192.168.8.0 = 3232237568 (divisible by 1024 ✓) Invalid /22 blocks:192.168.1.0/22 → 192.168.1.0 = 3232235776 (not divisible by 1024 ✗)192.168.2.0/22 → 192.168.2.0 = 3232236032 (not divisible by 1024 ✗)192.168.3.0/22 → 192.168.3.0 = 3232236288 (not divisible by 1024 ✗) Binary representation of valid /22 boundaries:192.168.0.0 = 11000000.10101000.000000|00.00000000192.168.4.0 = 11000000.10101000.000001|00.00000000192.168.8.0 = 11000000.10101000.000010|00.00000000 ^ The /22 boundary (last 10 bits = host portion)In binary, a properly aligned CIDR block always has zeros in all the host bits of its starting address. This is why 192.168.4.0/22 is valid (binary ends in 10 zeros for host portion) but 192.168.1.0/22 is not (the .1 means some host bits are set in the base address).
Understanding the fundamental differences between classful and classless addressing clarifies why CIDR represented such a revolutionary change in Internet architecture.
The Routing Information Problem
Consider how routing changes between the two systems:
Classful Scenario: An ISP needs to advertise connectivity to 16 customers, each with a Class C network.
CIDR Scenario: The same 16 networks, if contiguous, become:
This aggregation capability is what saved the Internet from routing table collapse.
Within two years of CIDR deployment (1993-1995), the exponential growth of Internet routing tables slowed dramatically. What would have reached 100,000+ entries was held under 40,000 through aggressive aggregation. CIDR bought the Internet enough time for IPv6 development and continues to be the foundation of address management today.
CIDR transformed not just the technical format of addresses, but the entire ecosystem of address allocation. Understanding this hierarchy is essential for network engineers.
The Hierarchical Allocation Model
CIDR enabled a clean hierarchical distribution of address space:
IANA (Internet Assigned Numbers Authority)
RIRs (Regional Internet Registries)
ISPs (Internet Service Providers)
End Organizations
Provider-Aggregatable (PA) vs Provider-Independent (PI) Addresses
CIDR creates two categories of address allocations:
Provider-Aggregatable (PA):
Provider-Independent (PI):
CIDR's effectiveness depends on addresses being allocated contiguously and hierarchically. When addresses are fragmented (due to PI allocations, mergers, or historical assignments), aggregation becomes impossible, and routing table growth accelerates. This is why RIRs carefully manage address allocation policies.
Three decades after its introduction, CIDR remains the foundational addressing scheme for the Internet and virtually all IP networks. Its principles have been extended and adapted to modern networking contexts.
Cloud Computing and CIDR
Every major cloud provider uses CIDR extensively:
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
# AWS VPC Design Using CIDR Blocks# Demonstrates hierarchical CIDR subdivision resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" # 65,536 addresses for entire VPC tags = { Name = "Production-VPC" }} # Public subnets: 10.0.0.0/20 - 10.0.15.255 (4,096 addresses each)resource "aws_subnet" "public_az1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.0.0/20" # 10.0.0.0 - 10.0.15.255 availability_zone = "us-east-1a"} resource "aws_subnet" "public_az2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.16.0/20" # 10.0.16.0 - 10.0.31.255 availability_zone = "us-east-1b"} # Private subnets: larger blocks for application serversresource "aws_subnet" "private_az1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.128.0/18" # 10.0.128.0 - 10.0.191.255 (16K addresses) availability_zone = "us-east-1a"} resource "aws_subnet" "private_az2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.192.0/18" # 10.0.192.0 - 10.0.255.255 (16K addresses) availability_zone = "us-east-1b"} # Database subnets: smaller, isolated blocksresource "aws_subnet" "database_az1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.32.0/24" # 10.0.32.0 - 10.0.32.255 (256 addresses) availability_zone = "us-east-1a"} # Security group using CIDR for access controlresource "aws_security_group_rule" "allow_internal" { type = "ingress" from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["10.0.0.0/16"] # Allow all traffic within VPC security_group_id = aws_security_group.internal.id} resource "aws_security_group_rule" "allow_partners" { type = "ingress" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = [ "203.0.113.0/24", # Partner A network "198.51.100.0/25", # Partner B network ] security_group_id = aws_security_group.api.id}Container Networking and CIDR
Container orchestration platforms like Kubernetes use CIDR extensively:
IPv6 and CIDR
CIDR concepts carry directly to IPv6, which was designed with CIDR from the start:
2001:db8::/32 (standard allocation size)/48 (280 trillion subnets possible)/64 (standard subnet size)Whether you're configuring a home router, designing an enterprise network, deploying cloud infrastructure, or writing firewall rules, CIDR notation is the universal language. Mastering it pays dividends across every area of networking.
CIDR represents one of the most significant evolutionary steps in Internet architecture. By eliminating the artificial class boundaries and enabling flexible prefix lengths, CIDR solved the immediate crises of address depletion and routing table explosion while providing a framework that continues to scale today.
/n notation clearly specifies the network portion, removing ambiguity./n block contains 2^(32-n) addresses, enabling predictable calculations.What's Next:
Now that we understand what CIDR is and why it was developed, we'll dive into the practical mechanics. The next page covers prefix notation in depth—how to read, write, and calculate CIDR blocks, with hands-on examples that will make you fluent in /n notation.
You now understand the foundational concepts of CIDR—why it was created, how it differs from classful addressing, and its ongoing importance in modern networking. The next page will build on this foundation with practical prefix notation skills.