What is CIDR?

Revised February 21, 2005

What could be simpler?

Questions? Comments? AL "at" CatSpace "dot" com


I've had several CatSpace fans ask for an overview of CIDR, so here it is.

CIDR (Classless Inter-Domain Routing) is discussed in RFC 1519. There are three parts to it ...


Part 1: In "CIDR notation", masks are represented by the number of bits (starting from the left) that are set to "one". For example, a mask of 255.255.255.0 (the default mask for a class C network) is "/24". The default mask for a class A network (255.0.0.0) is "/8", and the default mask for a class B (255.255.0.0) is "/16". Since there are 32 bits in a mask, the range of masks is from "/0" (0.0.0.0) to "/32" (255.255.255.255). As a final example, a subnet mask of 255.255.255.248 is a "/29" in CIDR notation.


Part 2: Classful addressing (A, B, C, etc) is obsolete. Instead of handing out an entire A, B or C network to an organization, address space can be assigned in "chunks" that fit the need. For example, suppose that an organization needs a "class C" worth of address space (254 hosts). What difference does it make whether they are given 200.201.202.0/24 (a class C), 150.201.202.0/24 (1/256th of a class B), or 100.201.202.0/24 (1/65,536th of a class A)? Because each of these specifies eight host bits, they all support 254 hosts.

Suppose that an organization needs only 126 addresses. To give them an entire class C network would be wasteful. They could be given half of a C, such as 200.201.202.0/25 (the lower half of 200.201.202.0/24) or 200.201.202.128/25 (the upper half of 200.201.202.0/24). Of course, 150.201.202.0/25 or 150.201.202.128/25 (either is 1/512th of a B) would do the trick. Likewise for 100.201.202.0/25 or 100.201.202.128/25 (either is 1/131,072th of an A). If they needed only 62 addresses, how about 200.201.202.64/26, 150.201.202.128/26 or 100.201.202.192/26? For those of you who think that you can't use the "all-zeros" and "all-ones" subnets, you're living in the past. It's been legal since 1995 (see RFC 1812 and RFC 1878 for details).


Part 3: Let's say that an organization needing about 500 addresses is given two class C's. If whoever hands out the addressing is clever enough to give them two consecutive networks that start on a multiple of two in the third octet (say 200.201.202.0/24 and 200.201.203.0/24), then that address space could be advertised to the rest of the Internet as 200.201.202.0/23 (since the two class C's have the first 23 bits in common). If an ISP owns all of the 200.201.x.0 networks, why should it advertise all of them seperately? Instead, it could simply advertise 200.201.0.0/16 (anything with the first 16 bits in common with 200.201.x.0, which would be 200.201.0.0/24 through 200.201.255.0/24), and thereby reduce the size of the routing tables on the routers to which the routes are advertised. If all of the ISP's did that, it would have a dramatic impact on the size of the Internet core routing tables ... and so they do!

The summary route 200.201.202.0/23 is called a "CIDR block" (or a "supernet"), and this is commonly done when advertising class C networks (although it can be done with B's, or even A's). For example, the CIDR block 200.201.64.0/19 contains the class C networks 200.201.64.0/24 through 200.201.95.0/24. This is 32 of them, which makes sense, because the mask has been moved 5 bits to the left (from the default for a class C of "/24"), and 2 to the 5th power is 32. ISPs generally don't advertise anything smaller than a "/19" block to one another. That is, they don't advertise individual class C's, they advertise blocks of at least 32 of them (and often bigger blocks than that). Because we are dealing with binary, the block size is always a power of two (i.e., 32, 64, 128, or 256 class C's, when using summary masks of /19, /18, /17 or /16, respectively). Note that for this to work, the ISP has to own all of the class C networks in that block, and for that reason address space is now handed out geographically (in other word, there is a geographic hierarchy to the Internet).


An interesting effect occurs when CIDR is used to aggregate blocks of classful networks. Suppose that an organization is given networks 200.201.202.0/24 and 200.201.203.0/24. They could treat them as two separate networks (or even subnet them). If they chose not to subnet them, the usable range of host addresses would be 200.201.202.1-200.201.202.254 (254 addresses) and 200.201.203.1-200.201.203.254 (another 254 addresses), for a total of 508 usable host addresses. If, however, the organization combines the two networks, and treats it as 200.201.202.0/23, the usable range of host addresses is 200.201.202.1-200.201.203.254, which includes the addresses 200.201.202.255/23 and 200.201.203.0/23. This is 510 usable host addresses (which is what we would expect given nine host bits), and the net result is that they gain two host addresses. Granted that most organizations would not want a "subnet" that supports 500+ hosts, but if they needed it, they could do it, and gain those two host addresses in the process. Amazing, eh?


That's CIDR in a nutshell: hand out pieces of classful networks (to avoid wasting addresses), and advertise blocks of networks (to reduce the size of routing tables). What it means operationally is that routers don't generally care about the "class" of an address, they only care about the number of bits specified by the mask. The part the router cares about is referred to as the "prefix", from which we get the term "prefix routing", which means to look for the best (longest) match (most bits in common).

CAN YOU DIG IT?

Consult RFC 1519 for additional details.


Return to the top of this Exercise!

Return to the directory of Goodies!


Copyright © 2005 Alchemy, Inc. All rights reserved.