Classless Inter-Domain Routing (CIDR)#
Previously the Internet's IP address spaces were divided into classes: A, B, C, and D. These were predefined blocks of addresses that had specific use cases. We don't use that system anymore.
On the previous page, "Public vs Private IPs", in the list of IP address space ranges, you can see a /8 at the end of 10.0.0.0. This is called a CIDR range and what it defines is the size of the network. It's called a "subnet mask" and what it means is: take a larger network and split it up into a smaller one.
The subnet mask tells the router which part of the IP address is assigned to the hosts and which part determines the network itself. Let's run over an example.
Above, we have the private IP range of 192.168.0.0/16. In the table you can also see we have 65,536 IP addresses. That means that you can, technically speaking, have 65,536 computers connected to that network, all able to talk to each other. If you wanted to use this network range inside of your small business, that many IP addresses would be too many for one, big, massive subnet.
Instead we can split it up into smaller subnets. There's a lot of math involved with splitting up subnets. We're going to avoid that. Instead we're going to look at common network sizes and use a simple rule for splitting them up.
So we have 192.168.0.0/16 with its 65,536 IPv4 addresses. What we can do with this is also divide it up into smaller networks, too. How many networks? Well that depends on what we need. In our small business of 300 employees, we have several departments:
- Sales
- Marketing
- Customer Service
- Warehouse
- Management
- Servers
- Printers
Let's divide our network up to give each department a range of IP addresses they can assign to systems on the network.
Now we could talk about the math behind CIDR ranges, but instead we're going to look at tables and simply accept how things work for the time being. Trust me, the math behind it is a bit mind bending so it's worth avoiding for now.
If we know the entire company has 300 employees, then we know that 256 IP addresses per network is more than enough for a department. It gives enough addresses today and it grow in the future too. There's a very common subnet mask (CIDR) that you'll see a lot that gives us exactly 256 IP address: /24.
If we know we can use a /24 network size, then how many (sub-)networks can be created with a /16 if they're all /24 in size? 256. We only need seven so that means we have a lot of room for growth or we're wasting IP addresses.
So let's create our /24 networks. Look at this table:
| IP | CIDR | Hosts |
|---|---|---|
192.168.0.0 | /16 | 65,536 |
192.168.0.0 | /17 | 32,768 |
192.168.0.0 | /18 | 16,384 |
192.168.0.0 | /19 | 8,192 |
192.168.0.0 | /20 | 4,096 |
192.168.0.0 | /21 | 2,048 |
192.168.0.0 | /22 | 1,024 |
192.168.0.0 | /23 | 512 |
192.168.0.0 | /24 | 256 |
192.168.0.0 | /25 | 128 |
192.168.0.0 | /26 | 64 |
192.168.0.0 | /27 | 32 |
192.168.0.0 | /28 | 16 |
192.168.0.0 | /29 | 8 |
192.168.0.0 | /30 | 4 |
192.168.0.0 | /31 | 2 |
192.168.0.0 | /32 | 1 |
Notice how the /16 gives us 65,536 IPs and the /17 gives us 32,768? That's actually half. That's because every time you increase the CIDR range number by one the size of the network halves. If you decrease it, it doubles. That one simple rule and that table above are (almost) everything you really need to know at this point in time.
So let's continue to build our network(s) for our small business, using the table above and making a new one, below:
| Department | IP | CIDR | IPs |
|---|---|---|---|
| Sales | 192.168.1.0 | /24 | 256 |
| Marketing | 192.168.2.0 | /24 | 256 |
| Customer Service | 192.168.3.0 | /24 | 256 |
| Warehouse | 192.168.4.0 | /24 | 256 |
| Management | 192.168.5.0 | /24 | 256 |
| Servers | 192.168.6.0 | /24 | 256 |
| Printers | 192.168.7.0 | /24 | 256 |
So we've taken a /16 network and divided some of it into seven new subnets, each with 256 IP addresses. However, two of the IP addresses cannot be used for hosts (computers, phones, etc.) because they're used for two other concepts we don't really need to go into detail on at the moment: the network address (usually .1) and the broadcast address (the last IP in the address range.) So a /24 actually gets us 254 usable IPs. Always keep this in mind when working out subnet sizes.
But what if even 254 IP addresses is too many? if we assume every department has an equal number of people in it, then 300 divided by 5 departments is 60 people per department. Do we really need 254 IP addresses per department? Let's make those networks a bit smaller.
Going back to our /16 we know we can create 256 subnets if they're all /24 in size. But if we look at the table of CIDR ranges we can see a /25 gives us 126 (usable) addresses and we have 60 people per department. That's room for growth, for sure. However, we forget that everyone has a phone! And each phone is connected to the network and needs an IP. Whoops.
So that's 60 people per department plus 60 phones. Now IP phones can do smart things to reduce the amount of IP usage, but we're going to ignore that and assume that we actually need 120 IP addresses. So now that /25 is looking a little tight at only 126 IPs. Let's keep our /24 but instead bring our attention to our servers and printers.
If we pretend we have 30 servers and 10 printers in the whole business, why does the subnet that the servers are going to use need 254 IPs? Let's instead give the servers a new subnet of /26 because that gives us 62 IP addresses to work with. And we can give our printers a /27 for 30 IP addresses (which may even be too much still.) Our table now looks like this:
| Department | IP | CIDR | (Usable) IPs | Range |
|---|---|---|---|---|
| Sales | 192.168.1.0 | /24 | 254 | 192.168.1.1 - 192.168.1.254 |
| Marketing | 192.168.2.0 | /24 | 254 | 192.168.2.1 - 192.168.2.254 |
| Customer Service | 192.168.3.0 | /24 | 254 | 192.168.3.1 - 192.168.3.254 |
| Warehouse | 192.168.4.0 | /24 | 254 | 192.168.4.1 - 192.168.4.254 |
| Management | 192.168.5.0 | /24 | 254 | 192.168.5.1 - 192.168.5.254 |
| Servers | 192.168.6.0 | /26 | 62 | 192.168.6.1 - 192.168.6.62 |
| Printers | 192.168.6.64 | /27 | 30 | 192.168.6.65 - 192.168.6.94 |
Now this is interesting. Look at the subnets for the servers and the printers: they're both 192.168.6. That's because what we've basically done is taken a /24 and split it up into smaller networks. Here's a visual representation of this:
Look at the right of the table, under the "Join" column. You can see how we have a /25 and it's been broken down into two /26s. Then one of the /26s is broken down into two /27s, one of which we're assigned to our printers. We've assigned the top /26 to our servers. This means we have a /27 spare for future use, not to mention all the other /25s and /24s, and more, we can divide our /16 into.
That visual was generated using this tool: https://www.davidc.net/sites/default/subnets/subnets.html. It's absolutely fantastic and I return to it often when thinking about subnets. In fact here's a small little project for you:
- Use the "Network Address" field at the top and key in
192.168.0.0 - Under "Mask bits" key in
16and click "Update" (press "OK" to the alert that pops up) - In the table, under "Join", click "Divide"... what happens?
Play around with the "Divide" function to split up larger networks into smaller ones. You can "merge" networks back together by clicking on the /number in the boxes to the right of the "Divide" link. Here's a GIF demonstrating this:
At this point in time, I highly recommend you stop reading and go for a walk. Maybe even return tomorrow, because that was a lot to take in.