CIDR Notation Explained — What /24, /16, /8 Mean in IP Addresses

CIDR stands for Classless Inter-Domain Routing. The notation 192.168.1.0/24 means: an IP address (192.168.1.0) paired with a prefix length (/24). The prefix length tells you how many bits of the IP address are fixed (the network portion) and how many bits are variable (the host portion).

Use the Subnet Calculator to calculate CIDR ranges, subnet masks, and host counts from any CIDR block.

Reading CIDR notation

An IPv4 address is 32 bits. CIDR’s /n specifies that the first n bits identify the network.

192.168.1.0/24

Binary:  11000000.10101000.00000001.00000000
         │←──────── 24 bits ────────→│←8 bits→│
         Network portion               Host portion

The remaining 32 - n bits are available for hosts:

• /24 → 8 host bits → 2⁸ = 256 addresses (254 usable)
• /16 → 16 host bits → 2¹⁶ = 65,536 addresses
• /8 → 24 host bits → 2²⁴ = 16,777,216 addresses

Two addresses per block are reserved: the network address (all host bits 0) and the broadcast address (all host bits 1), so usable hosts = 2^(32-prefix) − 2.

Common CIDR blocks

CIDR	Subnet mask	Total IPs	Usable hosts	Use case
/32	255.255.255.255	1	1	Single host route
/31	255.255.255.254	2	2	Point-to-point links
/30	255.255.255.252	4	2	Point-to-point with broadcast
/29	255.255.255.248	8	6	Small network
/28	255.255.255.240	16	14	Small LAN
/27	255.255.255.224	32	30	Small office
/26	255.255.255.192	64	62	Medium network
/25	255.255.255.128	128	126	Half a class C
/24	255.255.255.0	256	254	Standard LAN (old class C)
/23	255.255.254.0	512	510	Two class C blocks
/22	255.255.252.0	1,024	1,022	Small campus
/20	255.255.240.0	4,096	4,094	Medium campus
/16	255.255.0.0	65,536	65,534	Large network (old class B)
/8	255.0.0.0	16,777,216	16,777,214	Entire class A block

Calculating the address range from CIDR

Given 192.168.5.0/22:

1. Find the subnet mask: /22 → first 22 bits are 1s 11111111.11111111.11111100.00000000 = 255.255.252.0

2. Find the network address: AND the IP with the subnet mask

   192.168.5.0   = 11000000.10101000.00000101.00000000
   255.255.252.0 = 11111111.11111111.11111100.00000000
   AND result    = 11000000.10101000.00000100.00000000
                 = 192.168.4.0

   Network address: 192.168.4.0

3. Find the broadcast address: OR the network address with the inverted mask

   Inverted mask = 00000000.00000000.00000011.11111111
   Network       = 11000000.10101000.00000100.00000000
   OR result     = 11000000.10101000.00000111.11111111
                 = 192.168.7.255

   Broadcast: 192.168.7.255

4. Usable range: 192.168.4.1 to 192.168.7.254 (1,022 hosts)

CIDR and cloud networking

CIDR blocks are fundamental to cloud network architecture.

AWS VPC

VPC: 10.0.0.0/16      (65,536 IPs — the whole space)
  Subnet A: 10.0.1.0/24  (256 IPs — one AZ, public)
  Subnet B: 10.0.2.0/24  (256 IPs — one AZ, private)
  Subnet C: 10.0.3.0/24  (256 IPs — another AZ, private)

AWS recommends /16 for VPCs (large enough to never run out). Subnets within a VPC are typically /24 (256 IPs) or /22 (1,024 IPs) depending on service density.

Security group rules

Security groups use CIDR for source/destination IP ranges:

• 0.0.0.0/0 — allow all IPv4 (used for public-facing ports like 443)
• 10.0.0.0/8 — allow all RFC 1918 private addresses
• 10.0.1.0/24 — allow only a specific subnet
• 192.168.5.32/32 — allow only a single IP

/0 means “no bits fixed” — the wildcard that matches any address. 0.0.0.0/0 in a rule means “from anywhere.”

Supernetting and route aggregation

CIDR allows aggregating multiple smaller blocks into one routing entry. This is the “classless” in CIDR — the original class A/B/C system wasted massive address space.

Example: An ISP assigns 203.0.113.0/24 to four customers as /26 blocks:

Customer 1: 203.0.113.0/26   (0–63)
Customer 2: 203.0.113.64/26  (64–127)
Customer 3: 203.0.113.128/26 (128–191)
Customer 4: 203.0.113.192/26 (192–255)

The ISP’s upstream router only needs one route: 203.0.113.0/24. The ISP aggregates all four /26 customers into a single /24 announcement.

IPv6 CIDR

IPv6 addresses are 128 bits. CIDR notation works identically, but prefix lengths are much larger:

• /128 — single IPv6 host (equivalent to IPv4 /32)
• /64 — standard subnet size for IPv6 (2⁶⁴ addresses)
• /48 — typical allocation to an organization
• /32 — typical ISP allocation

2001:db8::/32       — Documentation range
2001:db8:1::/48     — Single site
2001:db8:1:1::/64   — Single subnet

The /64 prefix is standard for IPv6 subnets because SLAAC (Stateless Address Autoconfiguration) requires a /64 to function. You never use IPv6 subnets smaller than /64 in practice.

Quick calculation reference

To find the number of addresses in a CIDR block:

addresses = 2^(32 - prefix_length)    // IPv4
addresses = 2^(128 - prefix_length)   // IPv6

To find which /24 block an IP belongs to:

import ipaddress
ip = ipaddress.ip_address('192.168.5.42')
network = ipaddress.ip_network('192.168.5.0/24')
print(ip in network)  # True

The Subnet Calculator handles all CIDR calculations: given any IP and prefix, it shows the network address, broadcast address, usable range, and host count.

Related tools

• Subnet Calculator — calculate CIDR ranges and subnet information
• Subnetting Guide — how to divide networks with CIDR
• Private IP Address Ranges — RFC 1918 addresses and their uses