CIDR Block

What is a CIDR Block?

A CIDR block is an IP address range specified using Classless Inter-Domain Routing (CIDR) notation. It's written as a standard IPv4 address followed by a slash and a number, such as 192.168.0.0/24 or 10.0.0.0/16. The number after the slash indicates how many bits of the address serve as the network prefix, which determines the range of IP addresses included in that block.

CIDR notation replaced older, less flexible methods of IP allocation and provides a compact way to describe both an IP address and the network it belongs to. Instead of requiring separate IP address and subnet mask notations, CIDR combines both pieces of information into a single line.

Why CIDR Blocks Exist

CIDR blocks solve the problem of inefficient IP address allocation. Before CIDR, IP addresses were divided into fixed classes (Class A, B, C) that wasted addresses when organizations needed something between the standard sizes. If a company needed 200 addresses, they still had to allocate an entire Class B block containing 65,000+ addresses.

CIDR introduced variable-length subnet masking (VLSM), which allows organizations to allocate exactly the number of IP addresses they need. This prevents unnecessary waste and slows the exhaustion of the finite IPv4 address space. In modern cloud environments, CIDR blocks enable precise network segmentation and multi-tenant infrastructure.

What Do CIDR Blocks Actually Do?

• Define network ranges: Specify which IP addresses belong to a particular network or subnet
• Control host capacity: The slash number determines how many usable IP addresses exist in the block (larger numbers = fewer addresses, smaller numbers = more addresses)
• Enable subnetting: Allow large networks to be divided into smaller, manageable subnets for organization and security
• Restrict access: Form the basis for firewall rules and security group configurations that allow or deny traffic between networks
• Allocate addresses efficiently: Provide only the number of addresses needed, without over-allocation
• Support routing: Tell routers which traffic to send to which network path

When Would I Use a CIDR Block?

You use CIDR blocks whenever you set up cloud infrastructure. When you create a Virtual Private Cloud (VPC), you must specify a CIDR block to define the address range for that entire cloud environment. When you create subnets within that VPC, each subnet gets its own smaller CIDR block.

You also use CIDR blocks to configure security rules. When setting up firewall rules or security groups, you specify source and destination CIDR blocks to indicate which IP ranges are allowed to communicate with your resources. For example, you might allow traffic from 203.0.113.0/24 (your office network) to your web servers while blocking all other ranges.

Network architects use CIDR blocks to plan infrastructure scaling. If you're building a multi-region cloud deployment, you'd assign different CIDR blocks to each region to avoid IP address conflicts and enable efficient routing between locations.

When Would I NOT Use a CIDR Block?

CIDR blocks don't apply to non-routable networks or isolated systems that don't need to communicate across networks. If you're running a single server with no network connectivity requirements, you don't need CIDR planning.

CIDR notation also becomes overly complex if your infrastructure doesn't require security segmentation or subnetting. However, this is rare in production cloud environments. Additionally, CIDR only works for IPv4 and IPv6 addresses—it doesn't apply to other addressing schemes.

You should avoid over-allocating CIDR blocks. If you assign a /16 block (65,534 usable addresses) to a subnet that only needs 50 addresses, you're wasting addresses that could serve other subnets or regions. Proper CIDR planning requires balancing current needs against future growth.

Real-World Example

Company A is building a multi-tier application in the cloud. They create a VPC with the CIDR block 10.0.0.0/16, providing 65,534 usable IP addresses. Within this VPC, they create three subnets:

• Web tier: 10.0.1.0/24 (254 usable addresses for web servers)
• Application tier: 10.0.2.0/24 (254 usable addresses for app servers)
• Database tier: 10.0.3.0/24 (254 usable addresses for databases)

They configure security groups so web servers accept traffic from 0.0.0.0/0 (anywhere on the internet), app servers accept traffic only from 10.0.1.0/24 (the web tier), and database servers accept traffic only from 10.0.2.0/24 (the app tier). This CIDR-based segmentation ensures traffic flows only where it's needed and prevents lateral movement if one tier is compromised.

Frequently Asked Questions

Q: What does the number after the slash mean in CIDR notation? A: The number indicates how many bits of the IP address form the network prefix. A /24 means the first 24 bits identify the network, leaving 8 bits for individual host addresses. Higher numbers create smaller networks; lower numbers create larger networks.

Q: How many IP addresses are in a specific CIDR block? A: Subtract the CIDR number from 32 to get the host bits, then calculate 2 to that power. A /24 has 2^(32-24) = 256 total addresses, minus 2 reserved addresses (network and broadcast), leaving 254 usable addresses.

Q: Can CIDR blocks overlap in my network? A: Within a single VPC or network, overlapping CIDR blocks cause routing conflicts and won't work. However, different VPCs or disconnected networks can use the same CIDR blocks. If you connect networks via VPN or peering, blocks must not overlap.

Q: Why can't I use the very first and last IP in a CIDR block? A: In traditional subnetting, the first address is reserved as the network address and the last is the broadcast address. However, cloud providers like AWS allow you to use all available addresses in CIDR blocks, reserving only the first few for infrastructure.

Q: What's the difference between a CIDR block and a subnet? A: A CIDR block is the notation describing an IP range. A subnet is an actual network resource you create within a VPC that uses a CIDR block. The CIDR block is the notation; the subnet is the network object that uses that notation.

Summary

• A CIDR block specifies a range of IP addresses using CIDR notation (e.g., 192.168.0.0/24)
• The number after the slash indicates how many bits form the network prefix, determining the block's size
• CIDR blocks enable efficient IP allocation, replacing older class-based systems that wasted addresses
• You use CIDR blocks to define VPCs, create subnets, and configure security rules in cloud environments
• Proper CIDR planning prevents IP conflicts, supports scaling, and enables network segmentation

Related Terms

• Virtual Private Cloud (VPC): A logically isolated network environment in the cloud where you assign a CIDR block to define all available addresses within that cloud space
• Subnet: A smaller network created within a VPC using its own CIDR block, such as 10.0.1.0/24 within the larger 10.0.0.0/16 VPC
• IP Address: A numerical label assigned to each device on a network; CIDR blocks define ranges of these addresses
• Network Segmentation: The practice of dividing a network into smaller sections using CIDR blocks to improve security and organization
• Security Group: A cloud firewall that uses CIDR blocks to specify which source networks are allowed to access your resources