IP Addressing & CIDR Subnetting Basics

For computer nodes to transmit data across a global network, every device must be assigned a unique numeric address. In the early days of the internet, these addresses were distributed in coarse blocks, leading to massive waste. Classless Inter-Domain Routing (CIDR) was introduced to solve this allocation problem.

IP Addressing & CIDR Subnetting are the foundational protocols used to divide networks into smaller, isolated, and manageable blocks. By parsing address strings into binary segments, network interfaces separate the destination network path from the individual host endpoint, determining whether packet data can be routed locally or must be forwarded through public gateways.

IP Addressing and Subnetting are like telephone routing systems:

• An IP Address is like a full phone number: +1-555-867-5309.
• The Subnet Mask is the rule that tells the exchange how to read the number. It separates the area code from the local line.
• Classful Routing is like a system that says: "All numbers starting with 555 belong to a single huge office building containing 10,000 desks." If that office building only has 5 employees, the remaining 9,995 phone numbers are locked up and wasted.
• CIDR Notation (such as /24) is like saying: "The first 7 digits (555-867) are the area exchange (Network ID), and only the last 2 digits (5309) are the internal extension (Host ID)." This creates a smaller group of 100 possible extensions, preventing number exhaustion and allowing other departments to use adjacent blocks.

Two versions of the Internet Protocol coexist today:

IPv4 (Internet Protocol Version 4)

• Size: 32-bit binary integer.
• Format: Expressed in dotted-decimal format, divided into four 8-bit octets (e.g. 192.168.1.1).
• Address Space: 2³² (roughly 4.3 billion addresses). Because of this small limit, IPv4 addresses are exhausted.

IPv6 (Internet Protocol Version 6)

• Size: 128-bit binary integer.
• Format: Expressed in hexadecimal digits divided into eight 16-bit blocks separated by colons (e.g. 2001:db8:85a3::8a2e:370:7334).
• Address Space: 2¹²⁸ (an virtually infinite number of addresses), removing the need for address sharing hacks.

An IP address alone does not define the size of the network it belongs to. To determine boundaries, network cards use a secondary 32-bit mask: the Subnet Mask. The mask consists of contiguous binary 1s followed by contiguous 0s. The 1s represent the Network ID, and the 0s represent the Host ID.

• Standard Mask: 255.255.255.0 in binary is 11111111.11111111.11111111.00000000.
• CIDR Notation: To simplify, CIDR represents the number of contiguous 1 bits as a trailing slash count. For example, 255.255.255.0 is written as /24.
• Variable Subnetting: A /26 prefix indicates that the first 26 bits are dedicated to the network, leaving 6 bits (32 - 26 = 6) for host assignments within that local network.

When a server sends a packet to IP 192.168.1.85 on a /26 subnet, it runs bitwise operations to find the boundaries:

1. Network Address Calculation (Bitwise AND)

The interface runs a bitwise AND between the IP address and the Subnet Mask.

  192.168.1.85: 11000000.10101000.00000001.01010101
  Mask (/26)  : 11111111.11111111.11111111.11000000
  -------------------------------------------------
  Network ID  : 11000000.10101000.00000001.01000000 -> 192.168.1.64

This is the identifier of the network itself.

2. Broadcast Address Calculation (Bitwise OR NOT)

The broadcast address (used to send packets to all hosts in the subnet) is found by setting all host bits (the last 6 bits) to 1.

  Network ID  : 11000000.10101000.00000001.01000000
  Host Bit Fill: 00000000.00000000.00000000.00111111
  -------------------------------------------------
  Broadcast ID: 11000000.10101000.00000001.01111111 -> 192.168.1.127

3. Usable Host Range

The first and last addresses of any block are reserved: the Network Address (.64) and the Broadcast Address (.127). Thus, the usable host addresses in this subnet range from 192.168.1.65 to 192.168.1.126, leaving 62 usable addresses (2⁶ - 2 = 62).

Cloud engineers use CIDR to divide a Virtual Private Cloud (VPC) block into isolated subnets.

For example, if a company is allocated 10.0.0.0/16 (65,536 addresses), they can partition it into smaller /24 subnets (256 addresses each):

• 10.0.1.0/24: Dev public web subnet.
• 10.0.2.0/24: Production public web subnet.
• 10.0.100.0/24: Private database subnet (isolated from direct internet routing).

To prevent global IPv4 address exhaustion, certain IP ranges are designated as private spaces under RFC 1918:

• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

Routers on the public internet are programmed to discard packets heading to these private networks. For internal servers to reach the public internet, they must route traffic through a Network Address Translation (NAT) gateway. The NAT gateway replaces the private source IP in the packet header with its own public IP, forwards the request, and returns responses back to the internal host.

• RFC 4632: Classless Inter-domain Routing (CIDR) — The official Internet standards specification defining CIDR architecture.
• RFC 1918: Address Allocation for Private Internets — The standard defining private IP networks and routing boundaries.
• TCP/IP Illustrated, Volume 1 — W. Richard Stevens' textbook on internet protocols, addressing, and routing behaviors.