CIDR (Classless Inter-Domain Routing) -- also known as supernetting -- is a method of assigning Internet Protocol (IP) addresses that improves the efficiency of address distribution and replaces the previous system based on Class A, Class B and Class C networks. The initial goal of CIDR was to slow the increase of routing tables on routers across the internet and decrease the rapid exhaustion of IPv4 addresses. As a result, the number of available internet addresses has greatly increased.
The original classful network design of the internet included inefficiencies that drained the pool of unassigned IPv4 addresses faster than necessary. The classful design included the following:
- Class A, with over 16 million identifiers
- Class B, with 65,535 identifiers
- Class C, with 254 host identifiers
If an organization needed more than 254 host machines, it would be switched into Class B. However, this could potentially waste over 60,000 hosts if the business didn't need to use them, thus unnecessarily decreasing the availability of IPv4 addresses. CIDR was introduced by the Internet Engineering Task Force (IETF) in 1993 to fix this problem.
CIDR is based on variable-length subnet masking (VLSM), which enables network engineers to divide an IP address space into a hierarchy of subnets of different sizes, making it possible to create subnetworks with different host counts without wasting large numbers of addresses.
CIDR addresses are made up of two sets of numbers: a prefix, which is the binary representation of the network address -- similar to what would be seen in a normal IP address -- and a suffix, which declares the total number of bits in the entire address. For example, CIDR notation may look like: 192.168.129.23/17 -- with 17 being the number of bits in the address. IPv4 addresses allow a maximum of 32 bits.
The same CIDR notation can be applied to IPv6 addresses. The only difference would be that IPv6 addresses can contain up to 128 bits.
CIDR blocks are groups of addresses that share the same prefix and contain the same number of bits. The combination of multiple connecting CIDR blocks into a larger whole, sharing a common network prefix, is what constitutes supernetting.
The size of CIDR blocks can be determined by the length of the prefix. A short prefix allows for more addresses -- and, therefore, forms a bigger block -- while a longer prefix indicates less addresses and a smaller block.
Blocks are initially handled by the Internet Assigned Numbers Authority (IANA). IANA is responsible for distributing large blocks of IP addresses to Regional Internet Registries (RIRs). These blocks are used for large geographical areas, such as North America, Africa and Europe.
Once an RIR receives its block, it must create smaller blocks to assign to Local Internet Registries (LIRs). Blocks may continue to be divided further until they reach the end user. The size of the block assigned to an end user is dependent on the number of individual addresses that the user will require.
Most end users are assigned blocks by their internet service provider; however, organizations that use multiple ISPs must receive provider-independent blocks directly from an RIR or LIR.
IP sets aside some addresses for specific purposes. For example, several ranges -- such as the Class B 192.168.0.0 -- are set aside as nonroutable and are used to define a private network. Most home broadband routers will assign addresses from the 192.168 network for systems inside the home. IP also doesn't allow host identifiers of all zeros and reserves the all-ones identifier to serve as a broadcast address -- packets sent to that address will go to all hosts on the network.
Originally, IP addresses were assigned in four major address classes: A through C. Each class allocated one portion of a 32-bit IP address to identify the gateway router for that network -- the first 8 bits for Class A, the first 16 for Class B, the first 24 for Class C. Bits not used for the network identifier were available for specifying host identifiers for systems on that network.
It helps to think of the binary representation of the network addresses. For IPv4, the 32-bit address is broken into four groups of 8 bits each -- called a dotted quad of numbers. A dotted quad would look like this in decimal form, 192.168.0.0, and like this in binary form, 11000000.10101000.00000000.00000000.
An IP address can be parsed into its network identifier and host identifier by applying a network mask to the address -- another dot address, with ones wherever a bit is used to indicate the network portion of the address. For example, a classic Class B would be written as 255.255.0.0.
If a network is further broken up into subnets, we speak of the subnet mask, which just adds bits to the network mask. If we break 192.168.0.0 into two subnets, the subnet mask gets one bit longer and could be indicated with 255.255.128.0.
CIDR notation compactly indicates the network mask for an address and adds on the total number of bits in the entire address using slash notation. For example, 192.168.129.23/17 indicates a 17-bit network mask. Internet users can refer to a /17 network to indicate the network's size without specifying an actual network mask.
How does CIDR work?
Routers using CIDR use a destination address to route a packet toward a gateway, which can then take care of further unpacking the address based on its understanding of the details of the supernetwork -- also called the supernet. If a router knows routes for different parts of the same supernet, then it will use the most specific one -- or the one with the longest network address.
In IPv6, a CIDR block always gets 64 bits for specifying network addresses.
Advantages of CIDR
CIDR reduced the problem of wasted IPv4 address space without causing an explosion in the number of entries in a routing table. CIDR also lets one routing table entry for a supernet represent an aggregation of networks -- about which only a router closer to the destination actually needs to know the details.
CIDR is now the routing system on the internet's backbone network, and every ISP uses it. It is supported by the Border Gateway Protocol (BGP), the prevailing exterior (interdomain) gateway protocol and the Open Shortest Path First (OSPF) gateway protocol.
When to use supernetting
An organization or service provider managing addressing for a large number of hosts or networks should use supernetting -- possibly in combination with network address translation (NAT) -- to partition out addresses and optimize traffic efficiency.
For example, the supernetting process might want to break an internal network into subnets for administrative purposes so each office could manage its own address space. Or it might need to cobble together address space from multiple CIDR blocks of different sizes from its ISP.
Consider an ISP providing services to homes. It might create a /31 network for every home, each having only one assignable host identifier. It might create a /16 supernet of all the addresses, broken out further into regional /24 supernets. Routers outside the ISP infrastructure use /16 to send packets in; the ISP uses the /24s to push packets toward the appropriate regional routers, which use the /31s to reach the home networks.