Classless Inter-Domain Routing

Each IP address consists of a network prefix followed by a host identifier. In the classful network architecture of IPv4, the three most significant bits of the 32-bit IP address defined the size of the network prefix for unicast networking, and determined the network class A, B, or C.^[3]

The advantage of this system is that the network prefix could be determined for any IP address without any further information. The disadvantage is that networks were usually too big or too small for most organizations to use, because only three sizes were available. The smallest allocation and routing block contained 2⁸ = 256 addresses, larger than necessary for personal or department networks, but too small for most enterprises. The next larger block contained 2¹⁶ = 65536 addresses, too large to be used efficiently even by large organizations. But for network users who needed more than 65536 addresses, the only other size (2²⁴) provided far too many, more than 16 million. This led to inefficiencies in address use as well as inefficiencies in routing, because it required a large number of allocated class-C networks with individual route announcements, being geographically dispersed with little opportunity for route aggregation.

Within a decade after the invention of the Domain Name System (DNS), the classful network method was found not scalable.^[4] This led to the development of subnetting and CIDR. The formerly meaningful class distinctions based on the most-significant address bits were abandoned and the new system was described as "classless", in contrast to the old system, which became known as "classful". Routing protocols were revised to carry not just IP addresses, but also their subnet masks. Implementing CIDR required every host and router on the Internet to be reprogrammed in small ways—no small feat at a time when the Internet was entering a period of rapid growth. In 1993, the Internet Engineering Task Force published a new set of standards, RFC 1518 and RFC 1519, to define this new principle for allocating IP address blocks and routing IPv4 packets. An updated version, RFC 4632, was published in 2006.^[5]

After a period of experimentation with various alternatives, Classless Inter-Domain Routing was based on variable-length subnet masking (VLSM), which allows each network to be divided into subnetworks of various power-of-two sizes, so that each subnetwork can be sized appropriately for local needs. Variable-length subnet masks were mentioned as one alternative in RFC 950.^[6] Techniques for grouping addresses for common operations were based on the concept of cluster addressing, first proposed by Carl-Herbert Rokitansky.^[7][8]

CIDR notation is a compact representation of an IP address and its associated network mask. The notation was invented by Phil Karn in the 1980s.^[9][10] CIDR notation specifies an IP address, a slash character ⟨/⟩, and a decimal number. The decimal number is the count of consecutive leading 1 bits (from left to right) in the network mask. Each 1 bit denotes a bit of the address range which must remain identical to the given IP address. The IP address in CIDR notation is always represented according to the standards for IPv4 or IPv6.

The address may denote a specific interface address (including a host identifier, such as 10.0.0.1/8), or it may be the beginning address of an entire network (using a host identifier of 0, as in 10.0.0.0/8 or its equivalent 10/8). CIDR notation can even be used with no IP address at all, e.g. when referring to a /24 as a generic description of an IPv4 network that has a 24-bit prefix and 8-bit host numbers.

For example:

• 198.51.100.14/24 represents the IPv4 address 198.51.100.14 and its associated network prefix 198.51.100.0, or equivalently, its subnet mask 255.255.255.0, which has 24 leading 1 bits.
• the IPv4 block 198.51.100.0/22 represents the 1024 IPv4 addresses from 198.51.100.0 to 198.51.103.255.
• the IPv6 block 2001:db8::/48 represents the block of IPv6 addresses from 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.
• ::1/128 represents the IPv6 loopback address. Its prefix length is 128 which is the number of bits in the address.

In IPv4, CIDR notation came into wide use only after the implementation of the method, which was documented using dotted-decimal subnet mask specification after the slash, for example, 192.24.12.0/255.255.252.0.^[2] Describing the network prefix width as a single number (192.24.12.0/22) was easier for network administrators to conceptualize and to calculate. It became gradually incorporated into later standards documents^[11][12] and into network configuration interfaces.

The number of addresses of a network may be calculated as 2^{address length − prefix length}, where "address length" is 128 for IPv6 and 32 for IPv4. For example, in IPv4, the prefix length /29 gives: 2³²⁻²⁹ = 2³ = 8 addresses.

A subnet mask is a bitmask that encodes the prefix length associated with an IPv4 address or network in quad-dotted notation: 32 bits, starting with a number of ones equal to the prefix length, ending with zeros, and encoded in four-part dotted-decimal format: 255.255.255.0. A subnet mask encodes the same information as a prefix length but predates the advent of CIDR. In CIDR notation, the prefix bits are always contiguous. Subnet masks were allowed by RFC 950^[6] to specify non-contiguous bits until RFC 4632^{[5]: Section 5.1} stated that the mask must consist of only contiguous ones, if any, in the more significant bits and contiguous zeroes, if any, in the less significant bits. Given this constraint, a subnet mask and CIDR notation serve exactly the same function.

CIDR is principally a bitwise, prefix-based standard for the representation of IP addresses and their routing properties. It facilitates routing by allowing blocks of addresses to be grouped into single routing table entries. These groups, commonly called CIDR blocks, share an initial sequence of bits in the binary representation of their IP addresses. IPv4 CIDR blocks are identified using a syntax similar to that of IPv4 addresses: a dotted-decimal address, followed by a slash, then a number from 0 to 32, i.e., a.b.c.d/n. The dotted-decimal portion is the IPv4 address. The number following the slash is the prefix length, the number of shared initial bits, counting from the most-significant bit of the address. When emphasizing only the size of a network, the address portion of the notation is usually omitted. Thus, a /20 block is a CIDR block with an unspecified 20-bit prefix.

An IP address is part of a CIDR block and is said to match the CIDR prefix if the initial n bits of the address and the CIDR prefix are the same. An IPv4 address is 32 bits so an n-bit CIDR prefix leaves 32−n bits unmatched, meaning that 2³²⁻ⁿ IPv4 addresses match a given n-bit CIDR prefix. Shorter CIDR prefixes match more addresses, while longer prefixes match fewer. In the case of overlaid CIDR blocks, an address can match multiple CIDR prefixes of different lengths.

CIDR is also used for IPv6 addresses and the syntax semantic is identical. The prefix length can range from 0 to 128, due to the larger number of bits in the address. However, by convention, a subnet on broadcast MAC layer networks always has 64-bit host identifiers.^[13] Larger prefixes (/127) are only used on some point-to-point links between routers, for security and policy reasons.^[14]

The Internet Assigned Numbers Authority (IANA) issues to regional Internet registries (RIRs) large, short-prefix CIDR blocks. However, a /8 (with over sixteen million addresses) is the largest block IANA will allocate. For example, 62.0.0.0/8 is administered by RIPE NCC, the European RIR. The RIRs, each responsible for a single, large, geographic area, such as Europe or North America, subdivide these blocks and allocate subnets to local Internet registries (LIRs). Similar subdividing may be repeated several times at lower levels of delegation. End-user networks receive subnets sized according to their projected short-term need. Networks served by a single ISP are encouraged by IETF recommendations to obtain IP address space directly from their ISP. Networks served by multiple ISPs, on the other hand, may obtain provider-independent address space directly from the appropriate RIR.

For example, in the late 1990s, the IP address 208.130.29.33 (since reassigned) was used by www.freesoft.org. An analysis of this address identified three CIDR prefixes. 208.128.0.0/11, a large CIDR block containing over 2 million addresses, had been assigned by ARIN (the North American RIR) to MCI. Automation Research Systems (ARS), a Virginia VAR, leased an Internet connection from MCI and was assigned the 208.130.28.0/22 block, capable of addressing just over 1000 devices. ARS used a /24 block for its publicly accessible servers, of which 208.130.29.33 was one. All of these CIDR prefixes would be used, at different locations in the network. Outside MCI's network, the 208.128.0.0/11 prefix would be used to direct to MCI traffic bound not only for 208.130.29.33, but also for any of the roughly two million IP addresses with the same initial 11 bits. Within MCI's network, 208.130.28.0/22 would become visible, directing traffic to the leased line serving ARS. Only within the ARS corporate network would the 208.130.29.0/24 prefix have been used.

In routed subnets larger than /31 or /32, the number of available host addresses is usually reduced by two, namely the largest address, which is reserved as the broadcast address, and the smallest address, which identifies the network itself^[15] and is reserved solely for this purpose.^[16]

In such usage, a /31 network, with one binary digit in the host identifier, is unusable, as such a subnet would provide no available host addresses after this reduction. RFC 3021 creates an exception to the "host all ones" and "host all zeros" rules to make /31 networks usable for point-to-point links. /32 addresses (single-host network) must be accessed by explicit routing rules, as there is no address available for a gateway.

The large address size of IPv6 permitted worldwide route summarization and guaranteed sufficient address pools at each site. The standard subnet size for IPv6 networks is a /64 block, which is required for the operation of stateless address autoconfiguration.^[17] At first, the IETF recommended in RFC 3177 as a best practice that all end sites receive /48 address allocations,^[18] but criticism and reevaluation of actual needs and practices has led to more flexible allocation recommendations in RFC 6177^[19] suggesting a significantly smaller allocation for some sites, such as a /56 block for residential networks.

This IPv6 subnetting reference lists the sizes for IPv6 subnetworks. Different types of network links may require different subnet sizes.^[20] The subnet mask separates the bits of the network identifier prefix from the bits of the interface identifier. Selecting a smaller prefix size results in fewer number of networks covered, but with more addresses within each network.^[21]

2001:0db8:0123:4567:89ab:cdef:1234:5678
|||| |||| |||| |||| |||| |||| |||| ||||
|||| |||| |||| |||| |||| |||| |||| |||128     Single end-points and loopback
|||| |||| |||| |||| |||| |||| |||| |||127   Point-to-point links (inter-router)
|||| |||| |||| |||| |||| |||| |||| ||124
|||| |||| |||| |||| |||| |||| |||| |120
|||| |||| |||| |||| |||| |||| |||| 116
|||| |||| |||| |||| |||| |||| |||112
|||| |||| |||| |||| |||| |||| ||108
|||| |||| |||| |||| |||| |||| |104
|||| |||| |||| |||| |||| |||| 100
|||| |||| |||| |||| |||| |||96
|||| |||| |||| |||| |||| ||92
|||| |||| |||| |||| |||| |88
|||| |||| |||| |||| |||| 84
|||| |||| |||| |||| |||80
|||| |||| |||| |||| ||76
|||| |||| |||| |||| |72
|||| |||| |||| |||| 68
|||| |||| |||| |||64   Single LAN; default prefix size for SLAAC
|||| |||| |||| ||60   Some (very limited) 6rd deployments (/60 = 16 /64 blocks)
|||| |||| |||| |56   Minimal end-site assignment;[19] e.g. home network (/56 = 256 /64 blocks)
|||| |||| |||| 52   /52 block = 4096 /64 blocks
|||| |||| |||48   Typical assignment for larger sites (/48 = 65536 /64 blocks)
|||| |||| ||44
|||| |||| |40
|||| |||| 36   possible future local Internet registry (LIR) extra-small allocations
|||| |||32   LIR minimum allocations
|||| ||28   LIR medium allocations
|||| |24   LIR large allocations
|||| 20   LIR extra large allocations
|||16
||12   Regional Internet registry (RIR) allocations from IANA[22]
|8
4

Topologically, the set of subnets described by CIDR represent a cover of the corresponding address space. The interval described by the notation ${\displaystyle X/n}$ numerically corresponds to addresses of the form ${\displaystyle [x\cdot 2^{32-n},x\cdot 2^{32-n}+2^{32-n}-1]}$ (for IPv4) and ${\displaystyle [x\cdot 2^{128n},x\cdot 2^{128n}+2^{128-n}-1]}$ (for IPv6), where ${\displaystyle X=x\cdot 2^{32-n}}$ and ${\displaystyle X=x\cdot 2^{128-n}}$ has the lower ${\displaystyle n}$ bits set to 0. For a fixed ${\displaystyle n}$, the set of all ${\displaystyle X/n}$ subnets constitute a partition, that is a cover of non-overlapping sets. Increasing ${\displaystyle n}$ yields finer and finer subpartitions. Thus two subnets ${\displaystyle X/n}$ and ${\displaystyle Y/m}$ are either disjoint or one is a subnet of the other.

CIDR provides fine-grained routing prefix aggregation. For example, if the first 20 bits of their network prefixes match, sixteen contiguous /24 networks can be aggregated and advertised to a larger network as a single /20 routing table entry. This reduces the number of routes that have to be advertised.

• Internet protocol suite