Back to Tools

CIDR Calculator

Calculate network range, netmask, and usable IPs for any IPv4 CIDR block.

Enter a valid CIDR block to see details.

Common Subnet Masks

Prefix SizeSubnet MaskTotal IPs
/32255.255.255.2551
/30255.255.255.2524
/28255.255.255.24016
/24255.255.255.0256
/20255.255.240.04,096
/16255.255.0.065,536
/8255.0.0.016,777,216

What is CIDR?

CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing IP packets. Introduced in 1993, CIDR replaced the older system of IP address classes (Class A, B, and C) to slow the exhaustion of IPv4 addresses and reduce the size of routing tables.

CIDR notation combines an IP address with a suffix that indicates the number of network bits. For example, 192.168.1.0/24 means that the first 24 bits are the network portion, leaving 8 bits for host addresses.

Why CIDR Matters

  • Efficient IP allocation: Use exactly the IP space you need
  • Reduced routing tables: Aggregate multiple networks into single routing entries
  • Flexible network design: Not constrained by traditional class boundaries
  • Essential for cloud: AWS, Azure, and GCP all require CIDR notation for VPC/VNet design

Understanding CIDR Notation

CIDR notation consists of two parts separated by a slash:

[IP Address] / [Prefix Length]
  • IP Address: The network address (e.g., 10.0.0.0)
  • Prefix Length: Number of bits used for the network portion (e.g., /16)

The prefix length determines how many IP addresses are in the block:

  • /32 = 1 IP address (single host)
  • /24 = 256 IP addresses (254 usable hosts)
  • /16 = 65,536 IP addresses (65,534 usable hosts)
  • /8 = 16,777,216 IP addresses (16,777,214 usable hosts)

Subnet Mask Relationship

The CIDR prefix directly corresponds to a subnet mask:

CIDRSubnet MaskTotal IPsUsable Hosts
/32255.255.255.25511*
/30255.255.255.25242
/28255.255.255.2401614
/24255.255.255.0256254
/20255.255.240.04,0964,094
/16255.255.0.065,53665,534
/8255.0.0.016,777,21616,777,214

Note: /32 represents a single host address

Calculator Results Explained

When you enter a CIDR block, the calculator provides several key values:

Network Address

The first IP address in the range, representing the network itself. This address cannot be assigned to hosts.

Example: For 192.168.1.0/24, the network address is 192.168.1.0

Broadcast Address

The last IP address in the range, used to send messages to all hosts on the network. This address cannot be assigned to hosts.

Example: For 192.168.1.0/24, the broadcast address is 192.168.1.255

Usable Host Range

The IP addresses between the network and broadcast addresses that can be assigned to devices.

Example: For 192.168.1.0/24:

  • First usable: 192.168.1.1
  • Last usable: 192.168.1.254
  • Total usable hosts: 254

Subnet Mask

The dotted-decimal notation equivalent of the CIDR prefix.

Example: /24 = 255.255.255.0

Cloud Provider CIDR Planning

AWS VPC Planning

When creating an AWS Virtual Private Cloud (VPC), you must specify a CIDR block:

Recommended VPC CIDR Ranges:

  • Small environment: 10.0.0.0/24 (256 IPs)
  • Medium environment: 10.0.0.0/20 (4,096 IPs)
  • Large environment: 10.0.0.0/16 (65,536 IPs)
  • Enterprise: 10.0.0.0/8 (16.7M IPs)

Subnet Best Practices:

  • Use /24 subnets for most application tiers
  • Use /28 for small subnets (e.g., NAT gateways, bastion hosts)
  • Reserve IP space for future growth
  • Distribute subnets across availability zones

AWS Reserved IPs per Subnet: AWS reserves 5 IPs in each subnet:

  • Network address (.0)
  • VPC router (.1)
  • DNS server (.2)
  • Reserved for future use (.3)
  • Broadcast address (.255)

Example: A /28 subnet (16 IPs) has only 11 usable IPs after AWS reservations.

Azure Virtual Network Planning

Recommended Address Spaces:

  • Development: 10.1.0.0/24
  • Production: 10.0.0.0/16
  • Enterprise: Multiple /16 blocks

Subnet Considerations:

  • Application Gateway requires /24 or larger
  • Azure Firewall requires /26 or larger
  • Azure Bastion requires /27 or larger

Google Cloud VPC Planning

GCP Auto-Mode Networks:

  • Automatically creates one subnet per region
  • Each subnet uses a /20 CIDR block
  • Total range: 10.128.0.0/9

Custom-Mode Networks (Recommended):

  • Full control over IP ranges
  • Use regional subnets with custom CIDR blocks
  • Can expand subnet ranges without recreating

Common Use Cases

1. Designing Enterprise Networks

Plan CIDR blocks that accommodate current needs plus 50-100% growth:

Corporate Network: 10.0.0.0/8
├── Region 1: 10.1.0.0/16
│   ├── Production: 10.1.0.0/20
│   ├── Development: 10.1.16.0/20
│   └── Management: 10.1.32.0/20
└── Region 2: 10.2.0.0/16
    └── ... similar structure

2. Hybrid Cloud & VPN

Ensure on-premises and cloud networks don't overlap:

  • On-premises: 192.168.0.0/16
  • AWS VPC: 10.0.0.0/16
  • Azure VNet: 10.1.0.0/16
  • GCP VPC: 10.2.0.0/16

3. Kubernetes Cluster Planning

Plan for pod and service CIDR blocks:

  • Node subnet: 10.0.1.0/24
  • Pod CIDR: 10.244.0.0/16
  • Service CIDR: 10.96.0.0/12

4. Security Group Configuration

Define precise IP ranges for firewall rules:

  • Allow SSH from office: 203.0.113.0/24
  • Allow HTTPS from anywhere: 0.0.0.0/0
  • Database access from app tier: 10.0.1.0/24

RFC 1918 Private Address Ranges

These IP ranges are reserved for private networks and not routable on the public internet:

  • 10.0.0.0/8: 16,777,216 addresses (10.0.0.0 - 10.255.255.255)
  • 172.16.0.0/12: 1,048,576 addresses (172.16.0.0 - 172.31.255.255)
  • 192.168.0.0/16: 65,536 addresses (192.168.0.0 - 192.168.255.255)

Always use these ranges for internal networks, VPCs, and VNets.

CIDR Best Practices

1. Plan for Growth

Always allocate more IP space than immediately needed. It's easier to use a subset of a larger CIDR block than to expand later.

Don't do this:

VPC: 10.0.0.0/24 (only 256 IPs)

Do this instead:

VPC: 10.0.0.0/16 (65,536 IPs)
└── Initial subnet: 10.0.1.0/24 (256 IPs)

2. Avoid Overlap

Ensure CIDR blocks don't overlap, especially in multi-cloud or hybrid environments. Use a central IP address management (IPAM) system.

3. Document Everything

Maintain an IP address allocation spreadsheet or use cloud IPAM tools:

  • Which CIDR blocks are allocated
  • What each subnet is used for
  • Contact owner for each network segment

4. Use Consistent Patterns

Establish organizational standards:

10.0.0.0/16    = us-east-1
10.1.0.0/16    = us-west-2
10.2.0.0/16    = eu-west-1

Within each region:
10.x.0.0/20    = Production
10.x.16.0/20   = Staging
10.x.32.0/20   = Development
10.x.128.0/20  = Management/Shared Services

5. Leave Room Between Ranges

Don't pack CIDR blocks tightly together. Leave space for future expansion:

Tight packing (avoid):

Prod:    10.0.0.0/24
Staging: 10.0.1.0/24
Dev:     10.0.2.0/24

Better approach:

Prod:    10.0.0.0/20   (10.0.0.0 - 10.0.15.255)
Staging: 10.0.16.0/20  (10.0.16.0 - 10.0.31.255)
Dev:     10.0.32.0/20  (10.0.32.0 - 10.0.47.255)

Common Mistakes to Avoid

1. Choosing Too Small a CIDR Block

Starting with /24 for a VPC seems reasonable but can quickly become limiting. Cloud resources multiply faster than expected.

2. Not Accounting for Cloud Provider Reservations

Remember that AWS reserves 5 IPs per subnet, Azure reserves several IPs, and GCP has similar reservations.

3. Creating Overlapping Ranges

This breaks VPC peering, VPN connections, and can cause routing issues.

4. Forgetting About Reserved Addresses

Every subnet loses at least 2 addresses (network and broadcast). Cloud providers often reserve additional addresses.

5. Not Planning for Multi-Region

If you might expand to other regions, allocate different /16 blocks to each region from the start.

Frequently Asked Questions

What's the difference between /24 and /25?

  • /24 provides 256 total IPs (254 usable hosts)
  • /25 provides 128 total IPs (126 usable hosts)

The /25 splits a /24 network in half. Each increment in the prefix doubles the number of networks and halves the hosts per network.

How many hosts can I have in a /28 subnet?

A /28 subnet provides 16 total IP addresses. After reserving the network address and broadcast address, you have 14 usable host addresses.

In AWS, you'd only have 11 usable addresses due to AWS's additional reservations.

Why do I lose 2 IP addresses per subnet?

  • Network address: The first IP (e.g., 192.168.1.0) identifies the network itself
  • Broadcast address: The last IP (e.g., 192.168.1.255) is used to send to all hosts

Neither can be assigned to individual devices.

What CIDR range should I use for my AWS VPC?

For most use cases:

  • Small projects: 10.0.0.0/20 (4,096 IPs)
  • Production environments: 10.0.0.0/16 (65,536 IPs)
  • Large enterprises: Multiple /16 blocks or a /8

Use the 10.0.0.0/8 private range to avoid conflicts with other common networks.

Can CIDR blocks overlap?

No. Overlapping CIDR blocks will cause routing issues and prevent VPC peering, VPN connections, and network connectivity between the overlapping ranges.

What does /32 mean?

/32 represents a single, specific IP address. All 32 bits are the network portion, leaving zero bits for hosts. It's used to specify individual host addresses in routing tables or security group rules.

How do I convert a subnet mask to CIDR notation?

Count the consecutive 1 bits from left to right in the binary representation:

  • 255.255.255.0 = 11111111.11111111.11111111.00000000 = /24
  • 255.255.240.0 = 11111111.11111111.11110000.00000000 = /20
  • 255.255.0.0 = 11111111.11111111.00000000.00000000 = /16

What's a wildcard mask?

A wildcard mask is the inverse of a subnet mask, used in Cisco ACLs and some routing configurations:

  • Subnet mask 255.255.255.0 → Wildcard mask 0.0.0.255
  • Subnet mask 255.255.240.0 → Wildcard mask 0.0.15.255

Calculate it by subtracting each octet from 255.

Additional Resources