CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing Internet Protocol packets more efficiently than the original classful addressing system, using a variable-length subnet mask represented by a prefix length. It was introduced in 1993 by the Internet Engineering Task Force (IETF) to address the rapid exhaustion of IPv4 addresses and the growth of routing tables.
The Evolution to CIDR
Before CIDR, IPv4 addresses were divided into fixed "classes" (A, B, C, D, E). Each class had a predefined network and host portion, leading to inefficient address utilization. For instance, a Class B network offered 65,534 host addresses, often far more than a single organization required, resulting in wasted IP space. Conversely, a Class C network, with only 254 host addresses, was often too small.
Classful routing also meant that routing tables on the internet backbone grew rapidly because every Class A, B, or C network required a separate entry, regardless of its hierarchical relationship to other networks.
Understanding CIDR Notation
CIDR abandons the concept of fixed classes by allowing the network portion of an IP address to be of arbitrary length. This length is indicated by a suffix to the IP address, /prefix_length.
An IPv4 address is a 32-bit number. The prefix_length specifies how many of the leftmost bits constitute the network portion of the address. The remaining bits represent the host portion.
Example: 192.168.1.0/24
* 192.168.1.0 is the IP address.
* /24 indicates that the first 24 bits are the network portion.
Subnet Mask Equivalence
The prefix_length directly corresponds to a traditional dotted-decimal subnet mask. The subnet mask is formed by setting the first prefix_length bits to 1 and the remaining bits to 0.
| CIDR Prefix | Subnet Mask | Binary Subnet Mask (first 16 bits) |
|---|---|---|
| /8 | 255.0.0.0 | 11111111.00000000.00000000.00000000 |
| /16 | 255.255.0.0 | 11111111.11111111.00000000.00000000 |
| /24 | 255.255.255.0 | 11111111.11111111.11111111.00000000 |
| /27 | 255.255.255.224 | 11111111.11111111.11111111.11100000 |
| /30 | 255.255.255.252 | 11111111.11111111.11111111.11111100 |
How CIDR Works: Address Calculation
To determine the network address, broadcast address, and usable host range for a given CIDR block, specific calculations are performed.
Network Address
The network address (or network ID) is the first address in the CIDR block. It is obtained by performing a bitwise AND operation between any IP address within the block and the subnet mask. All host bits in the network address are 0.
Broadcast Address
The broadcast address is the last address in the CIDR block. It is obtained by setting all host bits of the network address to 1. Packets sent to this address are delivered to all hosts within that specific network segment.
Usable Host Range
The usable host range comprises all IP addresses between the network address and the broadcast address, exclusive of both. These are the addresses that can be assigned to devices on the network.
Number of Hosts
The number of available IP addresses within a CIDR block is calculated as 2^(32 - prefix_length). The number of usable host addresses is 2^(32 - prefix_length) - 2 (subtracting the network and broadcast addresses).
Example: 192.168.10.64/27
Let's break down the CIDR block 192.168.10.64/27.
- Prefix Length:
/27 - Subnet Mask: The first 27 bits are
1, the last 5 bits are0.
11111111.11111111.11111111.11100000(binary)
255.255.255.224(dotted-decimal) - IP Address in Binary:
192.168.10.64=11000000.10101000.00001010.01000000 - Network Address: Perform bitwise AND with the subnet mask.
11000000.10101000.00001010.01000000(IP)
11111111.11111111.11111111.11100000(Mask)
-----------------------------------
11000000.10101000.00001010.01000000(Network ID)
192.168.10.64
(Note: The given IP 192.168.10.64 is already the network address for this /27 block) - Broadcast Address: Set the host bits (last 5 bits) of the network address to
1.
Network ID:11000000.10101000.00001010.01000000
Broadcast:11000000.10101000.00001010.01011111
192.168.10.95 - Usable Host Range:
- First usable IP:
192.168.10.65 - Last usable IP:
192.168.10.94
- First usable IP:
- Number of Hosts:
32 - 27 = 5host bits.
2^5 = 32total addresses.
32 - 2 = 30usable host addresses.
Benefits of CIDR
Efficient IP Address Allocation
CIDR enables flexible subnetting, allowing administrators to choose a prefix length that precisely matches the number of hosts required for a particular network segment. This minimizes wasted IP addresses compared to classful addressing.
Route Aggregation (Supernetting)
CIDR allows multiple smaller networks to be combined into a single, larger network block for routing purposes. For example, an ISP might be allocated 203.0.113.0/20. It can then subdivide this into smaller /24 or /27 blocks for its customers. From the perspective of the broader internet, only the single /20 route needs to be advertised, significantly reducing the size of global routing tables. This process is called route aggregation or supernetting.
Reduced Routing Table Size
By enabling route aggregation, CIDR reduces the number of entries in routing tables on backbone routers. This improves routing efficiency and reduces the memory and processing requirements for routers.
Hierarchical Routing
CIDR facilitates a hierarchical routing structure, where larger CIDR blocks are allocated to major ISPs or regional internet registries, which then subdivide these blocks into smaller ones for their customers. This creates a more organized and scalable internet routing architecture.
CIDR in Proxy Services
Proxy services heavily rely on CIDR for various functionalities:
Access Control Lists (ACLs)
Proxies use CIDR blocks in ACLs to define which client IP addresses or ranges are permitted or denied access to the proxy or specific resources through the proxy.
# Nginx proxy example for allowing specific CIDR ranges
http {
server {
listen 80;
server_name example.com;
location / {
# Deny by default
deny all;
# Allow specific IP addresses
allow 192.168.1.10;
allow 10.0.0.0/8; # Allow entire Class A private range
allow 172.16.0.0/12; # Allow entire Class B private range
allow 192.168.0.0/16; # Allow entire Class C private range
# Allow specific public IP blocks
allow 203.0.113.0/24;
proxy_pass http://backend_server;
}
}
}
Geolocation and Regional Routing
Proxy services often use CIDR blocks to identify the geographical origin of client IP addresses. This information can be used for:
* Content Localization: Delivering region-specific content.
* Geo-blocking: Restricting access to content based on the client's country or region.
* Optimized Routing: Directing traffic to proxy servers closer to the client for lower latency.
Load Balancing
In load balancing setups, CIDR can be used to direct client traffic from specific IP ranges to particular backend server pools or proxy instances, ensuring optimal resource utilization or compliance with regional data residency requirements.
IP Whitelisting/Blacklisting
Proxy firewalls and security features utilize CIDR to whitelist trusted networks or blacklist known malicious IP ranges, enhancing security by filtering traffic at the proxy layer.
Private Network Access
For proxies operating within corporate networks, CIDR is essential for defining internal network ranges that can be accessed via the proxy, or to distinguish internal clients from external ones.
CIDR and IPv6
The principles of CIDR are fundamental to IPv6 addressing as well, though the address length is 128 bits. IPv6 addresses are always expressed in CIDR notation, such as 2001:0db8::/32. The prefix length in IPv6 functions identically to IPv4, defining the network and host portions of the address and enabling efficient allocation and routing.
Conclusion
CIDR is an indispensable component of modern internet infrastructure, crucial for efficient IP address management and scalable routing. For proxy services, a thorough understanding of CIDR is vital for configuring robust access controls, optimizing traffic flow, and implementing security policies.