IPv4 CIDR Notation Reference Guide

CIDR is a shorthand for specifying IP address ranges using a slash notation.
# IPv4 CIDR Notation Reference Guide

## What is CIDR?

**CIDR (Classless Inter-Domain Routing)** is a shorthand notation for specifying IP address ranges using a slash followed by a number.

### Format

```
<IP Address>/<Prefix Length>
```

- **IP Address**: The network address (e.g., `192.168.1.0`)
- **Prefix Length**: Number of bits in the network portion (e.g., `/24`)

## How CIDR Works

The `/number` (prefix length) indicates how many bits, starting from the left, are fixed for the network portion of the address. The remaining bits are available for host addresses.

### Key Principles

- **Smaller prefix number** = **more addresses** in the range
- **Larger prefix number** = **fewer addresses** in the range
- Valid range: **`/0` to `/32`**
- Formula: **Number of IPs = 2^(32 - prefix length)**

### Binary Breakdown

Each bit in the 32-bit IPv4 address can be either part of the network or host portion:

```
/0  = 00000000.00000000.00000000.00000000 (all hosts)
/8  = 11111111.00000000.00000000.00000000 (first octet fixed)
/16 = 11111111.11111111.00000000.00000000 (first two octets)
/24 = 11111111.11111111.11111111.00000000 (first three octets)
/32 = 11111111.11111111.11111111.11111111 (exact address)
```

## Complete CIDR Reference Table

| CIDR  | Subnet Mask     | Total IPs     | Usable IPs\* | Typical Use Case                           |
| ----- | --------------- | ------------- | ------------ | ------------------------------------------ |
| `/0`  | 0.0.0.0         | 4,294,967,296 | All          | All IPv4 addresses (default route)         |
| `/8`  | 255.0.0.0       | 16,777,216    | 16,777,214   | Large enterprise networks, cloud providers |
| `/12` | 255.240.0.0     | 1,048,576     | 1,048,574    | Large corporate networks                   |
| `/16` | 255.255.0.0     | 65,536        | 65,534       | Medium networks, Azure VNets               |
| `/20` | 255.255.240.0   | 4,096         | 4,094        | Departmental networks                      |
| `/24` | 255.255.255.0   | 256           | 254          | Small subnets (default LANs)               |
| `/26` | 255.255.255.192 | 64            | 62           | Small office networks                      |
| `/28` | 255.255.255.240 | 16            | 14           | Very small subnets                         |
| `/30` | 255.255.255.252 | 4             | 2            | Point-to-point links                       |
| `/32` | 255.255.255.255 | 1             | 1            | Single host/firewall rules                 |

\*Usable IPs = Total - 2 (network + broadcast addresses), except `/31` and `/32`

## Private IP Address Ranges

These CIDR blocks are reserved for private networks (RFC 1918):

- **`10.0.0.0/8`** - Large private networks (16.7M IPs)
- **`172.16.0.0/12`** - Medium private networks (1M IPs)
- **`192.168.0.0/16`** - Small private networks (65K IPs)

## Quick Calculation Examples

- `/24` = 2^(32-24) = 2^8 = **256 IPs**
- `/28` = 2^(32-28) = 2^4 = **16 IPs**
- `/16` = 2^(32-16) = 2^16 = **65,536 IPs**
- `/32` = 2^(32-32) = 2^0 = **1 IP**

## Practical Examples

### 1. Azure Network Security Group (NSG) - Allow Office Traffic

```
Source: 203.0.113.0/24
Destination: 10.0.1.0/24
Action: Allow
```

Allows all 256 IPs from office network to reach a specific subnet.

### 2. Azure Cosmos DB Firewall - Allow Single Admin IP

```
Allowed IP: 198.51.100.42/32
```

Grants access only to one specific administrator's public IP.

### 3. Azure Virtual Network - Hub Network

```
VNet Address Space: 10.0.0.0/16
```

Provides 65,536 IPs for hub network with multiple subnets.

### 4. Azure Subnet - Web Tier

```
Subnet: 10.0.1.0/24
```

Allocates 256 IPs for web servers (254 usable).

### 5. Azure Subnet - Database Tier

```
Subnet: 10.0.2.0/26
```

Allocates 64 IPs for database servers (62 usable).

### 6. Azure Application Gateway Subnet

```
Subnet: 10.0.3.0/28
```

Minimum recommended size (16 IPs) for Application Gateway.

### 7. Azure Route Table - Default Route

```
Address Prefix: 0.0.0.0/0
Next Hop: Virtual Appliance
```

Routes all internet traffic through a firewall.

### 8. Azure Private Endpoint Subnet

```
Subnet: 10.0.4.0/28
```

Small subnet dedicated to private endpoints (16 IPs).

### 9. Azure Container Apps Environment

```
Infrastructure Subnet: 10.0.5.0/23
```

Provides 512 IPs for container infrastructure (2^(32-23) = 512).

### 10. Multi-Region Azure Setup

```
Region 1 (East US):    10.0.0.0/16   (65,536 IPs)
Region 2 (West US):    10.1.0.0/16   (65,536 IPs)
Region 3 (North EU):   10.2.0.0/16   (65,536 IPs)
```

Each region gets its own `/16` block for isolation and growth.

## Common Patterns Summary

| Scenario                   | Recommended CIDR | Reason                    |
| -------------------------- | ---------------- | ------------------------- |
| Single host firewall rule  | `/32`            | Exact IP match            |
| Point-to-point VPN link    | `/30`            | Only 2 usable IPs needed  |
| Small subnet (App Gateway) | `/28`            | 16 IPs, minimal waste     |
| Standard subnet            | `/24`            | 256 IPs, easy to remember |
| Large subnet               | `/16`            | 65K IPs, room for growth  |
| "Any" or default route     | `/0`             | All IP addresses          |

## Tips for Choosing CIDR Ranges

1. **Plan for growth** - Choose larger ranges than you currently need
2. **Avoid overlap** - Ensure ranges don't conflict across VNets or on-premises
3. **Use consistent sizing** - Standardize subnet sizes where possible (e.g., all app subnets `/24`)
4. **Document everything** - Keep a spreadsheet of allocated ranges
5. **Reserve space** - Leave gaps between allocations for future expansion