Classless Inter-Domain Routing, or CIDR, is a method of assigning and organizing IP addresses that replaced the rigid class-based system the internet used in its early years. Formally introduced in September 1993 through RFC 1518 and RFC 1519, CIDR solved two urgent problems at once: IPv4 addresses were being wasted at an alarming rate, and the routing tables that direct traffic across the internet were doubling in size roughly every 10 months.
The Problem CIDR Was Built to Solve
Before CIDR, every IP address belonged to one of three main classes. Class A networks contained about 16.7 million addresses, Class B networks had roughly 65,000, and Class C networks held 254. If an organization needed 300 addresses, it couldn’t use a Class C (too small) and had to request a Class B, wasting over 65,000 addresses in the process. There was no in-between option.
This waste was compounding fast. Each network, no matter how small, also needed its own entry in the global routing table, the master list that routers use to figure out where to send data. By December 1992, that table held about 8,500 routes and was on pace to hit 75,000 within three years. Routers of that era couldn’t handle tables that large, which meant the internet risked grinding to a halt. CIDR was the fix for both problems: it let administrators carve up address space in flexible sizes and gave routers a way to collapse thousands of routes into a handful of summary entries.
How CIDR Notation Works
CIDR uses a simple format you’ve probably seen: an IP address followed by a slash and a number, like 192.168.1.0/24. The number after the slash (called the prefix length) tells you how many of the 32 bits in an IPv4 address identify the network. The remaining bits identify individual devices on that network.
A /24 prefix locks the first 24 bits, leaving 8 bits for host addresses, which gives you 256 total addresses (254 usable, since two are reserved for the network itself and the broadcast address). A /16 locks the first 16 bits, leaving 16 bits for hosts, yielding about 65,000 usable addresses. A /32 identifies a single address with no room for additional hosts.
Here are some common prefix lengths and the addresses they provide:
- /30: 4 total addresses (2 usable), typically used for point-to-point links between two routers
- /27: 32 total addresses (30 usable), suitable for a small office
- /24: 256 total addresses (254 usable), the most common block for a single subnet
- /20: 4,096 total addresses, often assigned to mid-size organizations
- /16: 65,536 total addresses, roughly equivalent to what used to be a full Class B network
- /8: about 16.7 million total addresses, equivalent to a Class A network
The key insight is that the prefix length can be any number from 0 to 32. You’re not stuck choosing between three fixed sizes. If you need 500 addresses, you can get a /23 (512 addresses) instead of being forced into a block of 65,000.
Variable-Length Subnet Masking
Under the old system, a network could only use one subnet mask. If you divided the network 192.168.1.0 into eight equal subnets, every subnet had to be the same size, even if some segments needed far more addresses than others.
CIDR introduced variable-length subnet masking (VLSM), which lets an administrator use different-sized subnets within the same network. That same 192.168.1.0 network could be split into two larger subnets with a /26 mask (62 usable addresses each) and four smaller subnets with a /27 mask (30 usable addresses each). A department of 50 people gets the larger block; a server room with 10 machines gets the smaller one. No addresses sit idle.
Route Aggregation and Smaller Routing Tables
The second major benefit of CIDR is route aggregation, sometimes called supernetting. Instead of advertising a separate route for every small network it serves, an internet service provider can advertise a single summary route that covers all of them. If a provider owns the block 198.32.0.0 through 198.32.255.255, it can announce one route (198.32.0.0/16) rather than hundreds of individual /24 routes.
The original RFC estimated that with 90% participation from service providers, the global routing table would grow to about 13,145 routes over three years, compared to 75,000 routes without any intervention. That translated to an annual growth rate of roughly 6%, down from the 130% annual growth rate that was threatening to overwhelm router hardware. Routers use a “longest match” rule: when a destination matches multiple entries, the router picks the most specific one. This means aggregated routes coexist cleanly with more specific routes when exceptions are needed.
Classful vs. Classless Routing Protocols
CIDR only works if routing protocols can carry subnet mask information alongside each route. Older “classful” protocols like RIP version 1 never included a subnet mask in their updates. When a router running RIPv1 received an address like 172.16.1.0, it had to guess the mask based on the address class, defaulting to /16 because 172.x.x.x falls in the Class B range. That guess was often wrong, causing routing failures in networks that used CIDR-style subnetting.
“Classless” routing protocols solve this by including the prefix length with every route update. RIP version 2, released in the late 1990s, added CIDR support. OSPF, one of the most widely used protocols inside corporate and ISP networks, has supported CIDR and VLSM from the start. BGP, the protocol that routes traffic between major networks across the internet, relies entirely on CIDR-style prefix notation to manage the global routing table.
CIDR in IPv6
IPv6 was designed with CIDR principles baked in from the beginning. The slash notation works identically: 2001:db8::/32 means the first 32 bits define the network. But IPv6 addresses are 128 bits long instead of 32, so the scale is dramatically different.
All IPv6 local networks use a /64 prefix by convention, which means every single subnet can hold more addresses than the entire IPv4 internet. Internet service providers typically assign a /48 prefix to each subscriber site, giving that subscriber 65,536 separate /64 subnets to work with. Regional registries hand out blocks as large as /32 (covering 65,536 subscriber sites) or /24 (covering over 16 million subscriber sites). There are no address classes in IPv6 at all. The classful system died with IPv4, and CIDR is simply how addressing works.
Why CIDR Still Matters
Every time you configure a network interface, set up a firewall rule, or define an access control list in cloud infrastructure, you’re using CIDR notation. AWS, Azure, and Google Cloud all require CIDR blocks when you create virtual networks. Home routers assign addresses from a CIDR block (usually 192.168.1.0/24) even if the interface never shows you the slash notation directly.
The global IPv4 routing table, which CIDR was designed to tame, currently holds over 900,000 entries. Without route aggregation, that number would be many times larger and far harder for routers to process. CIDR didn’t permanently solve address exhaustion (IPv4 addresses did eventually run out, driving the shift to IPv6), but it bought the internet roughly two decades of breathing room and established the addressing framework that both IPv4 and IPv6 networks still rely on today.