Classless Inter-Domain Routing

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Classless Inter-Domain Routing (CIDR, /'saɪ.dr/, /'si.dr/) is a method of categorizing IP addresses for the purpose of allocating IP addresses to users and for efficiently routing IP packets on the Internet. It allows for address specified in CIDR notation, address aggregation and easier delegation of address blocks.


[edit] Overview

During the first decade of the modern Internet after the invention of the Domain Name System (DNS) it became apparent that the devised system based on classful network design of distributing the address space and routing IP packets was not scalable (cf. RFC 1517). To alleviate the shortcomings, the Internet Engineering Task Force published in 1993 a new set of standards, RFC 1518 and RFC 1519, to define a new concept of allocation of IP address blocks and new methods of routing IPv4 packets. RFC 1519 was replaced by RFC 4632 in 2006.

An IP address is interpreted in two parts: a network-identifying prefix followed by a host address within that network. In the prior classful network architecture IP address allocations were based on octet (8-bit) boundary segments of the 32-bit IP address, forcing either 8, 16, or 24-bit network prefixes. Thus, the smallest allocation and routing block contained only 256 addresses—too small for most enterprises, and the next larger block contained 65,536 addresses—too large to be used efficiently by even large organizations. This led to inefficiencies in address use as well as routing because the large number of allocated small (class-C) networks with individual route announcements, being geographically dispersed with little opportunity for route aggregation, created heavy demand on routing equipment.

Classless Inter-Domain Routing is based on variable-length subnet masking (VLSM) to allow allocation on arbitrary-length prefixes. Variable-length subnet masks are mentioned in RFC 950 (1985).

CIDR encompasses:

  • the VLSM technique of specifying arbitrary-length prefixes. An address in CIDR notation is written with a suffix indicating the number of bits in the prefix, such as This permits more efficient use of increasingly scarce IPv4 addresses.
  • the aggregation of multiple contiguous prefixes into supernets, and, wherever possible in the Internet, advertising aggregates, thus reducing the number of entries in the global routing table. Aggregation hides multiple levels of subnetting from the Internet routing table, and reverses the process of "subnetting a subnet" with VLSM.
  • the administrative process of allocating address blocks to organizations based on their actual and short-term projected need, rather than the very large or very small blocks required by classful addressing schemes.

While IPv6 maintains the IPv4 CIDR convention of indicating prefix length with a suffix, the IPv4 concept of class was abandoned in IPv6.

[edit] CIDR blocks

CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped together into single routing table entries. These groups, commonly called CIDR blocks, share an initial sequence of bits in the binary representation of their IP addresses. IPv4 CIDR blocks are identified using a syntax similar to that of IPv4 addresses: a four-part dotted-decimal address, followed by a slash, then a number from 0 to 32: A.B.C.D/N. The dotted decimal portion is interpreted, like an IPv4 address, as a 32-bit binary number that has been broken into four octets. The number following the slash is the prefix length, the number of shared initial bits, counting from the left-hand side of the address. When speaking in abstract terms, the dotted-decimal portion is sometimes omitted, thus a /20 is a CIDR block with an unspecified 20-bit prefix.

An IP address is part of a CIDR block, and is said to match the CIDR prefix if the initial N bits of the address and the CIDR prefix are the same. Thus, understanding CIDR requires that IP address be visualized in binary. Since the length of an IPv4 address is fixed at 32 bits, an N-bit CIDR prefix leaves 32 − N bits unmatched, and there are 2(32 − N) possible combinations of these bits, meaning that 2(32 − N) IPv4 addresses match a given N-bit CIDR prefix. Shorter CIDR prefixes match more addresses, while longer CIDR prefixes match fewer. An address can match multiple CIDR prefixes of different lengths.

CIDR is also used with IPv6 addresses, for which the prefix length can range from 0 to 128, due to the larger number of bits in the address. A similar syntax is used: the prefix is written as an IPv6 address, followed by a slash and the number of significant bits in the prefix mask.

[edit] Assignment of CIDR blocks

The Internet Assigned Numbers Authority (IANA) issues to Regional Internet Registries (RIRs) large, short-prefix CIDR blocks. For example,, with over sixteen million addresses, is administered by RIPE NCC, the European RIR. The RIRs, each responsible for a single, large, geographic area (such as Europe or North America), then subdivide these blocks into smaller blocks and issue them publicly. This subdividing process can be repeated several times at different levels of delegation. Large Internet service providers (ISPs) typically obtain CIDR blocks from an RIR, then subdivide them into smaller CIDR blocks for their subscribers, sized according to the size of the subscriber's network. Networks served by a single ISP are encouraged by IETF to obtain IP address space directly from their ISP. Networks served by multiple ISPs, on the other hand, will often obtain independent CIDR blocks directly from the appropriate RIR.

For example, in the late 1990s, the IP address (since reassigned) was used by An analysis of this address identified three CIDR prefixes., a large CIDR block containing over 2 million addresses, had been assigned by ARIN (the North American RIR) to MCI. Automation Research Systems, a Virginia VAR, leased an Internet connection from MCI and was assigned the block, capable of addressing just over 1000 devices. ARS used a /24 block for its publicly accessible servers, of which was one.

All of these CIDR prefixes would be used, at different locations in the network. Outside of MCI's network, the prefix would be used to direct to MCI traffic bound not only for, but also for any of the roughly two million IP addresses with the same initial 11 bits. Within MCI's network, would become visible, directing traffic to the leased line serving ARS. Only within the ARS corporate network would the prefix have been used.

[edit] CIDR and masks

A subnet mask is a bitmask that encodes the prefix length in a form similar to an IP address: 32 bits, starting with a number of 1 bits equal to the prefix length, ending with 0 bits, and encoded in four-part dotted-decimal format. A subnet mask encodes the same information as a prefix length, but predates the advent of CIDR.

CIDR uses variable-length subnet masks (VLSM) to allocate IP addresses to subnets according to individual need, rather than some general network-wide rule. Thus the network/host division can occur at any bit boundary in the address. The process can be recursive, with a portion of the address space being further divided into even smaller portions, through the use of masks which cover more bits.

CIDR/VLSM network addresses are now used throughout the public Internet, although they are also used elsewhere, particularly in large private networks. An average desktop LAN user generally does not see them in practice, as their LAN is usually numbered using special private network addresses.

[edit] Prefix aggregation

Another benefit of CIDR is the possibility of routing prefix aggregation (also known as "supernetting" or "route summarization"). For example, sixteen contiguous Class C (/24) networks could now be aggregated together, and advertised to the outside world as a single /20 route (if the first 20 bits of their network addresses match). Two aligned contiguous /20s could then be aggregated to a /19, and so forth. This allows a significant reduction in the number of routes that have to be advertised over the Internet, preventing 'routing table explosions' from overwhelming routers, and stopping the Internet from expanding further.

See IPv4 subnetting reference.

IP/CIDR Δ to last IP addr Mask Hosts (*) Class Notes
a.b.c.d/32 + 1 1/256 C
a.b.c.d/31 + 2 1/128 C d = 0 ... (2n) ... 254
a.b.c.d/30 + 4 1/64 C d = 0 ... (4n) ... 252
a.b.c.d/29 + 8 1/32 C d = 0 ... (8n) ... 248
a.b.c.d/28 + 16 1/16 C d = 0 ... (16n) ... 240
a.b.c.d/27 + 32 1/8 C d = 0 ... (32n) ... 224
a.b.c.d/26 + 64 1/4 C d = 0, 64, 128, 192
a.b.c.d/25 + 128 1/2 C d = 0, 128
a.b.c.0/24 + 256 1 C
a.b.c.0/23 + 512 2 C c = 0 ... (2n) ... 254
a.b.c.0/22 + 1,024 4 C c = 0 ... (4n) ... 252
a.b.c.0/21 + 2,048 8 C c = 0 ... (8n) ... 248
a.b.c.0/20 + 4,096 16 C c = 0 ... (16n) ... 240
a.b.c.0/19 + 8,192 32 C c = 0 ... (32n) ... 224
a.b.c.0/18 + 16,384 64 C c = 0, 64, 128, 192
a.b.c.0/17 + 32,768 128 C c = 0, 128
a.b.0.0/16 + 65,536 256 C = 1 B
a.b.0.0/15 + 131,072 2 B b = 0 ... (2n) ... 254
a.b.0.0/14 + 262,144 4 B b = 0 ... (4n) ... 252
a.b.0.0/13 + 524,288 8 B b = 0 ... (8n) ... 248
a.b.0.0/12 + 1,048,576 16 B b = 0 ... (16n) ... 240
a.b.0.0/11 + 2,097,152 32 B b = 0 ... (32n) ... 224
a.b.0.0/10 + 4,194,304 64 B b = 0, 64, 128, 192
a.b.0.0/9 + 8,388,608 128 B b = 0, 128
a.0.0.0/8 + 16,777,216 256 B = 1 A
a.0.0.0/7 + 33,554,432 2 A a = 0 ... (2n) ... 254
a.0.0.0/6 + 67,108,864 4 A a = 0 ... (4n) ... 252
a.0.0.0/5 + 134,217,728 8 A a = 0 ... (8n) ... 248
a.0.0.0/4 + 268,435,456 16 A a = 0 ... (16n) ... 240
a.0.0.0/3 + 536,870,912 32 A a = 0 ... (32n) ... 224
a.0.0.0/2 + 1,073,741,824 64 A a = 0, 64, 128, 192
a.0.0.0/1 + 2,147,483,648 128 A a = 0, 128 + 4,294,967,296 256 A

(*) Note that for routed subnets bigger than /31 or /32, 2 needs to be subtracted from the number of available addresses - the largest address is used as the broadcast address, and typically the smallest address is used to identify the network itself. See RFC 1812 for more detail. It is also common for the gateway IP for that subnet to use an address, meaning that you would subtract 3 from the number of usable hosts that can be used on the subnet.

[edit] Historical background

IP addresses were originally described as consisting of two parts: the network address (which identified a whole network or subnet), and the host address (which identified a particular machine's connection or interface to that network). This division was used in traffic routing in and among IP networks.

Historically, the IP address space was divided into three main 'classes of networks', where each class had a fixed size network address. The class, and hence the length of the network address and the number of hosts on the network, could always be determined from the most significant bits of the IP address. Without any way of specifying a prefix length or a subnet mask, routing protocols, such as RIP-1, IGRP, necessarily used the class of the IP address specified in route advertisements to determine the size of the routing prefixes to be set up in the routing tables.

As the experimental TCP/IP network expanded into the Internet during the 1980s, the need for more flexible addressing schemes became increasingly apparent. This led to the successive development of subnetting and CIDR. Because the old class distinctions are ignored, the new system was called classless routing. It is supported by modern routing protocols, such as RIP-2, EIGRP, IS-IS and OSPF. This led to the original system being called, by back-formation, classful routing.

Variable-Length Subnet Masking (VLSM) is the same concept as CIDR, but used mostly in historical context. Its concept was first mentioned in RFC 950.

Internet RFC 1338 was a major paradigm shift to establish a provider-based addressing and hierarchical routing. With the new RFC 1338-style provider-based supernetting, it was possible to create multiple hierarchical tiers and most tiers were envisioned to be Internet service providers. Provider-based address space allocation was the new model, and BGP would evolve to BGP4, incorporating the supernetting paradigm. For this shift to occur, the technique for supernetting-subnetting the IP address space required a modification. This new feature was called Classless Inter-Domain Routing (CIDR). (Note that RFC 1338 has been replaced by RFC 4632)

[edit] External links

Personal tools