CIDR: Classless Inter-Domain Routing
From Network Dictionary Wiki
Classless Inter-Domain Routing (CIDR), sometimes known as supernetting, is an addressing scheme under IPv4 for the Internet which allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme. The Internet is currently a mixture of both "CIDR-ized" addresses and old Class A, B and C addresses. Almost all new routers support CIDR and the Internet authorities strongly encourage all users to implement the CIDR addressing scheme.
Contents |
CIDR blocks
CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped together into single routing table entries. These groups, commonly called CIDR blocks, share an initial sequence of bits in the binary representation of their IP addresses. IPv4 CIDR blocks are identified using a syntax similar to that of IPv4 addresses: a four-part dotted-decimal address, followed by a slash, then a number from 0 to 32: A.B.C.D/N. The dotted decimal portion is interpreted, like an IPv4 address, as a 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash is the prefix length, the number of shared initial bits, counting from the left-hand side of the address. When speaking in abstract terms, the dotted-decimal portion is sometimes omitted, thus a /20 is a CIDR block with an unspecified 20-bit prefix.
An IP address is part of a CIDR block, and is said to match the CIDR prefix if the initial N bits of the address and the CIDR prefix are the same. Thus, understanding CIDR requires that IP address be visualized in binary. Since the length of an IPv4 address is fixed at 32 bits, an N-bit CIDR prefix leaves 32 − N bits unmatched, and there are 2(32 − N) possible combinations of these bits, meaning that 2(32 − N) IPv4 addresses match a given N-bit CIDR prefix. Shorter CIDR prefixes match more addresses, while longer CIDR prefixes match fewer. An address can match multiple CIDR prefixes of different lengths.
CIDR is also used with IPv6 addresses, where the prefix length can range from 0 to 128, due to the larger number of bits in the address. A similar syntax is used: the prefix is written as an IPv6 address, followed by a slash and the number of significant bits.
Assignment of CIDR blocks
The Internet Assigned Numbers Authority (IANA) issues to Regional Internet Registries (RIRs) large, short-prefix CIDR blocks. For example, 62.0.0.0/8, with over sixteen million addresses, is administered by RIPE, the European RIR. The RIRs, each responsible for a single, large, geographic area (such as Europe or North America), then subdivide these blocks into smaller blocks and issue them publicly. This subdividing process can be repeated several times at different levels of delegation. Large Internet service providers (ISPs) typically obtain CIDR blocks from a RIR, then subdivide them into smaller CIDR blocks for their subscribers, sized according to the size of the subscriber's network. Networks served by a single ISP are encouraged by IETF to obtain IP address space directly from their ISP. Networks served by multiple ISPs, on the other hand, will often obtain independent CIDR blocks directly from the appropriate RIR.
For example, in the late 1990s, the IP address 208.130.29.33 (since reassigned) was used by the www.freesoft.org web server. An analysis of this address identified three CIDR prefixes. 208.128.0.0/11, a large CIDR block containing over 2 million addresses, had been assigned by ARIN (the North American RIR) to MCI. Automation Research Systems, a Virginia VAR, leased an Internet connection from MCI and was assigned the 208.130.28.0/22 block, capable of addressing just over 1000 devices. ARS used a /24 block for its publicly accessible servers, of which 208.130.29.33 was one.
All of these CIDR prefixes would be used, at different locations in the network. Outside of MCI's network, the 208.128.0.0/11 prefix would be used to direct to MCI traffic bound not only for 208.130.29.33, but also for any of the roughly two million IP addresses with the same initial 11 bits. Within MCI's network, 208.130.28.0/22 would become visible, directing traffic to the leased line serving ARS. Only within the ARS corporate network would the 208.130.29.0/24 prefix have been used.
CIDR and masks
A subnet mask is a bitmask that encodes the prefix length in a form similar to an IP address - 32 bits, starting with a number of 1 bits equal to the prefix length, ending with 0 bits, and encoded in four-part dotted-decimal format. A subnet mask encodes the same information as a prefix length, but predates the advent of CIDR.
CIDR uses variable length subnet masks (VLSM) to allocate IP addresses to subnets according to individual need, rather than some general network-wide rule. Thus the network/host division can occur at any bit boundary in the address. The process can be recursive, with a portion of the address space being further divided into even smaller portions, through the use of masks which cover more bits.
CIDR/VLSM network addresses are now used throughout the public Internet, although they are also used elsewhere, particularly in large private networks. An average desktop LAN user generally does not see them in practice, as their LAN network is usually numbered using special private RFC 1918 addresses.
Prefix aggregation
Another benefit of CIDR is the possibility of routing prefix aggregation (also known as "summarization" or "supernetting"). For example, sixteen contiguous /24 networks could now be aggregated together, and advertised to the outside world as a single /20 route (if the first 20 bits of their network addresses match). Two contiguous /20s could then be aggregated to a /19, and so forth. This allowed a significant reduction in the number of routes that had to be advertised over the Internet, preventing 'routing table explosion' from overwhelming routers, and stopping the Internet from expanding further.