In: Categories » Computers and technology » Linux » IP Supernetting or CIDR
CIDR stands for "Classless Inter-Domain Routing". It is a new addressing scheme for the Internet, intended to replace the old classful (Class A, B, C) address scheme. CIDR allows a more efficient allocation of IP addresses and uses routing aggregation for minimizing the routing table entries, and is also called supernetting.
A recapitulation of classful IP addressing shows us the following:
| Address Class | Number of Network Bits | Number of Hosts Bits | Decimal Address Range |
| Class A | 8 bits | 24 bits | 1-126 |
| Class B | 16 bits | 16 bits | 128-191 |
| Class C | 24 bits | 8 bits | 192-223 |
- 126 class A networks with up to 16,777,214 hosts each
- 65,000 class B networks with up to 65,534 hosts each
- Over 2 million class C networks with 254 hosts each
If a provider needed 10,000 IP addresses for a project, then it would receive a class B network, and 55,534 IP addresses would not be used. If however, the provider had been assigned 40 class C networks for that 10,000 IP addresses, it could not match its needs (not all the IP addresses would be in the same network) and the routing tables of routers on the Internet would grow with 40 new routes.
CIDR is an addressing scheme that supports masks not only of 8, 16, or 24 bits as in classful routing but of arbitrary length. The CIDR notation is:
xxx.xxx.xxx.xxx/n
where xxx.xxx.xxx.xxx is the IP address of the network and "n" is the number of '1' bits in the mask. For example, the class C network 192.168.1.0 with the mask 255.255.255.0 is written in CIDR as 192.168.1.0/24.
The CIDR masks for classes A, B, and C respectively are /8, /16, and /24.
For the earlier example with the provider requesting 10,000 IP addresses, with CIDR the provider would be assigned a network having a mask of /18, meaning the subnet mask would be 255.255.192.0 with 16,382 usable IP addresses and only one prefix in all the routing tables in the world.
Nowadays, providers are assigned large blocks of addresses that their customers can buy instead of every customer having different IP classes. For example, the provider that was assigned a /18 network can give 64 of its customers a class C IP class (a /24). This is called aggregation, and it significantly reduces the size of the routing tables on the Internet.
Let's have a look at the CIDR prefixes down to /16 (class B):
| CIDR Prefix | Subnet Mask | Number of IP Addresses |
| /32 | 255.255.255.255 | /32 is used in CIDR to specify a single host or IP address. If the prefix is missing, /32 is assumed |
| /30 | 255.255.255.252 | 4 |
| /29 | 255.255.255.248 | 8 |
| /28 | 255.255.255.240 | 16 |
| /27 | 255.255.255.224 | 32 |
| /26 | 255.255.255.192 | 64 |
| /25 | 255.255.255.128 | 128 |
| /24 | 255.255.255.0 | 256 |
| /23 | 255.255.254.0 | 512 |
| /22 | 255.255.252.0 | 1024 |
| /21 | 255.255.248.0 | 2048 |
| /20 | 255.255.240.0 | 4096 |
| /19 | 255.255.224.0 | 8192 |
| /18 | 255.255.192.0 | 16384 |
| /17 | 255.255.128.0 | 32768 |
| /16 | 255.255.0.0 | 65536 |
How the Internet Works
Large providers are assigned large IP blocks for them and for their customers. When accessing an IP address outside the provider's network, the data must travel through certain routers to get to the destination IP. The Internet Protocol is responsible for routing the packet to the destination.
Providers have some large, carrier-class routers located at the edge of their network where they interconnect to other providers. Every provider that has at least two interconnections with two different other providers must have an Autonomous System (AS) number to be identified in the exchange of routing information.
All the Internet is based on BGP (Border Gateway Protocol), which is a dynamic routing protocol used to exchange information between providers about the networks they have.
A provider having the Autonomous System number 1 (AS 1) has two interconnections: one with AS 2 and another with AS 3. Depending on the agreement between the providers, AS 1 can route to either of them only their own networks (Local Exchange or Local Peerings), or it can announce all the routes received from other peers (Full Exchange or Full BGP).
AS 3 can receive the routes to AS 1 networks directly from AS 1, and can also receive them from AS 2 and AS 4. The router finds the best path to AS 1 networks and sends packets to those networks on that path, and if that link fails, on the next best path. (e.g. AS 3 sends the packets to AS 1 directly on their interconnection. If that link fails, it will send them to AS 2, which will forward the packets to AS 1.)
legal notice
Our website is not responsible for the information contained by this article. Web-articles is a free articles resource.
Suggestion: If you need fresh, daily updated content for your website, feel free to use our service. Click here for more information.
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above.
related articles
The Internet is a public network, and therefore a device connected directly to the Internet has a public IP address. Those IP addresses must be administered by someone in such way that two devices connected to the public network don't use the same IP address or that two networks don't have the same network address. This job was done by InterNIC (Internet Network Information Center), which has been succeeded by IANA (Internet Assigned Numbers Authority). IANA makes sure to provide unique IP network addresses to Internet Service Provide...
2. Linux Security Threats
Creating firewalls may block some malicious attempts on your network, but this step is far from running an entirely secure network. As a network administrator or security consultant, to design a proper firewall for your network you need to know what you defend your network from. We cannot fully discuss this topic, even in 1000 pages, but we want to explain some principles that you should consider in running a safe network. As hard as it may seem to protect your network from the outside world, the most dangerous threats always come f...
3. IP Spoofing
An attacker might spoof a trusted IP address when communicating to a host in order to gain unauthorized access on that host. There are a variety of tools that can be found on the Internet to do IP spoofing. Using IP spoofing, attackers can also initiate Denial of Service by sending data with the source IP spoofed to the attacked IP address. The receiver then sends back replies that can contain large amounts of data to the attacked IP address resulting in...
4. BIND Domain Name System DNS
BIND (Berkley Internet Name Domain) is the most used DNS server on the Internet. Nowadays, every Linux distribution has a BIND package for DNS services. The problem with BIND and any DNS server is that in order to be able to translate names into IP addresses it has to communicate with a whole lot of other DNS servers, and so, filtering DNS packets is not possible. DNS services are vital for internet connection; so in order to disrupt services to victims, attackers have a great interest in bringing down DNS servers. Although BIN...
5. Simple Network Management Protocol SNMP
These days, most network devices use SNMP for remote monitoring and configuration. SNMP is a simple protocol used usually to create monitoring software that can retrieve information such as network traffic, CPU load, disk load, etc., and also to modify configuration of devices such as wireless equipment, broadband routers, etc. Most SNMP implementations on those kinds of network devices use version 1 or version 2, which have a very weak authentication method. SNMP version 1 contains a set of bugs in the way SNMP traps and reques...
6. Firewalls, netfilter/iptables
The two things needed to build firewalls and Quality of Service (QoS) with Linux are two packages named netfilter and iproute. While netfilter is a packet filtering framework included in the Linux kernels 2.4 and 2.6, iproute is a package containing a few utilities that allow Linux users to do advanced routing and traffic shaping. This article is intended to introduce the tools we will use throughout this article. However, netfilter ...
7. Iptables Target Specifications in Linux
For the filter table, the most used targets for firewall rules are DROP and ACCEPT. If a rule matches the filtering specifications and has a DROP target, the packet will simply be discarded. If a packet matches a rule with a DROP target, the Linux kernel will drop the packet without consulting other rules in the firewall. If the target is ACCEPT, then the packet is accepted without further consultation of other firewall rules. An alternative to DROP is the REJECT target, which drops the packet but sends an ICMP packet to the sou...
8. A Basic Firewall Script, Linux as a Workstation
So far, we've learned mostly about the usage of iptables filtering options. I will now build up a small firewall script that I think should be default when installing any Linux distribution. By default, all Linux distributions have the default policy ACCEPT on all filter chains. Also, on a default installation, most Linux distributions leave a lot of services running. If you install an old Linux distribution and decide to go for lunch after you have just booted up without any firewall and with a public IP address, good chances a...
9. NAT and Packet Mangling with iptables
In the first part of this article we will learn how to perform Network Address Translation (NAT) and Port Address Translation (PAT), also referred to as Network Address and Port Translation (NAPT), with iptables. After that, we will learn what packet mangling is and how to mangle packets. A Short Introduction to NAT and PAT (NAPT) According to the way TCP/IP works, in order for hosts to communicate on the Internet, each must have a unique IP address. However, due to the shortage of public IP ad...
10. SNAT with iptables
So far, we discussed general NAT principles, NAT types, and what every sort of NAT does. netfilter/iptables can be used to perform NAT in any of the ways that we discussed. Actually, there are many things that you can do with iptables in this area and we will try to cover as much as possible in this article. Before we get there, let's see what we need to be able to successfully perform NAT on Linux. Setting Up the Kernel Usually, every Linux distribution comes with a kernel compiled with netfi...