Classless Inter Domain Routing (CIDR) cheatsheet for IP Addresses

If you’re configuring your cloud VPC (Virtual Private Cloud) resources on AWS, DigitalOcean, or Linode, you’re likely to be asked for IPv4 addresses in the form of CIDR (Classless Inter Domain Routing) notion.

You might be using this IP address to configure security groups, access control lists, setting up VPNs (virtual private networks), or even firewall rules. The funny thing is, you might be opening a firewall rule for a specific machine with a single IP address, say 192.168.100.200. But why does the input field refuse to accept this IP address, and asks for a extra characters behind this IP address? What the heck is a CIDR notation in cloud networks?

CIDR Cheatsheet

The /x suffix indicates the number of leading binary bits to be a fixed matched on an IPv4 address.

As you’re here looking for answers, let’s get to the point right away to what you need to configure your servers, then come back here for more explaination in the later parts of this page.

SINGLE IP address restriction— use the /32 suffix. For example, to specify IP address 10.10.5.10 access on a resource, input the CIDR notation as 10.10.5.10/32. Actions will be applied only to this IP address.

No restrictions — use 0.0.0.0/0. For example, to allow ALL machines on the internet to access a machine on a firewall rule, set ACCEPT from 0.0.0.0/0.

Ranged restrictions —If you have a subnet 192.168.20.0 to indicate ANY IP addresses in the network, then use 192.168.20.0/24. This indicates 256 IP addresses from 192.168.20.0 to 192.168.20.255.

Similarly, 192.168.0.0/16 indicates IP addresses from 192.168.1.0 to 192.168.255.255.

192.0.0.0/8 indicates IP addresses from 192.1.0.0 to 192.255.255.255.

Again, this is just a cheatsheet to quickly refer to and get an idea how to update your CIDR IPv4 address notions as required.

How does CIDR work?

Using CIDR notation 10.10.101.0/24, for instance, would allow ip addresses 10.10.101.1 thru 10.10.101.255 access.

The /24 denotes the first 24 binary characters be a fixed match.

Hardware routers or virtual network gateways use a destination address to route packets to. In terms of cloud computing, this routed traffic will pass through an Access Control List and need to meet security group requirements typically using a CIDR IP address range to restrict access to only traffic that is authorized to communicate with the resources being requested.

CIDR is the routing system used on the internet backbone, the principle data routes between major interconnected networks which forms the core of the internet. Every ISP uses it and CIDR is support by the Border Gateway Protocol (BGP) and the Open Shortest Path First (OSPF) gateway protocol.