Tablet Talk: Learn the Basics of CIDR and Netmasks in Ten Minutes


Tablet Talk
The Basics of CIDR and Netmasks

In this Tablet Talk, Will goes over CIDR notation, netmasks, and a little bit of binary. Listen in if you would like a better understanding of what something like means when you see it within your VPCs, subnets, and route tables.

Learning Objectives

  • Learn how to break up an IP address from decimal into binary
  • Understand how the netmask affects the number of available IP addresses

Intended Audience

This course is intended for anyone looking to get an understanding of CIDR and Netmasks.


An open mind!


Hello, everybody, I'm Will Meadows, and I'm here to talk to you, this is me. I'm here to talk to you about CIDR. And I'm bringing this up because I find a lot of people don't necessarily know how CIDR works or what a CIDR block is necessarily, or they just need some fiddling and understanding with the background of what it is. So that's what we're here to do today.

So if you give me just a couple minutes of your time here, we'll give you some cool history. We'll talk about binary. We'll talk about some bit masking stuff. And then we'll kind of have a loose understanding of what's happening behind the scenes with CIDR blocks. All right, well, how about we get started?

So let's talk about what CIDR even means. It means Classless Inter Domain Routing. Classless, why do we care about classless? What does that even? Well, you see, back in the ancient days of 1993, CIDR became an industry standard. Before then, everything used to have a class. In fact, there were five classes. There were these five boxes, and if you didn't fit in one of these five boxes, you weren't considered a real IP address. Nobody liked you.

So we had class A, class B, class C, class D, and class E. These guys over here were everyone's favorite. Well, they're my favorite. They're for unicast addresses. Basically, things that have one bad boy that talks to another bad boy. Over here in these bad boys, we had multicast. And it's one bad boy would pick up a bullhorn and just, here you go, here's your cool little bullhorn, and be like and talk to all these people at once. So it was a one-to-many relationship kind of thing. And the distinction between these five classes, well, at least this side and this side, was based on the first four bits. Here's some bits, zeros and ones. These could be zeros or ones of an IP address. And that was from 1981 to 1993.

Some more stuff happened in between and they eventually got to use six bits, ooh. But eventually, people determined that this was a horrible way to set things up for the future. In fact, here's what an example architecture used to look like for the internet back in the day. And this is a map of the prototype internet in 1982 showing, and I quote, eight-bit-numbered network ovals only interconnected by routers, the rectangles. Ooh, spooky. Anyways, we don't do this anymore, but I thought it'd be fun to talk about.

These days, we have CIDR, yay. And it doesn't worry about classes or anything. So that's good. So CIDR, where have you heard this before? Or CIDR blocks? Where are they relevant? Well, we've all seen these types of IP addresses before. 192.168. ugh, stuff, and then we have And then the last one you might've seen around block, And these are some generic IP address-type things that you might've seen associated with the VPC. You might've seen it with a subnet. You might've seen it in a route table. And the part we're talking about, which is the CIDR-y block part is the part that's always here on the end. 'Cause these always had like a slash associated with them. This might be like a /16, maybe it's a /24, maybe it's a /28, who knows? We're being risky. And this is the part, these guys right here, that I wanna kind of discuss.

What does that number even mean in relationship to this IP address? Well, these numbers back here, this /28 is how many bits of this IP address must match. And you might ask, match what? Well, to really dig into that, we first need to understand that this number right here, this IP address is bin decimal-fied. It's been made human-readable. At its core, it's actually a series of zeros and ones.

So how about we turn this number into binary? And that'll help us explain a little bit more of what's happening behind the scenes. So let's put this number up here, which is just, and let's convert it into binary. So this is decimal. I'm gonna put the binary over here.

So in binary, we started to do a little bit of a conversion. We only have a couple spaces to deal with. We have a zero and we have a one. And decimal, you have zero, you have one, you have two, you have three, you have four. You have all that good stuff.

So how do we convert the number, I don't know, let's say 10, into zeros and ones? I mean, this one's kind of a joke. It's already one and a zero, but let's take a look at it. Well, let's first break this up into these parts. So there's a reason there is a dot here. And this dot is denoting the separation of bytes or an octet of bits. Each of these has one, two, three, four, five, six, seven, eight zeroes in between each of these little dots. Here we go.

There's more, pretend I've got room for more. And if we wanna make this first one here into binary, we have to find the tenths place of all of these zeros. So the first spot of any byte, this first bit is always the ones place. And the second spot is always the two's place. The next one is the four, and then we have an eight, and then we have a 16 and so on, until this last one, which is 128.

So if we were looking to make a 10 out of all of this, what would we have to add up? Well, we might need one eight and we might need one two. And that would be 10. So to get our 10 in binary, we just sort of like mix and match the numbers we need. And there we go, we have it. That's our first 10 up here. And all the other ones are just all zeros, since that's just nothing, right? So let's put that down. And then there's more zeros, trailing zeros. And there you have it. That is this address set up in binary.

Well, that's cool. So we now know how to convert into its actual binary representation, but that doesn't necessarily answer the question of what this is, this /28. Let's just take that to the next page, and I'll show you what that means.

All right, after many zeros later, we have that same IP address written out in its full glory. And then back here on this other side, we have our /28. This 28 is realistically written as binary as well, but I'm gonna leave it as 28 so you can understand what we're talking about. So when we put a /28, what that's saying here, this CIDR block is that I want the first 28 of these bits to match for any incoming IP address for it to continue forward. So what does that give us?

So this is to eight, this is to 16, this is to 24, so this is 25, 26, 27, 28. So what that means is, if we have an IP address that comes in to a route table, and we have some sort of CIDR block set up that's helping to route IP addresses and traffic to their correct location, which in our situation is, that means the first 28 bits of whatever IP address must match this thing right here in order to continue forward. So for example, if came through, let's see what that would look like in its full form. And let's see if it matches up to this line.

All right, and so that's this IP address right here. So let's see how well it matches. We're gonna drag it down here. And if you look, our new incoming IP address, this matches no problem all the way up to that 28th spot right there that it's asking for. And so since it does, it completes that mask, it's allowed to go forward to whatever you wanted to route it to.

Let's say we didn't get a one here as our last bit of this IP address, this last byte, excuse me. What if it was, I don't know, 200, right? A really big number. So in order to make that in binary, this last little number is gonna change. So let's just do this conversion real quick to see what this number would be. So remember, this is the ones, two, four, eight, 16, 32, 64, 128.

So we're definitely gonna need a 128. We're probably gonna need a 64. And then we can't afford a 32, we can't afford a 16, ah, but we want our eight and then all the rest are zeros. So if we substitute this end for down here, one, one, zero, zero, one, zero, zero, zero, this series of numbers no longer matches. Like we have a conflict now right here. These two aren't matching, even though all of this matches just fine.

So since those don't match, it gets kicked out and won't get to proceed forward. And everything that's on this side can be whatever it wants. This could be any number of series. We're not looking for anything past the 28th spot. If we wanted to look past the 28th spot, we would tell it. We'd say we want everything to match up to the 29th spot, and then it would also check to here.

So I think you can tell what this also means is as you start increasing this number over here higher, you know, 28, 29, 30, you start limiting the total number of available IP addresses. And in fact, that's something that's very important to check for when you're making your subnets is, did you allow enough room back here for various combinations of IP addresses? Because again, only having three bits to play with isn't very much. Is it gonna be sufficient for your architecture or in your network topology, because with a /29, that leaves us with just with three zeros to play with. And well, that's a four, a two, and a one. So that's, there's seven total numbers here plus the zero, which is just one more, that's only eight possible IP addresses. And in the end, Amazon needs three of those, so that brings you down to five, and you can't actually use the all zeroes and you can't use the all ones, 'cause those are reserved as well. So that really brings you down to three, ugh.

Anyways, I just wanted to cover this introductory lesson onto what this part of the IP addresses you keep seeing everywhere means. And it's part of CIDR and it's a part of bit masking. That's a part of making good subnets. And turning the limit down, the possible number of IP addresses that are available to go into your network, which helps with security. There's a lot of other good talks on the website for you to go check out, and in fact, I will link to one here, that can go into a deeper dive of how to do your CIDR blocks and how to do your subnets and all that goodness.

Well, hope you enjoyed this tablet talk. Again, I'm Will Meadows, I'm this guy. Thank you so much for watching, bye.

About the Author

William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.

Covered Topics