The CIDR House Rules

An Illustrated Guide to CIDR

Mar 22, 2025

Hello AWS adventurer, and welcome back to Chapter 3! So far we have learned about VPCs, internet gateways, and subnets. We have learned that a VPC is our own private network on AWS. We have learned that we need to create instances inside subnets. And finally, we have learned that to connect our servers to the internet, we need to connect our subnet to an internet gateway.

Hands connecting two blocks labeled subnet and IGW

In order to connect our subnet to an internet gateway, we need to use a route table. And to use a route table, we need to know about CIDR notation. So this chapter is about CIDR notation.

What is CIDR notation? Well, to recap, this is an IP address

Instead of a single address, CIDR notation lets you specify a range of IP addresses.

This particular notation is equivalent to saying

Let's dig into what this notation means. In an IP address, you have four numbers. Each number is 8 bits, so it can be a number from 0 to 255

image showing that each number is 8 bits, so it can be a number from 0 to 255

Lets look at the CIDR range 175.88.0.0/16. The 16 means the first 16 bits are fixed, which means the last 16 bits can change.

You can equivalently say this as the last two numbers can change,

or replace the last two numbers with x's,

or say this range

All of those are the same.

That /16 is called a CIDR suffix.

Here's another example

175.88.0.0/30 means first 30 bits are fixed, 2 can change

This is a /30, so the first 30 bits are fixed, and the last two can change. Note that it's convention that the numbers that can change are written as zeros, but you don't need to.

And, of course, when using CIDR notation, the last number can be a zero as well

In that case, we're talking about all IP addresses. This is more commonly written like this

You may see this notation in a route table. For example, if you have a route table where a connection to any IP address gets routed to an internet gateway, you would write it like that

If the final destination is any IP address (0.0.0.0/0), route it to the internet gateway (IGW)

(We'll talk about route tables in the next chapter, so don't worry if you don't understand this image).

VPC CIDR Ranges

BTW, each VPC you create will have a CIDR range. That means it's assigned a range of IP addresses, and the resources within that VPC have IP addresses that are somewhere in that range. For example, say the range for this VPC is 172.98.0.1 to 172.98.255.254. Any resource in this VPC will have an IP address somewhere in that range. That means that every resource in this VPC will have an IP address that starts with 172.98.

Subnets have their own CIDR ranges, and since each subnet is inside a VPC, its CIDR range is within the VPC's CIDR range.

For example:

VPC: 10.20.0.0/16, subnet = 10.20.0.0/24

Notice the /24 is a smaller range than the /16, even though the number is bigger.

That's all there is to it! Explanations for CIDR notation can get complicated, but at its heart, we just use it to specify a range of IP addresses.

In the next chapter, we will learn more about route tables. We’re about halfway through our journey, at the end of which, we will be able to connect an EC2 instance to the internet. Yes, it’s a long journey. But I'm glad to be with you, Samwise Gamgee.

Summary

CIDR notation lets you specify a range of IP addresses. Each number is 8 bits. The bigger the suffix, the smaller the range

CIDR notation lets you specify a range of IP addresses.
Each number is 8 bits.
The bigger the suffix, the smaller the range.

Chapter 4: Route tables