Convert CIDR notation to first and last IP addresses, total host count, and subnet mask. Supports all IPv4 prefixes.
CIDR (Classless Inter-Domain Routing) notation compactly represents an IP address range as a base address and prefix length: for example, 192.168.1.0/24 represents the 256 addresses from 192.168.1.0 to 192.168.1.255. This calculator expands any CIDR block to show the full IP range.
Converting CIDR to IP ranges is essential for configuring firewalls, security groups, access control lists, and network monitoring tools that accept IP ranges. It is also useful for verifying that a specific IP is within a given CIDR block.
This calculator supports all IPv4 prefixes from /0 (the entire IPv4 space) to /32 (a single host). It computes the network address (first IP), broadcast address (last IP), and all usable addresses in between.
Precise measurement of this value supports informed infrastructure decisions and helps engineering teams optimize system architecture for both performance and cost efficiency. Quantifying this parameter enables systematic comparison across environments, deployments, and time periods, revealing optimization opportunities that improve both performance and cost-effectiveness.
Firewall rules, security groups, and ACLs often require explicit IP ranges. This calculator instantly converts CIDR notation to the corresponding first and last IP addresses. Having accurate metrics readily available streamlines incident postmortems, architecture reviews, and technology roadmap discussions with engineering leadership and product teams. Consistent measurement creates a reliable baseline for tracking system health over time and identifying degradation before it impacts users or triggers costly production outages.
Network Address = IP AND subnet_mask Broadcast = Network Address OR (~subnet_mask) First Usable = Network + 1 Last Usable = Broadcast − 1 Total = 2^(32 − prefix)
Result: Range: 10.0.0.0 – 10.0.15.255 (4,096 addresses)
A /20 has 12 host bits: 2^12 = 4,096 addresses. The network address 10.0.0.0 with mask 255.255.240.0 spans to 10.0.15.255. This is a common VPC subnet size in AWS for large auto-scaling groups.
CIDR replaced the old classful addressing system (Class A, B, C) with flexible prefix lengths. This enables more efficient IP address allocation and more granular routing. Modern networking relies entirely on CIDR for address management.
Cloud VPCs are defined by CIDR blocks. When creating a VPC, you specify a primary CIDR (e.g., 10.0.0.0/16). Subnets within the VPC use smaller CIDRs (e.g., 10.0.1.0/24). Security groups and NACLs use CIDR for source/destination filtering.
RFC 1918 defines three private ranges: 10.0.0.0/8 (16M addresses), 172.16.0.0/12 (1M addresses), and 192.168.0.0/16 (65K addresses). Use these for internal networks. Cloud providers also offer 100.64.0.0/10 (Carrier-Grade NAT) for some internal services.
0.0.0.0/0 represents all IPv4 addresses (the entire internet). It's commonly used as the default route in routing tables and as a catch-all in firewall rules. Never use /0 in allow rules for sensitive resources.
Apply the subnet mask to both the CIDR base address and the target IP using bitwise AND. If the results match, the IP is in the block. For example, 10.0.5.100 AND 255.255.240.0 = 10.0.0.0, matching 10.0.0.0/20.
10.0.0.0/16 fully contains 10.0.1.0/24. Overlapping CIDRs cause routing ambiguity. Most cloud providers reject overlapping subnets within a VPC. When planning, map all subnets to verify non-overlap.
AWS VPCs support /16 (65,536 IPs) to /28 (16 IPs). Subnets within VPCs also follow this range. Other clouds have similar constraints. Always check provider documentation for current limits.
CIDR aggregation (supernetting) combines adjacent blocks into a larger block. For example, 10.0.0.0/24 and 10.0.1.0/24 can aggregate to 10.0.0.0/23. This reduces routing table entries and simplifies firewall rules.
Variable Length Subnet Masking (VLSM) allows different subnets to use different prefix lengths within the same network. Instead of uniform /24 subnets, you might use /28 for a small subnet and /20 for a large one, using address space more efficiently.