Nexkits Nexkits Wiki
Back to Wiki Network ยท Term Explanation

What Are CIDR and Subnet Masks?

CIDR uses notation such as `192.168.1.0/24` to represent an IP range. The number after the slash is the network prefix length.

One-line Explanation

CIDR is a compact way to describe an IP address range, where `/24` or `/16` controls how many addresses are included.

When You See It

  • When configuring cloud security groups, firewall allowlists, trusted proxies, or database access.
  • When planning private networks, VPNs, container networks, or office subnets.
  • When checking whether an IP address belongs to a certain network range.

How It Works

An IPv4 address has 32 bits. The CIDR number tells how many leading bits are the network part.

`/24` means the first 24 bits are fixed and the last 8 can vary, usually covering 256 addresses.

A subnet mask is another representation. `/24` corresponds to `255.255.255.0`.

Examples

Common private subnet

This usually covers 192.168.1.0 through 192.168.1.255.

192.168.1.0/24

Common Misunderstandings

  • Not every address in a range is always usable by hosts; network and broadcast addresses can have special roles.
  • `/32` means a single IPv4 address, not a large subnet.
  • Do not use overly broad CIDR ranges in public allowlists unless you really intend to expose that range.

FAQ

Is /24 the same as 255.255.255.0?

For IPv4, yes in common usage. `/24` is the prefix length and `255.255.255.0` is the matching subnet mask.

Does a smaller CIDR number mean a larger range?

Yes. `/16` covers more addresses than `/24`, and `/8` covers more than `/16`.

Should I use a single IP or a CIDR in allowlists?

Use `x.x.x.x/32` for one fixed IPv4 address. Use a broader CIDR only when you need a full range.