What is CIDR in Networking? How Subnetting and VLSM Actually Work in Real Networks

Posted on by admin

When people first learn networking, subnetting often feels like a math puzzle.

You learn how to calculate network IDs, broadcast addresses, and host ranges. You memorize subnet masks like 255.255.255.0 and learn tricks like block sizes and magic numbers.

But sooner or later, a very reasonable question appears:

Why do we even do subnetting in the real world?

Most enterprise networks today use private IP addresses, not public ones. Internal devices sit behind NAT and communicate with the internet through a small number of public IP addresses.

So if most devices inside a company are using private addresses anyway, why do network engineers still care so much about subnetting?

To understand that, we need to go back to a major turning point in networking history: the invention of CIDR (Classless Inter-Domain Routing).

CIDR fundamentally changed how IP addresses are allocated and routed across the internet. It also made modern subnetting and variable-length subnet masking (VLSM) possible.

Once you understand CIDR, the purpose of subnetting becomes much clearer.

What is CIDR in Networking?

CIDR stands for Classless Inter-Domain Routing.

It is a method of allocating IP addresses and routing internet traffic that replaced the old class-based addressing system used in early IPv4 networking.

CIDR was introduced in 1993 as a solution to two major problems:

  1. IPv4 address exhaustion
  2. Large and inefficient internet routing tables

Before CIDR existed, the internet used a system called classful addressing.

IP addresses were divided into fixed classes.

These were:

Class A
Class B
Class C

Each class had a predefined subnet mask and host capacity.

For example:

Class A networks used a subnet mask of:

255.0.0.0

This allowed more than 16 million hosts on a single network.

Class B networks used:

255.255.0.0

This allowed about 65,000 hosts.

Class C networks used:

255.255.255.0

This allowed 254 hosts.

At first, this system seemed simple and easy to manage.

But as the internet grew rapidly in the early 1990s, serious problems started to appear.

The Problem with Classful Addressing

The biggest problem with classful addressing was wasted IP addresses.

Organizations often received networks that were far larger than they actually needed.

For example, imagine a company that needed 500 IP addresses.

A Class C network would only provide 254 hosts, which would not be enough.

The next option would be a Class B network, which allowed over 65,000 hosts.

This meant more than 64,000 addresses would go unused.

Across thousands of organizations, this waste began consuming the IPv4 address space much faster than expected.

Another major problem was happening inside internet routers.

Every network had to be individually listed in routing tables.

As more networks were created, internet routing tables grew dramatically.

Routers had to track massive numbers of routes, which made the internet harder to scale.

Something had to change.

That change came in the form of CIDR.

How CIDR Changed IP Addressing

CIDR removed the rigid class system and replaced it with prefix-based addressing.

Instead of Class A, B, or C networks, networks could now be defined using prefix lengths, written with slash notation.

For example:

192.168.1.0/24

The /24 means that the first 24 bits represent the network portion of the address.

The remaining bits are used for hosts.

This format allows networks to be sized much more precisely.

Instead of assigning huge blocks like Class A or Class B networks, internet registries could allocate address blocks such as:

/20
/21
/22
/23
/27
/29

Each prefix length determines how many hosts are available.

For example:

/24 provides 256 addresses
/25 provides 128 addresses
/26 provides 64 addresses
/27 provides 32 addresses

This flexibility allowed organizations to receive address blocks closely matched to their real needs, dramatically reducing wasted IPv4 space.

CIDR also enabled route aggregation, sometimes called route summarization.

This allows multiple networks to be grouped into a single routing entry.

For example:

Instead of listing:

203.0.113.0/24
203.0.114.0/24
203.0.115.0/24
203.0.116.0/24

Routers could advertise:

203.0.112.0/20

This significantly reduced routing table size across the internet.

How CIDR Connects to Subnetting

CIDR is what made modern subnetting possible.

Subnetting is the process of dividing a larger IP network into smaller networks.

With CIDR, network engineers can divide address blocks into nearly any size needed.

For example, suppose a company owns this private network:

10.0.0.0/16

That network contains 65,536 IP addresses.

Using subnetting, it can be divided into smaller blocks like this:

10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24

Each of those subnets contains 254 usable hosts.

But subnetting can also create larger or smaller networks depending on requirements.

For example:

10.0.0.0/23
10.0.2.0/23
10.0.4.0/23

Or even very small networks.

This flexibility allows network engineers to design networks that are both efficient and scalable.

Understanding Subnet Blocks (.0, .32, .64 Example)

A common subnetting pattern you might see involves block sizes like:

.0
.32
.64
.96

These numbers represent the network IDs of each subnet.

For example, suppose we subnet:

192.168.1.0/27

A /27 subnet creates blocks of 32 addresses.

This means the subnet network IDs will increase by 32 each time.

The networks would look like this:

192.168.1.0 /27
192.168.1.32 /27
192.168.1.64 /27
192.168.1.96 /27
192.168.1.128 /27
192.168.1.160 /27
192.168.1.192 /27
192.168.1.224 /27

Each subnet contains:

32 total addresses
30 usable host addresses

These blocks are commonly used when allocating networks to different departments or locations.

For example:

Office A
192.168.1.0/27

Office B
192.168.1.32/27

Office C
192.168.1.64/27

Each office receives its own subnet while still belonging to the same larger network.

Subnetting Across Multiple Offices

Many organizations have multiple office locations connected through:

site-to-site VPNs
MPLS WAN connections
SD-WAN networks

Each location typically receives its own subnet.

For example:

New York Office
10.1.10.0/24

Chicago Office
10.1.20.0/24

Dallas Office
10.1.30.0/24

Routers use these subnet identifiers to determine where traffic should be sent.

Even if the offices are connected through a VPN tunnel, they still operate as separate subnets.

Routing is what allows traffic to move between them.

This design also allows companies to easily add new locations without redesigning their entire network.

Subnetting Inside a Single Office

Subnetting is also extremely common within a single building.

Different departments often use different subnets.

For example:

Engineering Network
10.0.10.0/24

Finance Network
10.0.20.0/24

Guest WiFi Network
10.0.30.0/24

Server Network
10.0.40.0/24

This segmentation improves both security and performance.

Broadcast traffic stays within each subnet instead of flooding the entire network.

Firewalls and routers can also apply security policies between subnets.

For example, guest WiFi might be blocked from accessing internal servers.

Subnetting Public IP Addresses

Subnetting is not limited to private networks.

Organizations that receive blocks of public IP addresses often subnet those addresses as well.

For example, a hosting provider might receive:

203.0.113.0/24

They could divide this network into smaller blocks for different customers.

For example:

Customer A
203.0.113.0/28

Customer B
203.0.113.16/28

Customer C
203.0.113.32/28

This allows multiple services or organizations to share a larger public address allocation.

Private IP Addresses and NAT

Most devices in modern networks use private IP addresses.

These addresses are defined in RFC 1918 and include three major ranges.

10.0.0.0/8

172.16.0.0 – 172.31.255.255

192.168.0.0/16

Private addresses cannot be routed on the public internet.

Instead, devices access the internet using Network Address Translation (NAT).

A router translates internal private addresses into one or more public addresses before sending traffic out to the internet.

Even though NAT hides internal addresses, subnetting is still critical for organizing the internal network.

What is Variable Length Subnet Masking (VLSM)?

Variable Length Subnet Masking allows networks to use different subnet sizes within the same address block.

This prevents wasted address space.

For example, suppose an organization owns:

10.0.0.0/24

Instead of creating multiple /26 subnets, they might allocate networks like this:

Engineering Department (120 hosts)

10.0.0.0/25

Small Branch Office (30 hosts)

10.0.0.128/27

Point-to-Point Router Link

10.0.0.160/30

Each subnet is sized according to the number of devices it needs to support.

Without VLSM, all subnets would need to be the same size.

That would waste large numbers of IP addresses.

Why Subnetting is Still a Core Networking Skill

Even as cloud computing and software-defined networking grow, subnetting remains a fundamental skill for network engineers.

Subnetting is used in:

enterprise network design
cloud networks (AWS VPCs, Azure VNets)
data center architecture
VPN network planning
routing design
network security segmentation

Understanding subnetting allows engineers to build networks that are organized, scalable, and efficient.

And all of that traces back to the introduction of CIDR, which transformed how the internet allocates and routes IP addresses.