Understanding CIDR Subnet Mask Notation¶
pfSense® software uses CIDR (Classless Inter-Domain Routing) notation rather
than the common subnet mask 255.x.x.x when configuring addresses and
networks. Refer to the CIDR Subnet Table to find the CIDR
equivalent of a decimal subnet mask.
Subnet Mask |
CIDR Prefix |
Total IP Addresses |
Usable IP Addresses |
Number of /24 networks |
|---|---|---|---|---|
255.255.255.255 |
/32 |
1 |
1 |
1/256th |
255.255.255.254 |
/31 |
2 |
2* |
1/128th |
255.255.255.252 |
/30 |
4 |
2 |
1/64th |
255.255.255.248 |
/29 |
8 |
6 |
1/32nd |
255.255.255.240 |
/28 |
16 |
14 |
1/16th |
255.255.255.224 |
/27 |
32 |
30 |
1/8th |
255.255.255.192 |
/26 |
64 |
62 |
1/4th |
255.255.255.128 |
/25 |
128 |
126 |
1 half |
255.255.255.0 |
/24 |
256 |
254 |
1 |
255.255.254.0 |
/23 |
512 |
510 |
2 |
255.255.252.0 |
/22 |
1024 |
1022 |
4 |
255.255.248.0 |
/21 |
2048 |
2046 |
8 |
255.255.240.0 |
/20 |
4096 |
4094 |
16 |
255.255.224.0 |
/19 |
8192 |
8190 |
32 |
255.255.192.0 |
/18 |
16,384 |
16,382 |
64 |
255.255.128.0 |
/17 |
32,768 |
32,766 |
128 |
255.255.0.0 |
/16 |
65,536 |
65,534 |
256 |
255.254.0.0 |
/15 |
131,072 |
131,070 |
512 |
255.252.0.0 |
/14 |
262,144 |
262,142 |
1024 |
255.248.0.0 |
/13 |
524,288 |
524,286 |
2048 |
255.240.0.0 |
/12 |
1,048,576 |
1,048,574 |
4096 |
255.224.0.0 |
/11 |
2,097,152 |
2,097,150 |
8192 |
255.192.0.0 |
/10 |
4,194,304 |
4,194,302 |
16,384 |
255.128.0.0 |
/9 |
8,388,608 |
8,388,606 |
32,768 |
255.0.0.0 |
/8 |
16,777,216 |
16,777,214 |
65,536 |
254.0.0.0 |
/7 |
33,554,432 |
33,554,430 |
131,072 |
252.0.0.0 |
/6 |
67,108,864 |
67,108,862 |
262,144 |
248.0.0.0 |
/5 |
134,217,728 |
134,217,726 |
524,288 |
240.0.0.0 |
/4 |
268,435,456 |
268,435,454 |
1,048,576 |
224.0.0.0 |
/3 |
536,870,912 |
536,870,910 |
2,097,152 |
192.0.0.0 |
/2 |
1,073,741,824 |
1,073,741,822 |
4,194,304 |
128.0.0.0 |
/1 |
2,147,483,648 |
2,147,483,646 |
8,388,608 |
0.0.0.0 |
/0 |
4,294,967,296 |
4,294,967,294 |
16,777,216 |
Note
The use of /31 networks is a special case defined by RFC 3021 where
the two IP addresses in the subnet are usable for point-to-point links to
conserve IPv4 address space. Not all operating systems are compatible with
RFC 3021, so use it with caution. On systems that are not compatible with
RFC 3021, the subnet is unusable because the only two addresses defined by
the subnet mask are the null route and broadcast and no usable host
addresses.
pfSense software is capable of using /31 networks for interfaces and
Virtual IP addresses.
Where do CIDR numbers come from?¶
The CIDR number comes from the number of ones in the subnet mask when converted to binary.
The subnet mask 255.255.255.0 is 11111111.11111111.11111111.00000000 in
binary. This adds up to 24 consecutive ones, or /24 (pronounced “slash
twenty-four”).
A subnet mask of 255.255.255.192 is 11111111.11111111.11111111.11000000
in binary, or 26 ones, hence /26.