CIDR §

10.0.0.0/21 §

if you are given a CIDR block like the following: 10.0.0.0/21, what does it mean?

‘21’ means the first 21 digits (from left to right) are masked, as shown in the following diagram, it means those digits (left part) represent the ‘network’ part, and the remaining digits (right part) represents the ‘host’ part

00001010 | 00000000 | 00000  000 | 00000000 

the tricky part is the third octet, which has 5 digits in network part and 3 digits in host part. at this moment you know the network is roughly divided into the following

[1: network] | [2: network] | [3: some network, some host] | [4: host]

Let’s focus on the host part, in the last group, we know it includes 2^8 = 256 IPs, but since we count from 0, so the the host IP range is 0 - 255

in the third group, we also know the host part includes 2^3 = 8 iPs, again we count from 0, so the host IP range is 0 - 7

So to answer the initial question, for the given CIDR block 10.0.0.0/21, IPs from 10.0.0.0 - 10.0.7.255 is within the same subnet.

Any other IPs will be in a different network.

Note: The CIDR notion of 10.0.1.0/21 - 10.0.7.255/21 is weird and they should be represented by 10.0.0.0/21 because they are within the same subnet.

10.0.8.0/21 §

If we keep the subnet mask unchanged (e.g. still using ‘21’ as the subnet mask), the next subnet would look like the following (note the ‘1’ in the third octet)

00001010 | 00000000 | 00001  000 | 00000000 

So the 10-based representation would be 10.0.8.0/21, and its range is 10.0.8.0 - 10.0.15.255

And the next subnet would be

00001010 | 00000000 | 00010  000 | 00000000 

The representation would be 10.0.16.0/21, and its range is 10.0.16.0 - 10.0.23.255

And so on…

What if the subnet mask is different? §

Note you can use different subnet mask to “divide” the IPs into subnets with different length. For example, the following is totally valid:

10.0.0.0/24 - Public Subnet for Web Servers (10.0.0.0 - 10.0.0.255 256 IPs)
10.0.1.0/25 - Private Subnet for API Servers (10.0.1.0 - 10.0.1.127 128 IPs)
10.0.1.128/26 - Database Subnet for DBs (10.0.1.128 - 10.0.1.191 64 IPs)
10.0.1.192/26 - Spare Subnet (10.0.1.192 - 10.0.1.255 64 IPs)

Another example §

For CIDR 10.0.0.0/28, it looks like the following

00001010 | 00000000 | 00000000 | 0000  0000

So for this specific subnet, it can only contain 16 hosts (10.0.0.0 - 10.0.0.15)

Of course you can have another CIDR block like 10.0.0.16/28 (10.0.0.16 - 10.0.0.31)