Quick guide on CIDR notation and Public and Private IP addresses

CIDR stands for Classless Inter-Domain Routing. It is a method used to allocate IP addresses and route IP packets on the Internet. CIDR introduced a new way of representation for IP addresses, known as the CIDR notation, which replaces the older system based on classes (Class A, Class B, Class C, etc.).

CIDR notation is represented as: <IP Address>/<Prefix Length>

  • IP Address is the network address.

  • Prefix Length indicates the number of contiguous network bits set to '1', which, in turn, tells you which portion of the IP address is the network and which part can be used for hosts (devices).



    • This is a very common CIDR block, especially in home networks.

    • The /24 indicates the first 24 bits are the network bits. It means there are 256 IP addresses in this block, ranging from to

    • Here, is the network address, and is the broadcast address. So the usable IP addresses for hosts are from to


    • This is a larger block often seen in bigger networks (e.g. AWS VPC) or corporate settings.

    • The /16 indicates that the first 16 bits are the network bits. This provides 65,536 IP addresses, from to

    • is the network address and is the broadcast address. So the usable IP addresses are from to


    • Here, the prefix length is /28. This means the block has 2^(32-28) = 16 IP addresses.

    • They range from to

    • is the network address and is the broadcast address. The usable IP addresses are from to

Benefits of CIDR:

  1. More Efficient Use of IP Addresses: With CIDR, network addresses can be allocated based on actual need rather than a fixed class system. This reduces wastage of IP addresses.

  2. Aggregation/Supernetting: Multiple routes on the Internet can be represented as a single, aggregate route, which helps reduce the size of routing tables.

  3. Flexibility: CIDR allows network administrators to work with variable-length blocks of IP addresses, enabling more granular control over network resources.

Remember, as the prefix length increases, the number of available hosts decreases but the number of potential subnets increases. The opposite is also true: as the prefix length decreases, the number of available hosts in each subnet increases, but the total number of potential subnets decreases.

Specific IP address with /32 notation

A CIDR notation ending in /32 refers to a subnet with only a single IP address, because the prefix length of 32 means that all bits of the address are specified.

In the context of IPv4:

  • Yes: When we see a /32 in the context of routing tables, firewall rules, or whitelist/blacklist entries, it typically refers to a specific individual IP address. This could be a public IP address (one that's routable on the public Internet) or a private one (e.g.,, depending on the context. It's a way of singling out a specific IP address for some purpose.

  • No: Not every /32 is inherently public. A /32 could also denote a specific individual private IP address within a private network. The distinction between public and private addresses is based on the IP address ranges reserved for private networks, not the CIDR notation itself.

For example:

  • refers specifically to the public IP address (one of Google's DNS servers).

  • refers specifically to the private IP address in a private network.

In summary, /32 just means you're referring to a specific IP address, whether it's public or private depends on the IP address itself, not the CIDR notation.

Public and Private IP address types

IPv4 addresses are categorized into various classes, and some of these classes are reserved for private use. These reserved ranges, often referred to as "private IP address ranges," are not routable on the public internet. To determine if a given IPv4 address is public or private, you can check if it falls within one of these reserved ranges:

  1. Class A Private Addresses: to (i.e.,

  2. Class B Private Addresses: to (i.e.,

  3. Class C Private Addresses: to (i.e.,

Any IPv4 address that doesn't fall within these ranges can be considered a public IP address, unless it's reserved for special purposes (like the loopback address or multicast addresses which start with 224. to 239.). But, for most practical intents and purposes, checking against the private IP ranges above will help you determine if an IP is private or public.

Additionally, IPv6 has its own unique local addresses (akin to IPv4's private addresses), which start with fd00::/8 and are called "Unique Local Addresses (ULA)." There are also link-local addresses that start with fe80::/10. However, the vast majority of the IPv6 space is for globally routable addresses (similar to public IPs in the IPv4 context).

Bash script to determine if the IP address is private or public

Below is a Bash script that takes an IPv4 address as input from the user and determines whether it's private or public.


is_private() {
    local ip=$1
    local stat=1

    # Check if IP falls within private IP address ranges
    [[ $ip =~ ^10\. ]] && stat=0
    [[ $ip =~ ^192\.168\. ]] && stat=0
    [[ $ip =~ ^172\.([1][6-9]|2[0-9]|3[0-1])\. ]] && stat=0

    return $stat

# Main script execution starts here

read -p "Enter an IP address: " ip

# Validate IP format
if [[ ! $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    echo "Invalid IP address format."
    exit 1

if is_private $ip; then
    echo "$ip is a private IP address."
    echo "$ip is a public IP address."

Test cases:

# Test cases
test_ip "" "private"
test_ip "" "private"
test_ip "" "private"
test_ip "" "public"
test_ip "" "public"
test_ip "" "public"

Code is available at https://github.com/Brain2life/bash-cookbook


  1. What is CIDR?

  2. Understanding IP Addresses, Subnets, and CIDR Notation for Networking

  3. How To Determine My IP Address Is Public or Private