CIDR vs Subnet Mask vs Netmask
CIDR notation, subnet masks, and netmasks are different ways to describe the same IPv4 network boundary.
Example:
| Format | Value |
|---|---|
| CIDR | 192.168.1.0/24 |
| Subnet mask | 255.255.255.0 |
| Netmask | 255.255.255.0 |
| Wildcard mask | 0.0.0.255 |
For most IPv4 subnetting work, “subnet mask” and “netmask” mean the same thing.
Use the CIDR Calculator to convert between CIDR, subnet mask, wildcard mask, and IP range details.
What CIDR Notation Means
CIDR notation combines:
- an IP address
- a slash prefix length
Example:
10.0.0.0/16
The /16 means the first 16 bits are the network portion. The remaining 16 bits are available for addresses inside the range.
CIDR notation is compact, which is why it is common in cloud networking, routing, firewalls, Kubernetes, and infrastructure-as-code.
What a Subnet Mask Means
A subnet mask shows the network portion as dotted decimal.
Example:
255.255.255.0
That mask is equivalent to /24.
The 255 octets mark network bits. The 0 octet leaves host bits available.
Common examples:
| CIDR | Subnet mask |
|---|---|
/16 | 255.255.0.0 |
/20 | 255.255.240.0 |
/24 | 255.255.255.0 |
/26 | 255.255.255.192 |
/28 | 255.255.255.240 |
What a Wildcard Mask Means
A wildcard mask is the inverse of a subnet mask.
Example:
| Subnet mask | Wildcard mask |
|---|---|
255.255.255.0 | 0.0.0.255 |
Wildcard masks are often seen in ACLs and routing configuration.
If the subnet mask says which bits must match, the wildcard mask says which bits may vary.
Which Format Should You Use?
Use CIDR notation when working with:
- Cloud subnets
- Kubernetes pod and service ranges
- Firewall objects
- Route tables
- Terraform and other infrastructure code
Use subnet masks when working with:
- Traditional network device configuration
- Legacy documentation
- Certification-style subnetting questions
Use wildcard masks when a platform explicitly asks for them, such as certain ACL formats.