In addition to specifying subnet masks, CIDR can also be employed for IP or network summarization purposes. The “Total IP Addresses” column in CIDR Subnet Table indicates how many addresses are summarized by a given CIDR mask. For network summarization purposes, the “Number of /24 networks” column is useful. CIDR summarization can be used in several parts of the pfSense web interface, including firewall rules, NAT, virtual IPs, IPsec, and static routes.
IP addresses or networks that can be contained within a single CIDR mask are known as “CIDR summarizable”.
When designing a network, ensure all private IP subnets in use at a particular location are CIDR summarizable. For example, if three /24 subnets are required at one location, a /22 network subnetted into four /24 networks should be used. The following table shows the four /24 subnets used with the subnet 10.70.64.0/22.
|10.70.64.0/22 split into /24 networks|
This keeps routing more manageable for multi-site networks connected to another physical location via the use of a private WAN circuit or VPN. With CIDR summarizable subnets, one route destination covers all the networks at each location. Without it, there are several different destination networks per location.
The previous table was developed using a network calculator found at the subnetmask.info website.
The calculator converts from dotted decimal to CIDR mask, and vice versa, as shown in Figure Subnet Mask Converter. If the CIDR Subnet Table provided in this chapter is not available, this tool can be used to convert a CIDR prefix to dotted decimal notation. Enter a CIDR prefix or a dotted decimal mask and click the appropriate Calculate button to find the conversion.
Enter the dotted decimal mask into the Network/Node Calculator section along with one of the /24 networks. Click Calculate to populate the bottom boxes with the range covered by that particular /24 as demonstrated in Figure Network/Node Calculator. In this example, the network address is 10.70.64.0/22, and the usable /24 networks are 64 through 67. The term “Broadcast address” in this table refers the highest address within the range.
Finding a matching CIDR network¶
IPv4 Ranges in the format of x.x.x.x-y.y.y.y are supported in Aliases. For Network type aliases, an IPv4 range is automatically converted to the equivalent set of CIDR blocks. For Host type aliases, a range is converted to a list of IPv4 addresses. See Aliases for more information.
If an exact match isn’t necessary, numbers can be entered into the Network/Node Calculator to approximate the desired summarization.