CIDR / Subnet Visualizer

A six-tab network workbench: subnet calculator, bit and treemap visualizer, equal split and VLSM planner, CIDR aggregator and range converter, list diff and longest-prefix lookup, and reverse-DNS zone generator. IPv4 and IPv6.

Single CIDR Calculator

Accepted forms: 192.168.1.0/24, 192.168.1.0 255.255.255.0, 192.168.1.0/255.255.255.0, 2001:db8::/32.
Your CIDR input is processed in server memory and discarded the moment the response leaves our server. Nothing is saved to disk, and nothing is logged.

Tips

Memorise the powers-of-two ladder

A /24 fits 256 addresses, a /25 fits 128, a /26 fits 64, and so on — each extra prefix bit halves the block size. Once you can recite the ladder up to /30, every other CIDR question becomes a quick subtraction. The bit visualizer on the second tab shows the same ladder in colour.

Private vs CGNAT vs documentation

10/8, 172.16/12, and 192.168/16 (RFC 1918) are safe for your LAN. 100.64/10 (RFC 6598) is reserved for ISP carrier-grade NAT — only use it if you really know that no carrier touches your traffic. 192.0.2/24, 198.51.100/24, and 203.0.113/24 (RFC 5737) are for documentation; routers drop them in real traffic. The RFC badges below the calculator flag every special-purpose block automatically.

Typical cloud and container CIDRs

AWS default VPC is 172.31.0.0/16, Docker bridge is 172.17.0.0/16, Kubernetes default pod CIDR is often 10.244.0.0/16. Check overlap with your office network before you import them — a silent /16 collision is hours of debugging.

IPv6 site / customer / subnet conventions

A /48 is a site, a /56 a residential customer, a /64 a single subnet — and you almost never go longer than /64 for end-user networks because SLAAC and several routing tricks expect a 64-bit host portion. Allocate /48s out of your /32, /56s out of each /48, and use the splitter tab to map it out before you commit.

Common Use Cases

☁️

Cloud VPC design

Use the VLSM planner to slice a /16 into public, private, and database subnets sized for the host counts you actually need. Catch overlap with on-prem ranges before Terraform plans them into production.

🛡️

Firewall and ACL auditing

Paste the old policy and the new policy into the Compare tab and you get A∩B, A∖B, and B∖A in three columns. Missing coverage and accidental over-broad rules become obvious at a glance.

Kubernetes network policy

Drop your pod, service, and node CIDRs into the Lookup tab and check which one contains a given external address. The longest-prefix match tells you exactly which NetworkPolicy rule applies.

🏠

Homelab and small-office planning

Split 192.168.0.0/16 into per-VLAN /24s, tag each with its RFC badge, and copy the result straight into your router configuration. The shared URL means you can hand the plan to a colleague without exporting anything.

↩️

Reverse DNS and PTR zones

Generate in-addr.arpa and ip6.arpa zone names for any prefix length. For sub-/24 IPv4 blocks the RFC 2317 tab outputs the CNAME chain template so classless delegation is one copy-paste away.

Frequently Asked Questions

Is everything processed in my browser?
The page itself runs in your browser, but the heavy arithmetic — large IPv6 prefixes and lists of thousands of CIDRs — happens on our server so the UI stays responsive even on low-power devices. Your input is kept in memory only for the request, never written to disk, and never logged.
Does it support IPv6?
Yes — every tab (calculator, visualizer, splitter, VLSM, aggregate, compare, reverse DNS) accepts IPv4 and IPv6 equally. Mixed-family lists are rejected so you can't accidentally aggregate a /24 with a /64.
How many CIDRs can I paste into the Aggregate or Compare tabs?
Up to 5,000 entries per list, separated by newlines or commas. That covers virtually every real ACL or routing table; larger sets should be processed in chunks.
When does the VLSM planner fail to allocate?
When the total host requirement exceeds the parent's capacity, or when fragmentation prevents fitting a particular requirement in the remaining free pool. Failed requirements come back individually flagged in the results table so you can adjust without rewriting the whole plan.
What does the RFC badge mean exactly?
Each CIDR is compared against the standard reserved ranges — RFC 1918 (private), RFC 6598 (carrier-grade NAT), RFC 5737 (documentation), RFC 3927 (link-local), the multicast and reserved blocks, the IPv6 ULA range fc00::/7, and the IPv6 link-local fe80::/10. Multiple badges can appear when a block overlaps several categories.
What goes into the shareable URL?
The active tab, the input CIDRs and lists, and the visualizer's zoom and selection. Nothing is sent to our server when you share the link — the recipient sees the same workspace because the URL itself carries the inputs.
🌐 IP Address Checker 🔍 Regex Tester / Editor 📋 JSON Formatter / Validator