Canonicalize CIDR: Difference between revisions

Line 12:

;Explanation:

An Internet Protocol version 4 address is a 32-bit value, conventionally represented as a number in base 256 using dotted-decimal notation, where each base-256 "digit" is ~~represented by the digit value~~ in decimal and the digits are separated by periods. Logically, this 32-bit value represents two components: the leftmost (most-significant) bits determine the "network" portion of the address, while the rightmost (least-significant) bits determine the "host" portion. Classless Internet Domain Routing block notation indicates where the boundary between these two components is for a given address by adding a slash followed by the number of bits in the network portion.

An Internet Protocol version 4 address is a 32-bit value, conventionally represented as a number in base 256 using dotted-decimal notation, where each base-256 digit is given in decimal and the digits are separated by periods. Logically, this 32-bit value represents two components: the leftmost (most-significant) bits determine the network portion of the address, while the rightmost (least-significant) bits determine the host portion. Classless Internet Domain Routing block notation indicates where the boundary between these two components is for a given address by adding a slash followed by the number of bits in the network portion.

In general, CIDR blocks stand in for the entire set of IP addresses sharing the same "network" component; it's common to see access control lists specify ~~a single~~ IP ~~address~~ using ~~CIDR with~~ /32 to indicate that only the one address is included. ~~Often,~~ ~~the tools using~~ this notation ~~expect~~ ~~the~~ ~~address~~ to be entered in canonical form, in which the "host" bits are all zeroes in ~~the~~ ~~binary~~ ~~representation.~~ ~~But~~ ~~careless~~ ~~network~~ ~~admins~~ ~~may~~ ~~provide~~ ~~CIDR~~ ~~blocks~~ ~~without~~ ~~canonicalizing~~ ~~them~~ ~~first.~~ ~~This~~ ~~task~~ ~~handles~~ the ~~canonicalization~~.

In general, CIDR blocks stand in for the entire set of IP addresses sharing the same network component, so it's common to see access control lists that specify individual IP addresses using /32 to indicate that only the one address is included. Software accepting this notation as input often expects it to be entered in canonical form, in which the host bits are all zeroes. But network admins sometimes skip this step and just enter the address of a specific host on the subnet with the network size, resulting in a non-canonical entry.

The example address, 87.70.141.1, ~~translates into 01010111010001101000110100000001 in~~ binary ~~notation zero-padded to 32 bits. The~~ /22 ~~means~~ ~~that~~ the ~~first~~ ~~22 of those bits determine~~ the ~~match;~~ ~~the final 10 bits should be 0~~. ~~But~~ ~~they~~ ~~instead~~ ~~include~~ ~~two 1~~ bits: ~~0100000001.~~ So to ~~canonicalize~~ the ~~address,~~ ~~change~~ ~~those~~ ~~1's~~ to ~~0's~~ to ~~yield~~ ~~01010111010001101000110000000000,~~ ~~which in dotted-decimal~~ is 87.70.140.0.

The example address, 87.70.141.1/22, represents binary 0101011101000110100011 / 0100000001, with the / indicating the network/host division. To canonicalize, clear all the bits to the right of the / and convert back to dotted decimal: 0101011101000110100011 / 0000000000 → 87.70.140.0.