IPv4 range expander

Cover an IP range with a minimal CIDR block

All computation runs locally in your browser

Last updated: February 8, 2026
Frank Zhao - Creator
CreatorFrank Zhao
 old valuenew value
Start address192.168.1.1192.168.0.0
End address192.168.6.255192.168.7.255
Addresses in range1,5352,048
CIDR192.168.0.0/21

Introduction / overview

The IPv4 Range Expander takes a start IPv4 address and an end IPv4 address, then expands them to the smallest single CIDR block that covers the entire interval. You’ll see how the “old” range compares to the “new” CIDR-aligned range.

Who is this for?

  • Network engineers converting an arbitrary IP interval into CIDR for firewall rules.
  • Developers sizing allowlists/denylists and checking the blast radius of a CIDR.
  • Anyone auditing ranges during a migration or incident response.

Practical takeaway: the expanded CIDR range often includes extra addresses. This tool makes that “extra” explicit so you can decide if a single CIDR is acceptable.

If you need subnet details (netmask, broadcast, usable range), pair this with our IPv4 subnet calculator.

How to use (quick start)

  1. Enter your Start address.
  2. Enter your End address.
  3. Read the table:
    • old value shows your original inputs and original range size.
    • new value shows the CIDR-aligned covering block and its size.
  4. If the end address is lower than the start address, the tool won’t calculate a result.

Worked example

Suppose you have:

  • Start: 192.168.1.2\texttt{192.168.1.2}
  • End: 192.168.255.255\texttt{192.168.255.255}

A single covering CIDR in this case becomes:

192.168.0.0/16\texttt{192.168.0.0}/16

The tool also compares how many addresses are in the original interval versus the expanded CIDR-aligned block. In general, range size is:

size=(endstart)+1\text{size} = (\text{end} - \text{start}) + 1

Real-world examples

Firewall allowlist

Input a vendor’s IP range, then see whether a single CIDR block is too permissive.

Example: 203.0.113.20\texttt{203.0.113.20} to 203.0.113.45\texttt{203.0.113.45}.

Data center migration

When consolidating address allocations, check if multiple small ranges can be represented as a single CIDR.

Then validate subnet details with the IPv4 subnet calculator.

Audit “extra” IPs

Expanded CIDRs include extra addresses. Compare sizes and decide if the blast radius is acceptable.

If the new size is much larger than the old size, consider using multiple CIDRs instead.

Scripting & config templates

Copy the CIDR into infrastructure-as-code or reverse proxy configuration.

Result shown as a.b.c.d/\texttt{a.b.c.d}/\ell (CIDR length $\ell$).

Common scenarios

Turn an IP interval into CIDR

Useful when a system only accepts CIDR notation, not start/end ranges.

Review firewall rule scope

Compare old size vs new size to see how permissive the CIDR becomes.

Document network allocations

Create a clean CIDR for docs and then validate details with the subnet calculator.

Check config drift

If a config says /16 but you expected a smaller interval, verify quickly.

Security incident triage

Estimate how many IPs a single CIDR could cover during containment.

Vendor IP list cleanup

When a vendor gives multiple IPs, see if a single CIDR is acceptable or too broad.

When this may not fit: if you need a tight representation, you often need multiple CIDR blocks. This tool intentionally outputs the smallest single covering block.

Tips & best practices

  • Always compare Addresses in range: if the new value is much larger, your CIDR is significantly broader.
  • If you’re building firewall rules, prefer the tightest set of CIDRs you can reasonably manage.
  • Validate the CIDR outputs (netmask, broadcast, etc.) using the IPv4 subnet calculator.
  • If an address looks “weird”, double-check for typos: a single octet mistake can dramatically change the CIDR.

Calculation method

The core idea is: write both IPs as 32-bit binary strings, find the first bit where they differ, and then build a CIDR prefix that keeps the common leading bits.

Steps

  1. Convert start and end IPv4 addresses into 32-bit integers.
  2. Convert each integer into a 32-bit binary string.
  3. Let $m$ be the index of the first differing bit. The CIDR length is $m$ (prefix length).
  4. New start: keep the first $m$ bits and set the remaining bits to $0$.
  5. New end: keep the first $m$ bits and set the remaining bits to $1$.

Range size uses:

size=(endstart)+1\text{size} = (\text{end} - \text{start}) + 1

Note: this produces the smallest single CIDR that covers the whole interval. It does not attempt to split the interval into multiple smaller CIDRs.

Related concepts

CIDR notation

CIDR represents a contiguous block of IP addresses as a.b.c.d/a.b.c.d/\ell, where $\ell$ is the prefix length (how many leading bits are fixed).

Why ranges expand

A CIDR block must align to powers of two. Arbitrary start/end boundaries typically don’t align, so the smallest single covering CIDR may include extra addresses on both sides.

Frequently Asked Questions

Why did my range become much larger?

Because CIDR blocks must have sizes of $2^n$ and must start on specific boundaries. If your start/end don’t align, the smallest single covering CIDR needs to expand to the nearest valid boundaries.

Does this tool return multiple CIDR blocks?

No — it returns the smallest single CIDR that covers the full interval.

What if end is lower than start?

Then the interval is invalid, and no covering block can be calculated. Swap the values or correct the inputs.

Is the result always the “best” representation?

It’s the smallest single CIDR. If you want the tightest representation, multiple CIDRs are often better.

Can I verify the subnet details?

Yes — paste the CIDR into the IPv4 subnet calculator.

Limitations / disclaimers / sources

This calculator is for educational and operational convenience. Always review firewall and routing changes carefully, especially when the expanded block includes extra addresses.

Further reading

Related Calculators

Chronometer

Use a simple chronometer (stopwatch) to track elapsed time down to milliseconds. Runs locally in your browser.

Try Now

Email normalizer

Normalize email addresses to a standard format for easier comparison. Useful for deduplication and data cleaning. Runs locally in your browser.

Try Now

ETA calculator

Estimate the time needed to consume a total amount at a constant rate, and get an expected end time. Runs locally in your browser.

Try Now

JWT parser

Parse and decode your JSON Web Token (JWT) and display its content. All computation runs locally in your browser.

Try Now

MIME types

Know which file extensions are associated to a MIME type, and which MIME type is associated to a file extension. Includes a full MIME types table.

Try Now

Lorem ipsum generator

Generate random Lorem Ipsum placeholder text with customizable paragraphs, sentences, and word counts. Runs locally in your browser.

Try Now